BTEC Level 3 IT: Organisational Systems, Policies, and Laws Report

Verified

Added on 2022/12/02

AI Summary

This report analyzes IT policies and laws within an organizational context, specifically focusing on Aylesbury College. It explores the importance of information security policies, guidelines, and their role in managing IT security issues and threats. The report delves into the significance of employment contracts in ensuring system security and outlines key guidelines such as background checks, employment agreements, and job description monitoring. Furthermore, it examines relevant laws, including the Computer Misuse Act, Freedom of Information Act, Copyright, Designs and Patents Act, Data Protection Act, GDPR, and Consumer Privacy Act, emphasizing their impact on data privacy and security. The report also evaluates the effectiveness of IT policies, contracts, and laws based on speed, size, cost, effectiveness, and fairness. The evaluation framework considers stakeholder needs and requirements, providing critical judgments to enhance data privacy and security within the organization.

Running head: IT POLICIES AND LAWS
IT Policies and Laws
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
IT POLICIES AND LAWS
Table of Contents
Section 1: Policies and Guidelines for Managing IT Security Issues........................................2
Section 2: Employment Contracts..............................................................................................3
Section 3: Laws..........................................................................................................................4
Section 4: Evaluation.................................................................................................................7
References..................................................................................................................................9

2
IT POLICIES AND LAWS
Section 1: Policies and Guidelines for Managing IT Security Issues
There are few policies and guidelines that are extremely effective for managing the IT
security issues and threats. The primary information security policy is being issued by the
organization for ensuring that each and every employee, who is using assets of information
technology in the organizational breadth and networks for the core purpose of complying
with the stated guidelines and rules (Safa, Von Solms and Furnell 2016). This type of security
policy is required to be secured for one system, entity or organization. In any organization, it
eventually addresses the several constraints on the behaviours of members and constraints
imposed on adversaries by certain mechanisms. The security policies and guidelines are
responsible for addressing the major constraints on functionalities and flowing amongst them,
constraint on access by few external systems or adversaries with data access and programs.
The IT security issues can be easily and promptly managed or controlled with proper
involvement of security policies and hence enhancing the chance of data security and privacy
to a higher level. It is extremely important to be secured and thus proper security policies and
guidelines are present in a company to ensure that the business is gaining high data security
after following all types of regulations and security controls (Biscop 2016). The standards are
being set as well as operations are outlined in a better manner. Moreover, the organizational
policies and processes are extremely important for handling the several security issues and
complexities. The passive policies do not account for the major results and reasons of
exceptions after successful creation of a subsequent disconnect within organizational
practices and principles.
For example, Aylesbury College has been using some of the major and the most
significant policies and guidelines for exposure to age inappropriate materials, securing of

3
IT POLICIES AND LAWS
communication technologies, exposure to socially unacceptable material, spyware and illegal
material.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
IT POLICIES AND LAWS
Section 2: Employment Contracts
The UK employment contract refers to the agreements that are being made for
ensuring that all employees are working effectively and without much issue. Each and every
employee is being entitled to a distinctive contract of employment, which forms the basis of
employment relationship (Coates 2013). According to Employment Rights Act 1996, the
employers should provide contracts to the employees after mentioning date of employment
began, address of the employer, and place of work, job description and job title. This type of
contracts is extremely effective for ensuring secured systems. There are several important and
significant statutory rights that are being derived from the regulations and parliamentary acts,
which affect the relationship of employment.
Aylesbury College should enhance their system security within the organization after
involving an employment contract and ensuring that all employees are following their
distinctive roles and responsibilities for data security (Siponen, Mahmood and Pahnila 2014).
Although, the first and the foremost concern of management is the employment policies and
employees, the informations security management should also be considered in this case.
There are threats to the information assets from internal users and hence the management of
Aylesbury College should include some of the core employment policies and contracts,
which could be extremely effective and efficient for protection of information security assets.
The most common and significant guidelines that could be used by Aylesbury College
for enhancing their secured systems are as follows:
i) Background Checking and Security Clearances.
ii) Employment Agreements as well as Hiring and Termination Practices.
iii) Setting and Monitoring of the Job Descriptions related to IT security.

5
IT POLICIES AND LAWS
iv) Enforcement of Job Rotation (Crossler et al. 2013).

6
IT POLICIES AND LAWS
Section 3: Laws
Data privacy and security can be referred to as the major aspect of information
technology or IT, which is solely responsible for dealing with the core capability that an
individual or organization comprises for determination of which data within a computerized
system could be easily and promptly shared with the third parties (Peltier 2013). The
legislation of the United Kingdom majorly concerns about data privacy that refers to every
law and compliance regulation. The major challenge of data privacy is to utilize the
confidential data during protection of the privacy preferences of an individual as well as the
personally identifiable information.
For example, when anyone enters into some other person’s zone of inaccessibility, the
first person should feel secured after trusting the security provider (Rhodes-Ousley 2013).
Violation of privacy constitutes a major risk and hence there is a significant threat to data
security. European laws provide subsequent resolutions when ethics can provide a context to
law. Privacy breaches eventually disturb trust and then run the risk of losing or diluting
security. This is considered as a show of disrespect to the law as well as violation of ethical
principles.
The major ethical issues that are common for data privacy are as follows:
i) Unauthorized Access to Private Data: The private data should not be accessed in
an unauthorized manner and by involving any type of unauthorized means.
ii) Inappropriate Data Utilization: This is the second ethical issue of data privacy.
The data should not utilized in an inappropriate manner and hence it is termed as unethical
(Ifinedo 2014).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
IT POLICIES AND LAWS
iii) Illegal Right to Access Data: The right to data access should not be illegal and
without consent or permission, these data should not be accessed under any circumstance.
iv) Lack of Accuracy and Completeness of Data Collection: This lack of accuracy
and completeness of data collection is the next significant ethical issue and this type of data
collection can be termed as extremely unethical in respect to other means of data collection.
The laws that are to be considered for ensuring data privacy and security are as
follows:
i) Computer Misuse Act: This particular act is designed for protecting the computer
users against any type of wilful attack as well as information theft. The offences under the act
majorly includes hacking, any type of unauthenticated access to computer system and also
purposely spreading damaging or malicious software like virus (Disterer 2013). This
unauthorized access for modification of computers like altering data and software, interfering
with normalized system operation to detriment and changing of passwords for prevention of
system access. The computer misuse act also attempts to identify the criminals, who try to
access computers without taking permission.
ii) Freedom of Information Act: According to this particular act, any person
comprises of the right to request access to any type of information or federal agency record
except to the extent these records are being protected from the disclosure by any of the nine
exemptions.
iii) Copyright, Designs and Patents Act: As per this particular law, it provides the
creators of artistic, musical, dramatic and literary works, the significant rights to control
several methods, where materials could be utilized (Soomro, Shah and Ahmed 2016). The
public performances, adapting, copying, lending and renting of copies to the public.
Copyright mainly arises when any organization or individual is creating a work and then

