Information Security Policy (v2.3) | (updated 8 April 2008)

Mass Mailing Restrictions - regulations concerning the sending of bulk University-wide /inter-faculty /departmental emails

Information Security Policy Controls and Mechanisms

Latests News

University targeted by phishing emails (Feb 2010)

Keeping personal and confidential data secure (Golden Rule No. 6) (Feb 2010)

Guidance and Advice

General IT security help and advice, including links to anti-virus software (ISS website)

Keeping personal and confidential data secure (Golden Rule N o . 6) (Feb 2010)

Example phishing emails relating to webmail quotas (Feb 2010 - on ISS website)
Examples of other phishing emails (Sept 2009)

The Golden Rules of IT Security (poster)

The Golden Rules of IT Security 2.0 - full detals (updated 15 August 2007)

Don't get hooked through phishing | (11 April 2008)

Is it a policy, standard, charter, guideline or procedure? (updated 18 December 2008)

Retention of Email on Cessation of University Employment (updated 24 September 2008)

Computer Standards, Codes of Conduct and Guidelines

Peer-to-Peer File Sharing Software on the Campus Network | (updated 15 September 2009)

Supporting Policies

The following policies (listed in alphabetical order) are the policies that are required in support of the University’s Information Security Policy. These documents will be published over a period of time and added to this web site when they become available.

Those to whom any Supporting Policy applies are expected to be either compliant with it within three months of that policy being approved by the ISG, or have an action plan through which to achieve compliance within three months of approval, and be actively and demonstrably working towards it.

1. Access Control & Account Management Policy (v1.6) | (updated 9 August 2007)
2. Archiving Policy
3. Asset Management Policy
4. Business Continuity Policy
5. Change Control Policy
6. Information Classification & Protection Policy (DRAFT - v 0.7) (updated 26 November 2007)
   Draft policy showing track changes
7. Information Security Awareness & Training Policy
8. Legislation Compliance Policy
9. Media Marking & Storage Policy
10. Mobile & Remote Working Policy (v2.2) | (updated 8 April 2008)
11. Password Usage & Management Policy (v 1.2) | (updated 16 December 2008)
12. Personnel Security Policy
13. Physical Security & Access Control Policy
14. Policy on Safeguarding Data - Storage, Backup and Encryption (v1.0) | (30 September 2008)
15. Risk Assessment Policy
16. Security Assurance Testing Policy
17. Security Incident & Computer Misue Policy (v1.1) | ( updated 13 September 2007)
18. Security Patching Policy (1.2) | (updated 2 January 2008)
19. Software Usage & Control Policy (v2.3) | (updated 14 September 2009)
20. Systems Security and Network Access and Management Policy (v2.6) | (updated 14 Sept 2009)
21. System Usage Logging & Audit Policy
22. Third Party Network Connection Policy
23. Use of Computer Systems Policy (Incorporating Internet, Web & E-mail Acceptable Usage) (v2.7)| (updated 22 August 2007)
24. Virus Protection & Management Policy (v1.3) | ( updated January 2008)

Standards, Guildelines, etc

• Computer Standards, Codes of Conduct and Guidelines
• Selecting and Protecting Your Passwords | (updated October 2008)
• Computer Crime and Misuse Investigations (updated 4 July 2006)
• Procedure for Dealing with the Computer Access of Staff who are Suspended from Duty | (added 16 April 2007)
• How to setup an Out of Office reply and delegate access on your mailbox using Outlook (updated June 2007)
• Closed Circuit Television (CCTV) System Standard | (updated 10 December 2007)
• Management and allocation of temporary user acounts (Word file) | (updated 22 February 2008)
• Guide to the KanguruDefender
• Agency Guide to Using the Kanguru Defender - Hardware Encrypted Flash Drive (26 September 2008)
• Suggested procedure for exchanging data with external agencies on a Kanguru Defender hardware encrypted USB drive (29 September 2008)
• Procedure governing the use of the Network Behaviour Analysis Tool (NetBAT) (9 March 2009)

Forms

• Policy Exemption Request (Word)
• Security Policy Change Request (Word)
• Conditions for Accessing Third Party Computer Accounts and Access Request Form
  - DS & Admin Domains Accounts (Word) (updated 16 December 2008)
• Conditions for Accessing Third Party Computer Accounts and Access Request Form
  - Non DS Domain Accounts (Word) (updated 30 June 2006)
• SAP Application Form and guidelines (for Central Admin) (added 11 May 2009)

Related Policies

• Terms and Conditions of Connectivity – Residence Network | (updated 22 Mar 2007)
• Conditions of Use of Computer Systems for Visitors
• Connection of Visitors’ Computer Equipment to the University Network
• Charter Governing The Remote Control Service In Support Of Computer Operations |
• Charter Governing the Cluster Usage Statistics Facility | (Updated 20 Dec 2006)
• Conditions governing the use of the Network Behaviour Analysis Tool (NetBat)| (updated 1 May 2009)
• Conditions of connection of external parties to the University network, or University hosted systems and services | (updated 1 May 2009)
• Security and Operational Standards for Web Servers and Websites (v1.0) | (updated 24 August 2009)

Information Security Group

• Terms of Reference (Updated Sept 2008)
• Membership (Updated Sept 2008)

External Links

• JANET Acceptable Use Policy

Click on the title of a document to view the document web pages (where available) or click on the icon to view a PDF version. To view PDF files, a PDF reader must be installed on your system, for example the free Adobe Acrobat Reader available from the Adobe website (external website).
Documents marked are accessible from on-campus only.