NowtAdminCase Studiesmodule1Module2Module3Module4Module5Module6Glossary

  
nowtOrganisational StructureLife Cycle of MISCorperate StrategyInformation Data and KnowledgeManagement of ChangeLegal IssuesTrainingProject ManagementInformation and the Professionalnowt
endlegal AspectsAudit RequirementsDisaster RecoveryControlling the SystemRisk AnalysisLegislationH&SQuestions 1Questions 2end
 

4.6 Legal aspects

The module is split into a number of sections This is one of the densest parts of the syllabus additional items of research are provided to give background information from other sources such as books and related Internet sites. It is worth pointing out that a high proportion of questions in the exam papers come from this section.

Syllabus Content:

4.6 Legal aspects

  • Understand the need for a corporate information technology security policy and its role within an organisation. Factors could include prevention of misuse, detection, investigation, procedures, staff responsibilities, disciplinary procedures.
  • Describe the content of a corporate information technology security policy.
  • Describe methods of improving awareness of security policy within an organisation. cross referencing to training and standards.

4.6.1 Audit requirements

  • Understand that many information technology applications are subject to audit.
  • Understand the impact of audit on data and information control
  • Describe the need for audit and the role of audit management/software tools software.
  • Understand the function of audit trails and describe applications of their use; eg ordering systems, student tracking, police vehicle enquiries.

4.6.2 Disaster recovery management

  • Describe the various potential threats to information systems. Factors could include; physical security, document security, personnel security, hardware security, communications security, software security.
  • Understand the concept of risk analysis.
  • Understand the commercial need to ensure that an information system is protected from threat.
  • Describe a range of contingency plans to recover from disasters and relate these to identified threats.
  • Describe the criteria used to select a contingency plan appropriate to the scale of an organisation and installation.

4.6.3 Legislation

  • Understand that the implementation of legislation will impact on the procedures within an organisation.
  • Describe the methods of enforcing and controlling data protection legislation within an organisation.
  • Describe the methods of enforcing and controlling software misuse legislation within an organisation.
  • Describe the methods of enforcing and controlling health and safety legislation within an organisation.
  • Discuss the implications of the various types of legislation

Module Content:

  1. Legal Aspects
  2. Audit Requirements
  3. Disaster Recovery Management
  4. Controlling the system
  5. Risk Analysis and Contingency Planning
  6. Legislation
  7. Health And Safety
  8. Questions 1
  9. Questions 2

Additional Information:

A Level ICT 2nd Edition P. M. Heathcote Chpt 45, 46, 47
   

© LEV