Why is Information Security Important?
The University relies on IT systems and, to a lesser extent, manual procedures for handling and processing the information supporting many of its activities. Information that the University manages needs to be appropriately secured to protect against consequences of breaches of confidentiality, failures of integrity, interruption to availability and failure to comply with legal, statutory or regulatory requirements.
The core principles of information security are confidentiality, integrity and availability and it is vital that we are able to protect these values with regards to University information assets:
- Confidentiality: ensuring that only those individuals who have a valid and authorised reason to access the information can do so.
- Integrity: ensuring that information is not altered, deleted or otherwise modified by individuals or processes unauthorised to do so.
- Availability: ensuring that the information can be accessed when it is required.
What is the University Information Security Framework?
There are numerous separate areas of University activities with associated policies, practices, guidance etc. which have a bearing on Information Security. To help navigate and put these into context, Annex A
shows how these all interrelate. This set of documents is known as the "Information Security Framework".
The University's Information Security Framework is intended to:
- Ensure everyone understands the University’s expectations around acceptable use of University information assets and IT facilities.
- Ensure everyone is aware of the different types of information which the University uses and can recognise and manage the associated range of risks and threats.
- Ensure everyone clearly understands their role and responsibilities in respect of information security management.
- Reduce the likelihood of information security breaches and information loss by ensuring information security requirements are understood at all levels of the University.
- Ensure that we are able to meet our statutory, regulatory and contractual obligations and any other agreed standards or approaches in respect of information security.
The Framework also provides the means to articulate and assure the University's compliance to relevant legislation or other requirements. The University will abide by all UK legislation and relevant legislation of the European Community and any other agreed legal jurisdiction related to the holding and processing of information. In the case of apparent contradiction between the University's policies and regulations and legislation, the latter takes precedence.
The University will comply with all contractual requirements related to the holding and processing of information, including but not exclusive to:
- JANET Acceptable Use Policy
- The terms and conditions of licences and contracts.
- The terms and conditions of authentication systems, e.g. Athens.
Download full strategic statement (current version 1.3)