What, Why and How

WHAT is Information Security?

Access to information and IT systems is essential for the University to function competitively in the higher education environment. Information Security is the corporate framework of culture, policies, organisational structure and operating environments used to ensure confidentiality, integrity and availability of our information.

This can be achieved by implementing controls in:

Physical security Responsibility of Estates and Schools
Personnel and training security Responsibility of Human Resources
Policy/procedural security Responsibility of Senior Compliance Officer (Security Management)
Technical security Responsibility of IT Services

All these measures must be implemented in tandem rather than being a one-off, as you can see in the diagram below.

Diagram of Information Security

WHY do we need Information Security?

University students and staff are very dependant on information and IT systems, especially email and the internet, to function and to carry out their study and work. However, our information systems face a number of threats.

  • Theft of hardware
  • Deliberate attacks on our data by dissatisfied students, staff or external hackers
  • Human error
  • Disastrous events, e.g. fire, flood, explosion

Consequences of these threats range from:

  • Disruption to University service
  • Loss of public and student confidence in the University
  • Discipline and/or criminal proceedings as a result of unlawful access, disclosure of misuse of systems and so on.

As you can see, Information Security helps protect our work and the reputation of the University. It helps to prevent unnecessary cost and risk.

Information Security measures implemented within the University are based on the British/International Standard 7799/27001+2 (illustrated in the diagram below).

The guidance is further tailored for the Higher Education environment by the University Colleges and Information Systems Association (UCISA) Information Security toolkit.

HOW is Information Security managed?

There is a dedicated role within the Governance Services Unit of Senior Information Security Officer.