Office management
Download as PPTX, PDF4 likes10,611 views
The document discusses the importance of security data protection, emphasizing the need to safeguard databases from unauthorized access and harmful actions. It highlights several data breaches affecting prominent entities and outlines the legal obligations for handling data, such as maintaining accuracy and security. Additionally, it provides a framework for conducting security audits to assess an organization's data protection measures.
Office management
- 2. Security Data protection means protecting a database from destructive forces and the unwanted actions of unauthorized users. Security Audit is a systematic, measurable, technical assessment of how the organization's security policy is employed at a specific site.
- 3. • Protecting Data? • Protecting People Prevent harm to the individuals whose data the organizations hold and also the other people. Keep information in the right hands. Hold good quality data.
- 4. Huge amounts of data about people can be stored on office computers and can be easily searched. This data can be lost, stolen or transferred to another country easily. Careless or inaccurate processing of data can lead to the other people seeing the data.
- 5. SONY: 77 million PlayStation Network accounts hacked; Sony is said to have lost millions while the site was down for a month. Card System Solutions: 40 million credit card accounts exposed. CSS, one of the top payment processors for Visa, MasterCard, American Express is ultimately forced into acquisition. Monster.com: Confidential information of 1.3 million job seekers stolen and used in a phishing scam.
- 6. Data must be collected and processed fairly. Data must be collected and used only for specified and lawful purpose. Data must be adequate, relevant and not excessive. Data must be kept accurate and up to date. Data must not be kept longer than necessary. Data must be kept secure against unauthorised processing, damage or loss. Data must not be transferred outside the organization unless protection is adequate.
- 7. To adequately determine whether or not the client’s goal is being achieved, the auditor should perform the following before conducting the review: Meet with IT management to determine possible areas of concern. Review the current IT organization chart. Review job descriptions of data center employees. Research all operating system, software application and data center equipment operating within the data center. Review the company’s IT policies and procedures. Evaluate the company’s IT budget and systems planning documentation. Review the data center’s disaster recovery plan.
- 8. Following is a list of objectives the auditor should review after planning and preparation: Personnel procedures and responsibilities including systems and cross-functional training. Change Management processes in place followed by IT and management personnel. Appropriate back up procedures in place to minimize downtime and prevent loss of important data. Ensure that the data center has adequate physical security controls to prevent unauthorized access to the data center. Adequate environmental controls in place to ensure equipment is protected from fire and flooding.
- 9. Firewalls Proxy Servers Encryption Logical Security Access Controls Anti Virus Software Auditing Systems such as Log Management.