E-business Guide Logo
E-business step by step
Understanding e-business
What are the benefits?
Trusting the Internet
Getting started
Understanding
About planning
How to plan
Researching the opportunities
Key issues to consider
What level of e-business is right for you?
Writing your e-business plan
Planning
About building
Technical issues
Choosing and preparing contents
What do you want users to do?
Marketing and your website
Designing your website
E-commerce - selling on your website
Maintenance considerations
Developing the website
Building
About protecting
Why be secure?
Where do I start?
What can I do?
Key issues
Top ten e-security tips
Protecting
About managing
Who does the managing?
Maintaining e-business systems
Internal policies and guidelines
Promoting your website
Budgeting for maintenance
Controlling the risks
Legal issues
Spam and ethical e-marketing
Managing
About Improving
Evaluating your e-business
Doing business with government online
Procurement over the Internet
Managing the supply-chain and logistics
Putting your catalogue online
E-marketplaces
Exporting
Improving
e-businessguide - An Australian guide to doing business online e-businessguide Image
Who will administer and manage the process? Protecting - What can I do? - Who will administer and manage the process?
You are here:  Home  /   Protecting   /   What can I do?   /   Who will administer and manage the process?

Every organisation seeking to improve information and system security will need to identify a specific person responsible for the day-to-day management of its information technology systems.

This person is often called a Systems Administrator.

System Administrators have access to all data, files, software and hardware and therefore must have the necessary skills and background to perform the job effectively.

The roles and responsibilities for security should be defined, documented and implemented for both the company and the contractors employed by it.

However, as with all business processes, policies and procedures are not enough without a communication strategy that ensures the target audience (management and staff) fully understand what is involved and what they need to do to make the security program work.

Remember, security is everybody's responsibility and it should be the responsibility of everybody in the organisation to implement security measures correctly and conscientiously.

What to do

Set up a security awareness program for all system users that includes briefings, training sessions, posters, clauses in employee contracts, security awareness days and other methods.

  • Implement security training for technical staff that is focused on the security controls for their particular technical areas (network administrator, database administrator, email and Internet manager, World Wide Web coordinator).
  • Establish processes to review security controls regularly (end of the day, end of the week) including:
    • records that show who was using the system, when, for how long and what functions were performed (file deletions, additions)
    • system user roles and privileges  for all employees
    • removing access and user accounts immediately when no longer needed
  • Review security architecture whenever the business or its strategies have changed and these changes impact on your information or computer systems.

For more information on security issues, you might like to look at this fact sheet developed by DCITA as part of their publication, Trusting the Internet:

PDF Trusting the Internet Fact Sheet - How do I manage my e-security when the service is outsourced? (71 kb)

Next topic in this section >

< BACK Printer friendly Printer-friendly version Text-only Text-only site
Home Contact us Privacy Disclaimer Copyright Site Map
Resources

using this site
who can help
e-business training
e-business references
case studies
quick tools
glossary
Search
 
Advanced
DBCDE Logo
Last updated 23 Jan 2008