BTec Nationals Business Unit 32 Organisational Systems Security

Learning outcomes
On completion of this unit a learner should:

1 Know potential threats to IT systems and organisations
2 Understand how to keep systems and data secure
3 Understand the organisational issues affecting the use of IT systems.

1 Know potential threats to IT systems and organisations
Unauthorised access: internal and external; access causing damage to data or jamming resources, eg viruses; accessing systems or data without damage, eg phishing, identity theft, piggybacking, hacking
Damage to or destruction of systems or information: files and other natural disasters; malicious damage (internal and external causes); technical failures; human errors; theft
Information security: confidentiality; integrity and completeness of data; availability of data as needed
Threats related to e-commerce: website defacement; control of access to data via third party suppliers; others, eg denial of service attacks
Counterfeit goods: products at risk, eg software, DVDs, games, music; distribution mechanisms, eg boot sales, peer-to-peer networks
Potential organisational impact: loss of service; loss of business or income, eg through loss of customer records; increased costs; poor image
2 Understand how to keep systems and data secure
Physical security: locks; visitors passes; sign in/out systems; others, eg guards, cable shielding
Biometrics: retinal scans; fingerprint; other, eg voice recognition
Software and network security: encryption techniques, eg public and private key; call back; handshaking; diskless networks; use of backups; audit logs; firewall configuration; virus checking software; use of virtual private networks (VPN); passwords; levels of access to data; software updating
3 Understand the organisational issues affecting the use of IT systems
Security policies: budget setting; disaster recovery policies; updating of security procedures and scheduling of security audits; surveillance and monitoring policies; risk management
Employment contracts and security: hiring policies; separation of duties; ensuring compliance including disciplinary procedures; training and communicating with staff as to their responsibilities
Code of conduct: email usage policy; internet usage policy; software acquisition and installation policy; user area usage policy; account management policy; ethics
Laws: Computer Misuse Act 1990; others, eg Copyright, Designs and Patents Act
1988, Privacy and compensation requirements of Data Protection Act 1984, 1998,
2000
Copyrights: open source; freeware; shareware; commercial software
Ethical decision making: eg freedom of information versus personal privacy; permission, eg to use photographs or videos, CCTV footage
Professional bodies: eg Business Software Alliance (BSA), Federation Against
Software Theft (FAST), British Computing Society (BCS), Association of Computing
Machinery (ACM)

Scheme of Work		Session: 2008-2009

School: Business & Computing		Course title and year:
		Btec Natonal Diploma 2007/9
Lecturer: Philip M Russell

Module/subject/unit:	Unit 32 Organisational Systems Security	Duration of Each Session: 1.5hrs

Week Number	1st Session	2nd Session	3rd Session
1	Introduction to unit and reference sources Housekeeping arrangements: Internet access policy, schedule for assignments etc.	Class discussion: Potential threats to ICT systems and organisations Internet research	15.1.1 Unauthorised access: internal and external threats are covered. Group activity Internet research Use analysis software Activity 15.1: Phishing (SB page 178) – individual activity
2	15.1.2 Damage or destruction of systems or information, ncluding natural disasters and malicious damage.	Group activity Internet research Use analysis software Activity 15.2: Cyber damage (SB 1 page 180) – individual/paired activity	15.1.3 Information security. Group activity Internet research Use analysis software
3	15.1.4 E-commerce threats. Information security: Confidentiality; integrity and completeness of data; availability of data as needed Group activity Internet research Use analysis software	15.1.4 E-commerce threats. Group activity Internet research Look at analysis software	Risk Analysis What is a risk and how to put them into context.
4	15.1.5 Counterfeit goods. Group discussion: case studies Internet research		15.1.6 Organisational impact. Internet research Class discussion: Test your knowledge Activity 15.3: E-commerce attacks individual/paired activity
5	Encryption
6	Biometrics Investigation
7	Presentations Assignment 2
8
9	Presentation Assignment 3
10
11
12

Week	Topic + Learning outcomes (what the student will be able to do)	Learning activities Inc ILT activities	Assessments & Assignments, (Inc Key Skills Assessment)
1			Assignment 1
2
3	Understand what is meant by Information Security and the resonsibilities. Be aware of the types of e-commerce threats	Undertake a risk analysis. Define terms. Discuss computer security	Test 3
4
5	Encryption	Test 5	Assignment 2
6	Biometrics	Test 6
7	Presentations
8
9	Presentations		Assignment 4 out
10
11
12

Essential resources
The Information Commissioners Office produces excellent teaching and learning materials which highlight the need for control over data. These can provide a useful introduction to the need for privacy, a subjects rights, and an organisations obligations under the Data Protection Act.
Similarly, there are superb reports produced by the Business Software Alliance which show the amounts of software piracy by area and country of the world. The British Computing Society and the Association of Computing Machinery have sections of their sites devoted to ethical conduct and codes of practice which could be used to enrich the teaching and learning experience.

Unit 32 National Syllabus

BTec Nationals Business
Unit 32 Organisational Systems Security

Sessions

Links