What actions can each person in an organisation take to minimise the risk of identity theft?
Individuals within an organisation can take several actions to minimise the risk of identity theft-
- Hard records or information on paper should be kept and stored in locked filing cabinets, and only authorised individuals should have access or other individuals without authorisation need to be supervised.
- All computer networks should be password protected, so no one can freely browse through someones computer. Information databases should have passwords and restricted access to only authorised personnel.
- Information that is no longer of any use to the organisation should be disposed of correctly, eg. shredded.
- They can avoid openly releasing personnal information.
Discuss and generate a list of concrete actions each student can take to control this risk at UB.
- Students can change their password regularly, as the universityalready makes us do every six months, maybe more often than this.
- Do not leave their computer unattended whilst logged in.
- Do not give personal information to anyone who they do not trust.
- Report the loss of ID card if lost.
How do you think the information security department at UB is structured? You do not need to know the correct answer to this, but based on your understanding of UB's size and types of information it needs to secure, what roles do you imagine exist here?
The University of Ballarat is not the biggest University around, but it would still have an information security structure similar to anywhere else.
The University's information security structure may include functions such as:
- A Cheif Security Officer: who would be at the top of the tree. This person would overlook the university's information security program. This person would also approve information security policies, develop security budgets, make recruiting, hiring and firing decisions or reccommendations. They would also be the spokesperson for the information security division and would have the required qualifications.
- A Security manager: who would run the day-to-day operation of the information security program.
-A information security adminisatrator
-Physical security: Most likely one main physical security officer who overlooks all the physical security and report to the cheif security officer. There would also be other personnel who go around computer rooms and areas to ensure computers are up to correct standard and ensure computers are safe and secure. There would be several security guards who may ensure everything is locked at closing time and ensure the overnight labs are constantly safe and secure, this may be outsourced to a security company.
- An Information security technician: Who configures security and hardware , this indivdual or individuals would be specialised and have needed qualifications.
- In all these functions there would be other personnal who work with each section to assist them in completing their job.
No comments:
Post a Comment