Unit 48:IT Security Management

Unit 48:IT Security Management
Level 5:BTEC Higher National
Credit value:15
• Aim
The aim of this unit is to provide an understanding of IT security management to enable learners to manage organisational security.
• Unit

Understanding specific need in health and social care
This unit deals with the management of an organisation’s security. This involves controlling
access, regulating use, implementing contingency plans and devising security policies and
procedures. Breaches in security may be caused by human actions, accidental, malicious or negligent, or through incorrect installation, configuration or operation.
Physical security management involves regulating the access to the computers, network devices, databases etc by physical means such as securing buildings from unauthorised access, prevention of loss or damage due to weather, fire and water ingress. Consideration must also be given to alternative sources of supply of hardware, software, power, telecommunications and suitable buildings to allow the organisation to continue after a disaster has occurred (disaster recovery planning).
Human resource management is also an important topic as regards the management of security. It allows for the selection of roles and responsibilities and the associated documentation of organisational procedures based on current legislation and standards.
• Learning
successful completion of this unit a learner will:
1 Understand risks to IT security
2 Understand mechanisms to control organisational IT security
3 Be
able to manage organisational security.
1 Understand
to IT
Risks: types eg unauthorised use of a system without damage to data, unauthorised removal or copying of data or code from a system, damage to or destruction of physical system assets and environment, damage to or destruction of data or code inside or outside the system, naturally occurring risks
Organisational security: procedures eg data, network, systems, operational impact of security breaches, web systems, wireless systems
2 Understand mechanisms to

Unit 4 – Personal  and professional development in health and social care
organisational IT
Risk assessment: potential loss eg data, intellectual property, hardware and software; probability of occurrence eg disaster, theft; staff responsibilities
Data protection: government regulations eg Data Protection Act 1998, Computer Misuse Act ; company regulations: eg site or system access criteria for personnel; anti-virus software; firewalls, basic encryption techniques; operational continuity planning; back-up procedures
Physical security:
types eg biometrics, swipe cards, theft prevention
3 Be

Safeguarding in health and social care
able to manage organisational security
Organisational security: policies eg system access, access to internet email, access to internet browser, development/use of software, physical access and protection, 3rd party access, business continuity, responsibility; controlling security risk assessments and compliance with security procedures and standards eg ISO/IEC 17799:2005 Information Technology (Security Techniques – code of practice for information security management); informing colleagues of their security responsibilities and confirming their understanding at suitable intervals
Security: tools eg user logon profiles to limit user access to resources, online software to train and update staff, auditing tools to monitor resource access
Security audits: gathering and recording information on security; initiating suitable actions to deal with identified breaches of security (see also Human resource issues below); scheduling of security audits; defining requirements for security audits
Human resource issues: staff rights and responsibilities; coping with disaffected staff eg disciplinary procedures in the event of identified security breaches
outcomes and assessment criteria
On successful completion of this unit a learner will:
Understand risks to IT security
1.1 identify and evaluate types of security risks to
valuate organisational security procedures
Understand mechanisms to
control organisational IT security
discuss risk assessment procedures
2.2 evaluate data protection processes and regulations as applicable to an organisation
analyse physical security issues for an organisation
Be able to manage organisationalHND Assignment Help
3.1 design and implement a security policy for an organisation
3.2 evaluate the suitability of the tools used in an
organisational policy
3.3 discuss the human resource issues that have to be considered when carrying out security audits.
Links to National Occupational Standards, other BTEC units, other BTEC qualifications and other relevant units and qualifications
The learning outcomes associated with this unit are closely linked with:
Level 3
Level 4
Level 5
Unit 7: Organisational Systems Security
Unit 36: Internet Server
Unit 46: Network Security
Unit 47: IT Virtualisation
This unit has links to the Level 4 and Level 5 National Occupational Standards for IT and Telecoms Professionals, particularly the areas of competence of:
• Information Management • IT Security Management • Disaster Recovery.
IT security has become a subject in its own right and deserves serious consideration in any organisation that uses modern information systems. In order to effectively complete this unit the leaner must have access to many sources of information that will allow a natural progression of study from an initial understanding of the risks to organisational security, to an understanding of the mechanisms of control through to designing of policies and procedures.
Whilst this is mainly a managerial/administrative unit, not overly concerned with technical detail of particular computer systems, an understanding of them will be important, especially those that concern access to computer networks, web and wireless access and databases.
Alexander D et al – Information Security Management Principles (BCS, 2008) ISBN-13: 978-1902505909
Beekman G – Computer Confluence Complete: and Student CD (Prentice Hall, 2005) ISBN 1405835796
Tipton H – Information Security Management Handbook: v. 4 (Auerbach Pubs, 2010)
ISBN-10: 1439819025
www.acm.org – Association of Computing Machinery
www.bcs.org – British Computer Society
www.bsa.org.uk – Business Software Alliance
www.fast.org.uk – Federation Against Software Theft
www.ico.gov.uk – Information Commissioners Office
engagement and vocational contexts
Liaison with network (or internet) security experts from local or national organisations would enhance the delivery of this until. If the learner is employed, a contextual assessment based on
their working environment with the support of their supervisory management would be of
considerable value. Care must be taken to ensure any real work projects are not detrimental to
their employer or employment.

[recent_posts limit="12"]


Get Assignment help for this assignment at hndassignmenthelp@gmail.com