Data Security Policy Analysis

entropy Security Policy AnalysisDylan Mc GrathThe power for having a policyThe reason for having the policy is so that the workers at tallness LEARNING Ltd know what to do when they are assessing the mortalal selective information of the customers and how they will engage the info.A Brief explanation of the companys obligations under the lawThere is wiz main legislation which the company has to obligate by it is c completelyed the Data Protection snatch 1998 which was also amended in 2003. It was created for when personal details are given to a company they engage to keep the details and they squirtnot be given to anyone extraneous of the company. two person who has given their details to the company whoremaster request a copy of their information that the company has. The company must send the person their details within 40 days.They washbasin also have their name removed from any marketing list.They could also make a complaint to the entropy commissioner if the co mpany is not adhering to the Protection Acts rules.A person can claim compensation if they suffer when the company uses their data in a wrong way.Who is naturalized by how the company uses and stores data? The population that are effected by this areTeachers and Staff who work for ACME LEARNING LtdManagementStudentsThe Data that is stored near them isCredit Card/ Bank DetailsBirth DatesContact detailsNameAddressEmailGenderPPS NumbersSuppliers informationWhy the data is used by ACME LEARNING LtdFor advertising and marketing purposes.To have a database of a persons information.For payroll and pension administrationTo make the names and addresses of people are correct.To stop fraud and money launderingFor record keepingWhat Specific Threats does AMCEs data have?Malware Malware is software that can harm a reckoner and can slow down performance.Hacking Getting into a computer authorized or unauthorized without wanting to cause any damage.Weather Conditons and Fires data can lost by s torms, earthquakes and floods. Fires can also be started by accident when the server room is too hot. When these weather conditions and fires happen the server rooms can be completely destroyed.Adware Software that can monitor the users online activities so that the person can be targeted by advertisements.Disgruntled employeesSpywareAccidentsTheftHuman Errorcopy data onto storage devices.TrojansRoles and ResponsibilitiesData ControllerACME LEARNING Ltd must appoint a Data Controller who is there to deal with the data which is rough their customers on a computer and also in a filing cabinet.The Data Controller must1 Obtain and process the information fairly.2 Keep it only for what is it was needed for.3 Use it for and it should only be given out for a specified purpose.4 It must be unploughed uninjured and secured.5 The information must be unbroken up to date and correct.6 Make sure the data is adequate, relevant and not excessive.7 It must not be kept for any longer than it is needed for.8 Give a copy of his/her personal data on their request.Every Employee that works for ACME LEARNING LTD has to be given training on how to use and handle the data.Rules for1. Data storageData on hard drives cannot be deleted.The data has to be stored on the network drive where the I.T department can back it up when they need to.Data that is on paper has to be kept in a safe place.Data has to be protected by strong passwords.All data has to be stored on the server and data has to in a safe location.The Data Controller and only the people who need to access the data are allowed to look at it.Servers and computers that have data have to be protected by a firewall and security software.Data on CDs or DVDs has to be locked away.The servers have to have different sites in case one site goes offline.Data should not be saved on laptops or other mobile devices.There will be two different databases for both staff and students information.The data cannot be stored locally have it in a place where it can be backed up every night.Data has to be backed up every night.The usb ports on all the machines have to be disabled.Every computer in the building has to be rebooted every night at a certain time.There are two databases one for staff and the other for students information.Users have to logout of their computer to make the data stays safe.The person that looks at the data should be able to see the quantity of the data and the duplication.2. Data useWhen looking at data on a computer all employees must have their computer locked when they are away from their desk.Employees cannot make a duplicate of any data on a file.When data is being transferred electronically it has to be encrypted.3. Data accuracyACME Learning LTD must keep the data up to date and accurate.Data that is inaccurate should be updated to the correct data by someone that is allowed to edit the data.There are staff that are allowed to edit the data and other staff who are only allowed to read the data.4. Data access requestsThe Data Protection Act lets a person find out if ACME LEARNING Ltd has any information that relates to them.The person has to either train out a form or write a letter to the company asking for their information.The person has to include identification so that the company knows that they are giving the data to the right person.The person is entitled toA copy of the data.A description of the use for which it is held.A description of those to whom the data may be shown to.The source of the data.The person may have to pay a fee to access their information which cannot exceed 6.35.The person has to be contacted within 40 days with their data or be told that the company does not have any data about them.5. Data DisposalACME LEARENING LTD will keep the data it has for employees for seven years only if it is financial.ACME LEARENING will keep the students data for three years.If a student has ticked a box to say that they want ACME LEARENING LTD to keep their exam results then ACME LEARENING LTD has to keep the students exam results for a certain number of years.If data is on paper it has to be thrown into a waste bin.It must also be recycled.The paper can also be shredded so that the data on the paper will be destroyed.An incinerator can be used to burn the paper to destroy it so no one can recover any of the data on the sheets. ticklish Drive DisposalAt the time the hard drives need replacing an employee must carry out the procedures that need to be done. The procedures are to overwrite a hard drive, get the hard drive destroyed by paying a company that deals with destroying hard drives the right way so that the data is safe from being seen by a person that wants to use it for gaining money.The hard drive can also be degaussed. This removes all the data from the hard drive. Degaussing destroys the magnetized fields on the hard drive. It completely makes the hard drive in tiny pieces so that it cannot ever be used again.Overwriting the data using a program puts binary numbers onto the hard drive. It should be done at least three times to be successful.Tape Media DisposalThe data on the tapes can be overwritten. They can also be incinerated this method will completely destroy the tape. This method will pollute the air. The data on the tapes can be degaussed. The company can get someone to come in and do it to witness that the tape has been degaussed properly.