legal impact on ICT

Threats facing an organisation

Organisations have become dependent on their information. It has a high value (not least to their competitors), has been difficult to create and they would probably fail were it to be lost. The organisation needs to secure this information.

The threats

The organisation must protect itself, and therefore realise a policy to deal with the eventuality of any of the following:

• Errors
• Data entry errors
• Program errors
• Operator errors
• Hardware
• Power failure
• Storage failure
• System failure
• Data corruption
• Network failure
• Computer Crime
• Theft (hardware, software or data)
• Hacking
• Viruses
• Disasters
• Fire
• Flood
• Earthquake
• War and/or Terrorism

Risk Analysis

The above threats are real and action can be taken to lessen the impact of any to the organisation. However in the UK we seldom have earthquakes and so the 'risk' to an organisation is minimal and may not be worth great expense to make all their buildings and facilities quake proof. The risk should be weighed against the likelihood and the possible financial loss, legal consequences or damage to corporate image measured.

All risks should therefore be analysed for cause and effect and become part of the organisational policy.

Layers of Security

An organisation can protect itself by using some or all of the following:

• Building Security (guards, IDs, visitor passes)
• Terminal and PC use controls (locks, swipe cards, biometric identification)
• Authorisation Software (e.g. access levels)
• Communications Software (automatic call-back, encryption, handshaking)
• Operational Security (audit trails, virus checks, backup, firewalls)
• Personnel Screening (hiring policies, separation of duties, training)