Data Security Policy Analysis

information security Policy AnalysisDylan Mc GrathThe causal agent for having a policyThe reason for having the policy is so that the workers at crown LEARNING Ltd know what to do when they argon assessing the psycheal info of the customers and how they go away use the entropy.A sketch explanation of the companys obligations under the lawThere is one main statute which the company has to obligate by it is called the selective information Protection Act 1998 which was excessively amended in 2003. It was created for when somebodyal details argon given to a company they cave in to keep the details and they cannot be given to anyone away of the company.Every person who has given their details to the company can invite a copy of their information that the company has. The company essential commit the person their details within 40 days.They can in addition motion their name removed from any marketing list.They could also make a complaint to the selective information commissioner if the company is not adhering to the Protection Acts rules.A person can claim compensation if they suffer when the company uses their data in a wrong way.Who is effected by how the company uses and stores data? The pack that are effected by this areTeachers and Staff who work for ACME LEARNING LtdManagementStudentsThe data that is stored ab turn up them isCr trim Card/ bank DetailsBirth DatesContact detailsNameAddress electronic mailGenderPPS NumbersSuppliers informationWhy the data is used by ACME LEARNING LtdFor advertising and marketing purposes.To crap a database of a persons information.For payroll and pension administrationTo make the names and addresses of people are correct.To stop fraud and money launderingFor record keepingWhat circumstantial Threats does AMCEs data have?Malware Malware is software that can harm a calculating machine and can slow down performance.Hacking Getting into a computing device authorized or unauthorized without wanting to cau se any damage.Weather Conditons and Fires data can lost by storms, earthquakes and floods. Fires can also be started by accident when the horde room is too hot. When these weather conditions and fires happen the server rooms can be completely recorded.Adware Software that can manage the users online activities so that the person can be targeted by advertisements.Disgruntled employeesSpywareAccidents theftHuman ErrorCopying data onto storage devices.TrojansRoles and Responsibilitiesselective information ascendanceACME LEARNING Ltd must appoint a information ascendancy who is there to deal with the data which is about their customers on a calculating machine and also in a filing cabinet.The data Controller must1 Obtain and process the information fairly.2 Keep it exclusively for what is it was indispensable for.3 Use it for and it should only be given out for a specified purpose.4 It must be kept gum elastic and secured.5 The information must be kept up to pick up and corr ect.6 Make sure the data is adequate, relevant and not excessive.7 It must not be kept for any longer than it is needed for.8 Give a copy of his/her personal data on their request.Every Employee that works for ACME LEARNING LTD has to be given genteelness on how to use and handle the data.Rules for1. Data storageData on tricky get downs cannot be deleted.The data has to be stored on the ne iirk drive where the I.T department can back it up when they need to.Data that is on paper has to be kept in a safe place.Data has to be defend by strong passwords.All data has to be stored on the server and data has to in a safe location.The Data Controller and only the people who need to access the data are allowed to look at it.Servers and computers that have data have to be protected by a firewall and security software.Data on CDs or DVDs has to be locked away.The servers have to have different land sites in case one site goes offline.Data should not be saved on laptops or another(prenom inal) mobile devices.There lead be two different databases for two staff and students information.The data cannot be stored locally have it in a place where it can be backed up each night.Data has to be backed up every night.The usb ports on all the machines have to be disabled.Every computer in the building has to be rebooted every night at a reliable time.There are two databases one for staff and the other for students information.Users have to logout of their computer to make the data stays safe.The person that looks at the data should be able to tick off the quantity of the data and the duplication.2. Data useWhen looking at data on a computer all employees must have their computer locked when they are away from their desk.Employees cannot make a duplicate of any data on a file.When data is being transferred electronically it has to be encrypted.3. Data accuracyACME Learning LTD must keep the data up to date and accurate.Data that is inaccurate should be updated to the corr ect data by someone that is allowed to edit the data.There are staff that are allowed to edit the data and other staff who are only allowed to read the data.4. Data access requestsThe Data Protection Act lets a person muster upon out if ACME LEARNING Ltd has any information that relates to them.The person has to either fill out a form or write a letter to the company asking for their information.The person has to include identification so that the company knows that they are giving the data to the recompense person.The person is empower toA copy of the data.A exposition of the use for which it is held.A description of those to whom the data may be shown to.The source of the data.The person may have to pay a fee to access their information which cannot exceed 6.35.The person has to be contacted within 40 days with their data or be told that the company does not have any data about them.5. Data DisposalACME LEARENING LTD will keep the data it has for employees for seven eld onl y if it is financial.ACME LEARENING will keep the students data for three years.If a student has ticked a box to say that they want ACME LEARENING LTD to keep their exam results then ACME LEARENING LTD has to keep the students exam results for a certain number of years.If data is on paper it has to be thrown into a waste bin.It must also be recycled.The paper can also be shredded so that the data on the paper will be destroyed.An incinerator can be used to burn the paper to destroy it so no one can recover any of the data on the sheets.Hard Drive DisposalAt the time the hard drives need replacing an employee must carry out the procedures that need to be done. The procedures are to overwrite a hard drive, get the hard drive destroyed by paying a company that deals with destroying hard drives the right way so that the data is safe from being seen by a person that wants to use it for gaining money.The hard drive can also be degaussed. This removes all the data from the hard drive. Dega ussing destroys the magnetic fields on the hard drive. It completely makes the hard drive in tiny pieces so that it cannot ever be used again.Overwriting the data using a political platform puts binary numbers onto the hard drive. It should be done at to the lowest degree three times to be successful.Tape Media DisposalThe data on the tapes can be overwritten. They can also be incinerated this method will completely destroy the tape. This method will pollute the air. The data on the tapes can be degaussed. The company can get someone to come in and do it to witness that the tape has been degaussed properly.