Understand organisational IT requirements and operating procedures that support business functions.
CIA framework (confidentiality, integrity, availability).Types of information that should be protected (employee information, management information, organisational information).
Confidentiality authentication (multi-factor, two factor) no confidential information left out on desks not leaving confidential information visible on screens non-repudiation non-disclosure agreements (NDA) non-compete clauses safe storage of information: (locked rooms, password-protected drives, controlled access).
Integrity: encryption firewalls backups access control (permissions, geolocation, time-restricted logon, concurrent logons, device filtering) reporting (whistleblowing, escalation, information commissioner)
Availability: backups redundancy (Redundant Array of Independent Disks (RAID) devices, clustering, cloud) bandwidth planned downtime upgrades/patches.
Policies and procedures: Acceptable Use Policy, Password Policy, Security Policy, Disaster Recovery Policy, capacity planning and planned downtime, asset management, Service Level Agreements (SLA) IT Service Management (ITSM).
Standard Operating Procedures (SOP): step-by-step instructions to help employees carry out complex tasks to improve efficiency, to ensure uniformity, to reduce miscommunications, to ensure quality, to ensure compliance with standards/regulations.
Stages of a business continuity and disaster recovery plan: prioritisation of business restoration, preventative measures, test plan, planned maintenance, recovery strategies, IT systems, backup of data, transfer of services.
Assessment Criteria
-
3.1
Explain how the CIA framework can be used to protect data and information.
-
3.2
Summarise the policies and procedures required to support the use of different IT systems and platforms in organisations
-
3.3
Explain the stages of a business continuity and disaster recovery plan.