As technology develops, new risks and security issues also develop and policies and procedures must adapt quickly to meet the challenges. A central problem in this ‘arms race’ is communication. It can be hard to find the right information and find it quickly when you need it. University staff and students need to have easy access to clear and relevant security guidance. For security management, creating new information or updating existing procedures can be slow and bureaucratic. The University must be agile in creating and publishing security advice.
A set of ‘IS Advisories’ have been created which largely replace the old set of IS Security Policy documents. The new IS Advisories are designed to be subject focused documents, providing clear guidance in support the Information Security Policy and Acceptable Use Policy. All IS Advisories are approved by the IS Board and published on the eRecords system.
What benefits are expected from these new IS Advisories?
They will improve our agility in responding to new and emerging threats.
They will make it easier for people to find the right information.
List of IS Advisories:
Advisories supporting the secure use of University IT resources.
Identity and Access Control
Advisories governing the identification of account users and protection of account access. This includes the physical access to buildings housing IT equipment
Advisories specifically aimed at protecting the security of IT infrastructure
Advisories which support good security practice – particularly in relation to copyright, data sharing and intellectual property.
Advisories which deal with vulnerability scanning, penetration testing.