U4O2 Help

[ttn]

Hi, so my SAC is on Tuesday and I just have a few questions.

1. Regarding the Privacy Act 1988, do we always say its the Privacy Act 1988 rather than the Privacy amendment act 2000 even when its not a government organisation? I noticed in Checkpoints that they always answered Privacy act 1988.

2. How would we go about creating a disaster recover plan. Is there like a template I can follow?

3. Any tips on how to answer those damn ethical dilemma questions?

4. What's a suitable method for archiving? Something like all records that's been untouched for two years? or more? (records to be maintained for 7 years)

5. One of the questions I had on a practice SAC that I'm not too sure on how to answer was:

Q 13 b What advice would you give the company to ensure they respect the privacy of their customers and abide by the law when they-
A)   collect information from their customers (1)
   -Notify the customers what information is collected and what it will be used for
B)   store information about their customers (1)
   -Ensure the information is adequately protected via both physical and electronic security measures.
C)   access and disclose information (2)
   -They should only use the information for the original purpose they collected it for, which was to record the customer's orders. They can only use it for other purposes once they have written permission from the customer.

Just wondering if my answers seem correct?


Any help would be greatly appreciated, Thanks. 

[huss48]

below from Plan-B

[Plan-B]

Hey
1. I believe the Privacy Amendment Act 2000 does apply to private organisations, however, do take note that if private organisations that use governmental data are still applicable under the Privacy Act 1988, atleast according to my teacher. For example, a local car company will still have issues relating to the Privacy Act 1988 as it is dealing with car registration and licence details that are used by the government.

2. Damn, you guys have to make one for your sac? We didnt have to.. And I'm unaware of any templates out there. But just remember to consider the four key components being (and should include):

Emergency plan: steps to be taken in the event of a natural disaster
Consider:
-   Name and contact details of people to notify, including management and emergency services
-   Procedures to follow with the computer equipment, such as equipment shutdown or removal of files
-   Evacuation procedures for employees, including removal of backup tapes or equipment
-   Return procedures detailing who may re-enter the facility and under what circumstances

Backup plan: that the company is to follow for using file backups to restore computer systems
Consider:
-   The location of alternative sites and equipment in case the normal computer facility has been destroyed
-   The location of backup data, supplies and equipment
-   The personnel responsible for gathering backup resources and transporting them to the alternative computing facility
-   A schedule indicating the order and approximate time each application should be up and running

Recovery plan: procedures for restoring the full information processing capacity of the organisation
Consider:
-   Identification of mission-critical ICT services; these will have first priority when getting the system back online
-   Use of backup site (or secondary site) for data processing needs until primary site has been recovered.
-   Backup methods
-   Alternative sites
-   Equipment replacement
-   Roles and responsibilities
-   Costs

Test plan: Procedures for testing your disaster recovery plan

^^ Taken from page 249 to 250 of Potts Textbook

3. Haha, I found these damn ethical dilemmas tricky too, as there arent really solid textbook answers to it. But I guess, always try and consider trust issues, privacy concerns and how it conflicts with social standards.

If you get an ethical dilemma concerning employee monitoring or use of biometrics, remember the disadvantages:
- instrusive and may impact on employee privacy
- mistrust may develop between employee and employer
^ From pg 214 of Potts textbook

4. I guess for archiving, your basically copying files from your main storage to a backup media such as a hard drive then deleting it from main storage. It is also important, if cost isn't a major factor, to have a backup of your archived files too, to ensure that archived files aren't loss if the backup media is damaged.

5. Yeah, I believed you answered it well, as thats how I would of too. However, maybe you should also try and link some aspects from your case study, if that question was related to one.


Hope that helps
p.s I.T Gods such as Ell and huss48, correct me or improve on my answers if needed

[ttn]

Hey

1. wow, never thought of it like that.
2. Yeah it sucks, I'm not sure how to approach it though, as in are we supposed to have separate plans for different disaster events? or just an overall one?
3. Thanks for those points
4. Oh, didn't think of backing them up also.
5. OK, shouldn't be too hard.

Thanks alot.

[huss48]

well done Plan-B , good answers

[EvilOverlord]

On Q1-my IT teacher told us that the privacy amendment act was combined with the privacy act 1988 this year. So that no longer exists. Same with the other amendment in the copyright law 1968, can't remember its name.

[ttn]

Oh, that explains the checkpoints answers then. Thank you all and hopefully I can ace this sac and keep my ranking.