The University's Information Security Policies are currently in draft form but state clearly the University's objectives for Information Security
The policies are supported by an Information Security Toolkit which intended to go into detail as to how the policies may be implemented.
Information Security Project
anchorThe InfoSec project will move the University to a new degree of information assurance, make it more secure, mitigate information risk, and undertake the work necessary to create a permanent enterprise-wide activity that will deliver she best possible Information Security (IS) for Oxford. The project has established a team which is responsible for helping the Collegiate University to be compliant with a set of IS policies which have been developed and will be endorsed by Council in TT 2012. Once endorsed, the new policies will be contractually binding upon members of the University as part of the Terms and Conditions of Employment and compliance will be mandatory. Therefore, the project, which has full divisional and college support, will transform the way in which information security is managed and governed throughout the University.
The InfoSec project is sponsored by the Director of IT and led by a dedicated Information Security Officer (ISO). Staff from the University have been seconded to the team and support to the project will be offered by staff from the Computer Science department, Legal Services, Council Secretariat, Personnel. The project is also being driven in close collaboration with the Internal Auditors. The InfoSec team members will be advocates for information security, be a source of expertise and help for the University, and investigate new technical solutions such as whole disk ecnryption. The project is being run and operated alongside the OxCERT team in the Computing Services for a period of 24 months. However the activities undertaken by the project will become a permanent activity within the new ICT department, which will be formed from the three existing central IT departments.
The main aims of the project are to:
- Mitigate IS risk for the University
- Establish a co-ordinated and strategic approach to Information Security within the University (and Colleges as they wish) with an appropriate governance structure which will underpin a permanent IS activity following the completion of the InfoSec project
- Foster an understanding that Information Security must be supported by the University's executive management
- Ensure Information Security Policies are recognised and interpreted consistently by units across the University
- Establish acceptance of the new polices with Heads of Department and Administratorsat a local level
- Increase awareness of Information Security issues and the procedures necessary to ensure compliance with legislation and University policy
- Alter the preconception that Information Security is an issue purely related to IT
- Identify the most valuable and at risk informational assets within the University and seek to mitigate the risks
- Conduct an effective 'Proof-of-Concept' activity which helps to establish the requirements for a follow on Information Security Assessment Service
Questions and comments relating to Information Security issues should be directed to firstname.lastname@example.org