You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson covers network policies and physical security measures as required by OCR J277 Section 1.4. While technical measures like firewalls and encryption are important, organisational policies and physical safeguards are equally essential for comprehensive security.
A network policy is a set of rules and guidelines that define how a network should be used, managed, and secured within an organisation. Network policies ensure that all users understand their responsibilities and that security measures are consistently applied.
An Acceptable Use Policy defines what users are and are not allowed to do on the network.
| Typically Permitted | Typically Prohibited |
|---|---|
| Work-related internet browsing | Downloading pirated software |
| Using company email for work | Accessing inappropriate websites |
| Storing work files on network drives | Sharing login credentials |
| Using approved software | Installing unauthorised software |
| Accessing authorised resources | Connecting personal devices without approval |
A password policy sets requirements for creating and managing passwords.
Common requirements include:
A backup policy defines how and when data should be backed up.
| Element | Detail |
|---|---|
| Frequency | How often backups are performed (daily, weekly) |
| Type | Full, incremental, or differential backups |
| Storage location | On-site, off-site, or cloud storage |
| Retention period | How long backups are kept |
| Testing | Regular testing to ensure backups can be restored |
OCR Exam Tip: If asked about backup policies, mention the 3-2-1 rule: 3 copies of data, on 2 different types of storage media, with 1 copy stored off-site. This demonstrates thorough understanding.
A disaster recovery policy outlines how an organisation will respond to and recover from a security incident, hardware failure, natural disaster, or other disruption.
Key elements include:
Access controls determine who can access what resources on a network.
| Access Level | Permissions | Example User |
|---|---|---|
| Read-only | View files but not modify | Guest user |
| Read-write | View and modify files | Standard employee |
| Admin | Full control, including managing other accounts | IT administrator |
Physical security protects the hardware and infrastructure of a network from theft, damage, or unauthorised physical access.
| Measure | Purpose |
|---|---|
| Locked server rooms | Prevents unauthorised access to servers and networking equipment |
| CCTV cameras | Monitors physical access to sensitive areas and deters intruders |
| Security guards | Control and monitor physical entry points |
| Biometric door locks | Restricts access to authorised personnel using fingerprint or iris scans |
| Keycard/fob access | Electronic access control for doors and restricted areas |
| Cable locks | Physically secure laptops and equipment to desks |
| Environmental controls | Fire suppression, climate control, and flood protection for server rooms |
| Visitor management | Sign-in procedures, badges, and escorts for visitors |
OCR Exam Tip: Physical security is often overlooked in exam answers, but it is just as important as technical measures. If a question asks about protecting a network, include at least one physical security measure (e.g. locked server rooms, CCTV) alongside technical measures.
Even the best technical and physical security measures can be undermined by untrained users. Security awareness training should cover:
No single security measure is sufficient on its own. Organisations use layered security (also called defence in depth), which combines multiple measures:
If one layer fails, the other layers continue to provide protection. The diagram below shows how an attacker has to defeat each layer in turn before reaching the data.
flowchart TD
A[Attacker] --> B["Physical Layer<br/>Locked rooms, CCTV, keycards"]
B --> C["Perimeter Layer<br/>Firewalls, proxy server"]
C --> D["Authentication Layer<br/>Passwords, 2FA, biometrics"]
D --> E["Access Control Layer<br/>Least privilege, user permissions"]
E --> F["Data Layer<br/>Encryption, backups"]
F --> G[(Protected Data)]
style B fill:#fde2e2
style C fill:#fde2e2
style D fill:#fde2e2
style E fill:#fde2e2
style F fill:#fde2e2
Network policies (acceptable use, password, backup, disaster recovery) and physical security measures (locked rooms, CCTV, biometric access) are essential components of a comprehensive security strategy. Access controls limit who can access what, and user training ensures that people do not inadvertently compromise security. For the OCR J277 exam, remember that effective security requires a layered approach combining technical, physical, and administrative measures.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.