Implement security for a digital device
Overview
This standard is about protecting a digital device by implementing security controls.
It involves implementing own password protection to devices and configuring security software running on devices. It includes implementing data backup software to maintain copies of file structures and data and testing the ability to recover data should that be required. It also includes keeping operating system software up to date and removing unused software to reduce risks.
This standard is for those who need to implement security for digital devices to meet their own needs or as part of their duties.
Performance criteria
You must be able to:
- Establish processes for implementing and updating strong password protection on digital devices in line with organisational standards
- Implement, configure and maintain antivirus security software to protect from threats to privacy and data on digital devices in line with organisational standards
Run antivirus security scans on digital device to identify security issues in line with organisational procedures
Check all external drives to a digital device with security software before use and restrict access to drive ports that are not used in line with organisational procedures
Implement backup and recovery solutions to safeguard data in line with organisational procedures
Perform periodic data backups using manual or automated procedures in line with organisational standards
Test data backup and recovery solutions deliver the correct functionality
Keep operating system and application software up to date in line with organisational software updating and patching policies
Remove unused drivers and software from digital devices to reduce cyber security risks
- Identify and report any suspicious activity when using digital devices in line with organisational procedures
Knowledge and Understanding
You need to know and understand:
- What is meant by a data security breach
- The main causes of data security breaches
- The impact that computer viruses, malware and unauthorised access can have on digital systems and data to an organisation
- How to recognise problems that may be caused by a computer virus, malware or unauthorised use of digital devices
- How to report breaches caused by computer virus, malware or unauthorised use of digital devices
- The legal and ethical obligations around storing and sharing personal and business data
- The reporting requirements for data protection legislation
- How to use built-in operating system security features
- How to implement and test backup and recovery software
- The need to keep operating system and application software up to date to maintain resilience
- How to check for operating system and application software updates
- The importance of checking all externally connected drives and devices to maintain resilience
- How to run security scans on external devices