8
IT POLICIES AND LAWS
applying to the work, if this is eventually regarded as real after exhibiting proper judgment,
skill and labour.
iv) Data Protection Act: The next important and significant act that is to be
considered for data privacy is data protection act. This particular act is being designed for
protecting personal data that is being stored on the computers or even within an organized
system. The proper protection, processing as well as movement of data is easily and promptly
accessed and tracked without much complexity.
v) General Data Protection Regulation: GDPR or general data protection regulation
is a legal framework, which sets several guidelines for proper collection as well as processing
of personal information of individuals within the European Union or EU (Heller 2013). This
particular act is responsible for securing data after consideration of few important and
significant rules and regulations.
vi) Consumer Privacy Act: According to consumer privacy act, the legal and political
issues that arise from interactions of public’s expectation of privacy with subsequent
collection as well as dissemination of data by organizations and businesses (AlHogail 2015).
It enhances privacy rights or protection for the members of this particular organization.

9
IT POLICIES AND LAWS
Section 4: Evaluation
The effectiveness of the policies of Aylesbury College can be evaluated after
checking the knowledge and experience of laws, contracts as well as policies. This type of
evaluation applies evaluation methods and principles that are required for examining the
content, impact as well as implementation of policy (Hänsch and Benenson 2014). This
evaluation is the core activity by which the utility, merit and worth of any policy is being
analysed.
A framework is present that is extremely useful for this type of evaluation and it
ensures that each and every factor is being undertaken while evaluation. The approaches
should be accurate and proper and every stakeholder need or requirement should be analysed
effectively.
The major laws and contracts that are required to be considered for this type of
evaluation are termed as the most significant requirements of the organization. Moreover, it
even refers to a subsequent analysis of type and number of stakeholders included in the
business (Flowerday and Tuyikeze 2016). There are some of the major factors that could be
undertaken while understanding or completion of the evaluation in an effective or efficient
manner and hence critical judgments can be made on the basis of these few factors.
A proper evaluation on the basis of these factors are as follows:
i) Speed: The major policies, contracts and laws can be analysed on the basis of
speed. The main reason for this is that the speed of employment contracts and data privacy
acts is extremely high and it helps to identify the major issues and complexities on a high
level. It even impacts on the several organizations and thus European Union can use this
particular law for governing the utilization of biometric access controls within workplace.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
IT POLICIES AND LAWS
ii) Size: The size of the major policies, contracts and laws is also required to be
analysed (Coates 2013). Any form of information like private, personal as well as sensitive is
secured with such policies and hence is termed as one of the major and the most significant
type of requirement in any organization. Data security, system security and even information
security can be utilized for software, hardware and also human resources for addressing this
specific issue. There are few ethical issues that are required to be eradicated after ensuring
data privacy and security. The privacy, trust and security are intertwined and hence privacy
preservation as well as security provisions solely rely on trust. Thus, size of the policy should
be bigger in comparison to others.
iii) Cost: The cost of the policies or contracts should also be reasonable so that
Aylesbury College is able to maintain their policies in an effective manner. Moreover, this
cost should not exceed the budget under any circumstance.
iv) Effectiveness: The effectiveness of policies or contracts are quite high and it helps
in data privacy and security. Data privacy is the significant relationship within the
dissemination and collection of technology, data, public privacy expectation and legal as well
as political issues surrounding them (Safa, Von Solms and Furnell 2016). This is even termed
as the data privacy and data protection.
v) Fairness: The fairness of contracts, policies and laws is extremely high and hence
it ensures that no organizational member is biased under any circumstance and thus ensuring
that the organization of Aylesbury College is maintaining their policies in an effective and
efficient manner.

11
IT POLICIES AND LAWS
References
AlHogail, A., 2015. Design and validation of information security culture
framework. Computers in Human Behavior, 49, pp.567-575.
Biscop, S., 2016. The European security strategy: a global agenda for positive power.
Routledge.
Coates, J., 2013. Build it back better: Deconstructing food security for improved
measurement and action. Global Food Security, 2(3), pp.188-194.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security management.
Flowerday, S.V. and Tuyikeze, T., 2016. Information security policy development and
implementation: The what, how and who. computers & security, 61, pp.169-183.
Hänsch, N. and Benenson, Z., 2014, September. Specifying IT security awareness. In 2014
25th International Workshop on Database and Expert Systems Applications (pp. 326-330).
IEEE.
Heller, M.A., 2013. Continuity and change in Israeli security policy. Routledge.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-
79.
Peltier, T.R., 2013. Information security fundamentals. CRC press.