Matakuliah
Tahun
Versi
:A0334/Pengendalian Lingkungan Online
: 2005
: 1/1
Pertemuan 17
Organisational Back Up
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Mahasiswa dapat menunjukkan
Organisational back up
2
Outline Materi
• Employee Confidentiality and A Culture of
Security
– Security Awareness and Employees
– Recruitment, Contracts and Policies
– Employment Contracts
– Conclusion
3
Employee Confidentiality and A Culture
of Security
• Along with the commercial advantages that the
increased use of e-commerce has had, there is
an ever-increasing number of security issues
that arise. Global interaction and
interconnectivity mean that customers are more
accessible to providers, but it also means that
the business is more vulnerable to everyone.
Failure to properly deal with information security
issues involves both regulatory risk (such as
data protection) and more general business risk.
4
• Although there are hundreds of security
products now available on the market,
there is one defence that outstrips the rest
in terms of both value for money and
effectiveness; namely, awareness. Linked
to this is the creation of a culture of
security and the need to bind staff to
contracts that protect the business’s trade
secrets and confidential information.
5
Security Awareness and Employees
• Managers and directors of businesses need to
be aware of the threats facing their
organisations and of the potentially devastating
effect that a security breach could have on them.
• One of the biggest threats to information security
that a company is faced with comes from its own
employees. In order to minimise this risk, a
culture of security should be promoted within
companies; this begins as early as the
recruitment process.
6
Recruitment, Contracts and Policies
• Even if the recruitment functions outsourced, it is
still the end-user’s business that is at risk, so it is
the end-user who must ensure that both the
method of recruitment and the contract
governing the outsourcing cover the issue of
security:
– Background checks should be carried out on all staff
and potential staff
– The employee should be made aware of his/her
obligations, both under the contract of employment,
and through office-wide policies
7
– A strong password must be used and
changed on a regular basis to keep the
network more secure
– If employees work from home, or remotely via
laptops, dual identification procedures should
be used
8
• If any of the company’s business is
conducted online, especially where money
transactions take place on the
Internet,information coming in from
external sources should be checked twice:
once as information is fed between the
external source and the website; and once
as it moves between the website and the
company network.
9
• As well as awareness of the threats facing the
company, management should ensure that there
are procedures, and accountable people
throughout the management structure, in place
to deal with a security breach should it happen.
• Early detection can save thousands of pounds
worth of damage to the network. As new viruses
are introduces every week, the virus software
that covers a company’s network should be
updated regularly.
10
• Having a back-up server can cut down the
downtime for web-based products, thus
minimising the loss of business and
customer confidence.
• Another way to safeguard customer
confidence is to ensure that publicity is
handled carefully.
11
Employment Contracts
• A carefully drafted employment contract
can help secure the following:
– The employee’s compliance with the relevant
security procedures and policies
– Compliance with the employer’s email and
Internet policies
– Protection of the business’s intangible assets:
copyright, databases,inventions, trade secrets
and confidential information (including
customer lists and technical information such
as computer source code)
12
Conclusion
• IT spending has increased as the
advantages of e-commerce have been
recognised by UK businesses; but the
spending on IT security is still worryingly
low.
13
The End
14