BCS Business Processes

Document Content and Description Below

BCS Business Processes What is ISO 27001? - ✔✔An information security standard that describes best practise for an ISMS. Organisations that demonstrate compliance with the ISO specification get ... certified. What is an ISMS? - ✔✔Information Security Management System - A system of processes, documents, technology and people that helps to manage, monitor, audit and improve your organisation's information security. It helps you manage all your security practices in one place, consistently and cost-effectively. What year is the Computer Misuse Act? - ✔✔1990 What 3 offences does the Computer Misuse Act cover? - ✔✔o Unauthorised access to computer material o Unauthorised access with the intent to commit offences o Unauthorised modification of computer material What does RIPA stand for? What year? - ✔✔Regulation of Investigatory Powers Act 2000 What does RIPA do? - ✔✔It governs the interception and use of electronic communications. What are the 2 main rules of RIPA? - ✔✔o Individuals/organisations need to disclose keys necessary, when required by the government, to decrypt encrypted communications whose content may be suspect or provide evidence of illegal activity o Internet Service Providers (ISPs) should bear the cost and assist law enforcement/government intelligence agencies, with interception of electronic communications What year is the Data Protection Act? - ✔✔1998 Put simply, what does the Data Protection Act do? - ✔✔Sets out rules for processing personal information which those who record and use personal information, need to follow How many data protection principles are there? What are they? - ✔✔8, Data must: + be kept secure; + be relevant; + be kept no longer than necessary; + be kept accurate and up-to-date; + be obtained and processed lawfully; + be processed within the data subject rights; + be obtained and specified for lawful purposes; + not be transferred to countries without adequate data protection laws. What exceptions are there to the DPA where data is not covered? - ✔✔o Data held for a national security reason o Personal data held for domestic purposes only at home o Doctors can keep information from patients if it is in their best interests o The Taxman or police don't have to disclose information, to prevent crime or fraud o A data controller can keep data for any length of time if it is for historical or research Who has the power to enforce the DPA? - ✔✔Information Commissioner What is a Data Controller and a Data Subject? - ✔✔Data Controller - Person that collects and keeps data about people Data Subject - Person who has data about them stored outside of their direct control What is GDPR? - ✔✔General Data Protection Act - Supersedes the UK Data Protection Act 1998 - It expands the rights of individuals to control how their personal information is collected and processed and makes organisations more accountable for data protection - Much more thorough than DPA as GDPR demands that you be able to demonstrate compliance with the data protection principles - Includes Biometric and Genetic Data - Will still apply to UK post brexit What are the key changes in GDPR? - ✔✔- Increased territorial scope - 4% of global annual turnover penalty - Stricter rules for obtaining consent - Right to erase data about themselves - Right to access data - Right to transmit data to another controller What is a DPO? - ✔✔Data Protection Officer - Ensures compliance with GDPR What is a SOP? - ✔✔Standard Operating Procedure - a procedure specific to your operation that describes the activities necessary to complete tasks in accordance with industry regulations, provincial laws or even just your own standards for running your business - Any document that is a "how to" falls into the category of procedures What is a DRP? - ✔✔Disaster Recovery Plan - A DRP is the plan to recover from an event - It Suggests the procedures, steps, and execution methods corresponding to simulated scenarios outlined in the BCP - Includes a hierarchical list of critical systems and often prioritizes services to restore How is a DRP different from a BCP? - ✔✔- A DRP is often included in a BCP. - The difference is that a DRP is the plan to recover from an event whereas a BCP is a plan to get prepared prior to the event What are the stages of the Waterfall Model? - ✔✔Requirements Design Development/Implementation Testing Deployment Maintenance What are the characteristics of the Waterfall Model? - ✔✔- First SDLC model to be used - Sequential model, go from one phase to the next - You cannot skip phases nor can you jump back - Easy to understand but doesn't work when you want to change things - Not good for complex products What are the characteristics of the Agile Model - ✔✔- Every project needs to be handled differently to best suit the project requirements. - Tasks are divided into time frames to deliver specific features for a release. - It takes an iterative approach where a working software build is delivered after each iteration. - The build increments with additional features after each iteration - Better at responding to change than the waterfall - Better communication and interaction with customers What is data anonymisation? - ✔✔Data anonymization is a type of information sanitization whose intent is privacy protection. It is the process of either encrypting or removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous All personal data should be kept confidential and is... - ✔✔+ about living people. + any data that could reasonably be put together with other information to divulge personal information. What is the Freedom of Information Act 2000? - ✔✔It provides public access to information held by public authorities. It does this in two ways + Public authorities are obligated to publish certain information about their activities + Members of the public are entitled to request information from public authorities. Data Protection Act - Rights - ✔✔+ To be supplied with the data held about us; + To change incorrect data; + To prevent data being used about us if it will cause distress + To stop data being used in attempts to sell us something; + To use the law to gain compensation. Data Protection Act - People - Who is the Information Commissioner? - ✔✔The person who has the power to enforce the Act. Data Protection Act - People - Who is the Data Controller? - ✔✔The person who collects and keeps data about people. Data Protection Act - People - Who is the Data Subject? - ✔✔The person who has data about them stored outside their direct control. What is Privacy Impact Assessment (PIA) ? - ✔✔A privacy risk mitigation tool that helps to identify projects' potential effects on individual privacy and compliance with data protection legislation, and to examine how detrimental effects might be overcome. An effective PIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation which might otherwise occur." What is Data Sovereignty? - ✔✔Data Sovereignty is the idea that data are subject to the laws and governance structures within the nation it is collected. What is Data Retention? - ✔✔Data retention, also called records retention, is the continued storage of an organization's data for compliance or business reasons. An organization may retain data for several different reasons. One reason is to comply with state and federal regulations. What is Data Confidentiality? - ✔✔Data Confidentiality refers to protecting information from being accessed by unauthorized parties. In other words, only the people who are authorized to do so can gain access to sensitive data What is Data Availability? - ✔✔Data Availability refers to the ability to ensure that required data is always accessible when and where needed within an organization's IT infrastructure, even when disruptions occur. What is a Standard? - ✔✔Something used as a measure, norm, or model in comparative evaluations. What is a Policy? - ✔✔A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a statement of intent, and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an organization. What are Processes? - ✔✔Series of actions or steps taken in order to achieve a particular end. What are Procedures? - ✔✔an established or official way of doing something // a series of actions conducted in a certain order or manner. What is a Strategy? - ✔✔a high level plan to achieve one or more goals under conditions of uncertainty. // a plan of action designed to achieve a long-term or overall aim What are Plans? - ✔✔Typically any diagram or list of steps with details of timing and resources, used to achieve an objective to do something. Who are the International Standards Organisation? - ✔✔Independent, non-government, international body Provide voluntary standards to improve business functions, support innovation and provide solutions to global challenges in business For businesses, the adoption of standards improve: the function of businesses and Provides a structured approach to business processes and procedures What is Business Continuity? - ✔✔The abil [Show More]

Last updated: 3 years ago

Preview 1 out of 9 pages