Thursday, March 29, 2007

Corporate IT security policy

A corporate IT security policy aims to:

  • Prevent misuse
  • Detect misuse through regular checking
  • Investigate misuse through the use of monitoring software and audit trails
  • Prevent unauthorised access
  • Establish procedures for keeping data, for example, backup up data and maintaining passwords to limit access to files
  • Lay down disciplinary procedures for breaches of security

Data is vital to organisations and companies. Any loss, theft or accidental disclosure could have catastrophic results. For example, a greenhouse salesman travelling around the country selling greenhouses would not want his list of customers or sales figures to be lost. The data would contain information about identifiable people and therefore contravene the DPA. Also, rival companies could steal his customers!

The Corporate IT security policy aims to:

  • Make employees aware of their responsabilities with regards to data security
  • Define an audit trail to record transactions
  • To define how a company should comply with the current IT legislation

Posted by at 3 comments:

Wednesday, March 21, 2007

Legal Aspects

Chapter 8 (old book)

Adequate security is crutial to the success of an organisation. But threats can come from outside and from within. Remember Wibble that went mad and wanted to destroy all our databases using a virus? It happens a lot.

Check out the links:


An organisation needs to have a corporate IT security policy. Its aim would be:

  • to prevent misuse from occurring
  • to enable any misuse that did occur to be detected and investigated
  • to lay down procedures that should prevent misuse
  • to establish disciplinary procedures to be used when an employee has been found committing an act of misuse.

An organisation has a responsability to ensure that all its employees are aware of laws relating to IT and their responsabilities under these laws, in particular:

  • Data Protection Acts 1984 and 1998
  • Computer Misuse Act 1990
  • Copyright Designs and Patent Act 1988
  • Health and Safety at Work Act 1974
  • EU Health and Safety Directive 87/391

Posted by at 1 comment:

Monday, March 19, 2007

Ethical Issues in IT

Ethics is about making the morally correct decision.

An unethical decision is not necessarily illegal. But in business, people justify unethical decisions by saying it is a 'dog-eat-dog' world.

A second-hand car salesman with a ropey old banger might make the decision to tell a nieve young lady interested in it:


He made the decision to tell an un-truth in order to sell the banger. Not illegal, but unethical.


Unethical parts of Tom's day:

  • Choice of password - easy to guess
  • Reading personal email (for a long time!)
  • Downloading photos
  • Opening SPAM emails from unknown source - opening company network to attack
  • Fails to log off - computer vulnerable to use by unathorised users
  • Installing a game on company computers
  • Disclosing password
  • Downloading and storing pornographic images

Some of Tom's activities are illegal, others simply show poor conduct which are unethical when a company is paying Tom to work.

In order to be a doctor, you must sign the 'Hypocratic oath' which states that thay must not divulge personal information. If they do, they will be struck off.

IT professionals can join the British Computer Society (BCS).

Being a member of the BCS means that employers know that you will follow the code of practice.

Contractor UK is the professional body for IT contractors - not that they managed to stop IR35!

Employers may write 'codes of conduct' for their employees. This will outline:

  • Responsabilities
  • Authorisation
  • Security
  • Penalties
Posted by at 2 comments:

Tuesday, March 13, 2007

Rules to project success

  • Good project management (using Gannt, project plans etc.)
  • Appropriate and reasonable timescales
  • Realistic client objectives
  • Adherence to coding and design standards
  • High priority given to thorough testing
  • Use experienced/qualified team members (often more expensive)
  • Thorough analysis and feasibility studies
  • High levels of professionalism
  • Appropriate, well managed roll-out procedure
  • Involve end-users throughout process
Posted by at No comments:

Thursday, March 08, 2007

Project Managers problems



Projects are taken on and sub-divided into subtasks:
  • analysing user requirements


  • designing and prototyping


  • writing and testing


  • acceptance testnig


  • installing and testing




Each phase requires their own specific skills and matched to specific team members.

  • Team leaders


  • Developers


  • System analysts


  • Consultants


  • Testing and Q&A

A project manager has to consider the following problems:
  • Costing


  • Team members and skills


  • Planning and timescales


  • Monitoring and feedback



Posted by at 6 comments:

Monday, March 05, 2007

Organisational Structure - Managing Change

  • Understand that the introduction of an information system will result in change – this must be managed.
  • Eg.
    BT restructuring
    Supermarkets from 1970’s and nowadays

    Factors to consider when planning for change:
  • Re-skilling employees
    This may mean an employee doing more tasks than they did previously, and having to use ICT
    A receptionist to a middle manager lucky enough to save his/her job in a reshuffle may find that they become a personal assistant to many managers requiring, significant ICT skills such as Outlook and email

  • Attitudes of employees
    Change causes fear and resistance
    Fear they can’t do it
    Fear they are going to be phased out of a job as their job becomes more menial (eg. car workers being replaced by robots with operators)
    Centralised information means other departments can access information without needing to contact other departments directly
    Job regarding can restrict an employees ambitions
    Job satisfaction can be reduced and therefore their motivation
    Information systems often reduce the need for social interaction

  • Organisational structure
    Better information across an organisation reduces the need for middle management and therefore flattens the structure
    An MIS makes it easy for strategic management to monitor operations more efficiently and effectively, resulting in better planning and spotting problems sooner
    Many decisions will be made automatically further reducing need for layers of staff (eg. automatic stock re-ordering)

  • Employment pattern and conditions
    Many jobs may be lost through redundancy (eg. robots at car plant)
    Times of employment may change to shifts to maintain 24 hour working
    Teleworking may mean more people working from home

  • Internal procedures
    The way things are done will change
Posted by at 2 comments:
Subscribe to: Posts (Atom)