How often should employee passwords be changed and how should they be changed?
Every 10 days. Emails are sent to each employee.
Every 90 days. Before logging in a pop up could come up and employees must change their password before they can log in.
Everyday. Employees set a new password before the end of the day to be prepared for the next day.
Every month. Employees are told to see a member of IT so they can change their password for them.
Employees should change their password when they feel at risk that someone knows their password.
Employees should only change their password when they forget it by going to the IT staff so they can change it for them.
A huge news story breaks as it seems someone in your company has leaked some private and confidential information on Facebook? What would your company do about it?
They would warn the employee who did the information and would block all social media websites. If the employee does it again he would get fired.
They would instantly fire the employee and launch a investigation in how it happened by looking through audit logs. Policy's would looked through and possibly updated. Apologies to person who's information it was and satisfies them that all will be done to determine the cause of what happened.
They would tell the employee to delete the Facebook post immediately and to carry on with work.
Sack the employee and make him pay a huge fine.
Is it true or false that in the UK millions of records go missing every year?
If a disaster such as a power failure occurs in a business in the UK what would have to be done?
Inform everyone about the failure. Call engineers or the power company and inform them about it. They would ask when it would be fixed and would ensure it's done as quick as possible.
Send all employees home for the day and tell them to come in tomorrow, guessing it should be fixed by tomorrow.
How often should security procedures be updated?
When their has been a breach.
Whenever a company feels like doing it.
Whenever the old procedures feel old.
What is a policy?
A statement of agreed intent that clearly and unequivocally sets out an organisation’s views with respect to a particular matter.
Something made up by the organisation for workers to follow.
'A procedure is a clear step by step method for implementing an organisation’s policy or responsibility'.
Is this statement true or false?
Which one of the following would be a security measure? They may be more then one correct answer
All staff and students must wear ID badges and visitors must wear a Visitor badge.
Doors and Windows should ideally be locked after hours.
CCTV must be working and must be recording. Tapes must be kept for a month before disposal.
Should anti virus software be checked daily?
What are codes of conduct?
An agreement on rules of behavior for a group or organisation.
Rules set for people to follow at their own desire.
Random rules made up.
Nothing important for a company or a business.
Rules of behavior that employees and staff must follow.
Rules that outline what is expected from employee out of work hours.
How important are the Codes of Conduct?
Very important as the rules must by followed by employees in the office at all times.
Not that important as
What could happen to an employee that doesn't follow the Codes of Conduct?
They could get sacked.
They would get a warning.
Nothing would happen.
What do surveillance and monitoring policies do?
Policy on how the building should be monitored out of hours.
They're policies that are set up to monitor what employees do, rules for CCTV cameras in the building, Internet access as well as phone and fax. Goes through what can be done and can't be done at different times.
What would be a policy for CCTV cameras ?
Inform staff why you are using CCTV monitoring.
Inform them of the nature and extent of the monitoring.
Tell them that they have to be installed for safety.
True or False- Risk Management is about finding and identifying the risks and looking at what be done to reduce them.
What are the missing words from this paragraph explaining risk management?
Risk management is about __________ and ___________risks that occur.
Identifying and Managing
Monitoring and Clearing
Advising and Helping
If risks aren't managed what could happen?
The business would't get affected that much and the risk will slowly disperse itself
They could turn into huge problems and would be harder to deal with
If not dealt with, bigger risks could harm the business significantly
What is a budget setting?
A budget set to a business in which should be followed but doesn't have to.
The settings of the budget given to a business.
The annual budget (set amount of money) that is set to a business to spend in resources.
Is the following true or false? 'A budget is the amount of money given to a business to spend and is usually not that strict?'
What could happen if a business or a company doesn't feel that they have enough of a budget?
They could ask for more money
They won't be able to do anything about it, they would have to deal with it and keep to the strict budget and not overspend
They could overspend, but employees would have to pay what is spent above the budget
They could take matters into their own hand by protesting to the board or have a strike
Not spend any of the budget money at all in attempts the board gives more
Is it true or false that disaster recovery policies don't have to be set in the UK as many disasters occur?
Are codes of conducts made to help budget settings?
Yes they are
No they are not, codes of conducts are made for employees for how to work in the workplace
and says what is right and what isn't.
Why can't security procedures be kept the same for the entirety of the businesses running time?
Legal policies change every year, more policies are added and revised.
Security procedures can be kept the same.
It's a legal requirement.
Why is it important to allow risks within a business?
New risks can be found and by seeing how they work it would be easier to deal with.
By taking risks, new methods could be found
You should take no risks whatsoever.
What could happen to a business that doesn't have any CCTV cameras installed?
If they get robbed, their will be no evidence and it would be a lot harder to identify the thief
It's not a legal requirement so it would be their own fault if their business gets attacked.