Systems Security & Network Access & Management Policy
1. Introduction
1.1 Background
The University of Leeds (hereafter referred to as the University ) operates an Information Security Management System (ISMS) which is designed to protect the Confidentiality, Integrity and Availability (CIA) of its key information .
The ever increasing use of digitised and networked information at the University intensifies the risk of data being copied, modified, hidden or encrypted, accessed by unauthorised persons, stolen or destroyed. Furthermore, unless systems are appropriately secured, there is an increased risk that they will be used to mount attacks against other organisations, potentially resulting in liability and/or damage to the reputation of the University .
In addition, it is essential for the protection of those who administer and manage IT/IS facilities to so within the framework of the numerous laws that concern data and information, so that individuals do not find themselves liable to criminal proceedings as a result of their activities.
The technical controls that are used within the University provide an essential element of protection. However, these only deliver part of the required solution, the most effective defence being achieved through awareness and good working practices.
This document forms the University's Systems Security & Network Access & Management Policy in support of the Information Security Policy. Compliance with this Policy will ensure that consistent controls are applied throughout the University to minimise exposure to security breach. Furthermore, it will enable network and systems administration and computer support staff to conduct their activities within the framework of the law. The University's Information Security Policy and a full list of Supporting Policies within the ISMS framework can be found at http://campus.leeds.ac.uk/isms.
1.2 Purpose, Applicability and Scope
This Policy is primarily directed at systems administrators and computer support staff (including ISS staff) who are responsible for the development and maintenance of IT/IS facilities. Applicability naturally extends to anyone else who is subjected to the Policy framework who undertakes activities governed by this Policy, especially those who administer their own machines.
It is the personal responsibility of each person to whom this Policy applies to adhere fully with its requirements. However, Deans and Heads of Schools/Services are responsible for implementing this Policy within their respective faculty, school or department and for overseeing compliance by staff under their direction or supervision.
Pages in Systems Security & Network Access & Management Policy
- 1. You are here: 1. Introduction
- 2. 2. Systems Security
- 3. 3. Network Security
- 4. 4. General Policy
- 5. 5.1 Annex A - Hints and Tips for System Administrators
- 6. 5.3 Annex B - Procedures for Dealing with Extensive Scanning or Probing & Security Threats
- 7. 5.3 Annex C - Third Party Equipment Status Questionnaire & Agreement
- 8. 5.4 Annex D - Procedures and Information
- 9. 5.5 Annex E - Monitoring Restrictions Imposed by The Regulation of Investigatory Powers Act 2000 & The Human Rights Act 1998
- 10. 5.6 Annex F - Examples of an Administrator's Activities in Practical Situations