Information Security Policy
Vice-Chancellor’s Foreword
Sadly, there are people who, for whatever reason, will go to great lengths to misuse this technology for undesirable purposes. The effects of such activities can be both serious and far reaching. For example, unauthorised access to computer data (often referred to as 'hacking') can result in the disclosure of personal information and the modification or loss of data. Similarly contamination by computer viruses can result in the corruption or deletion of data and the waste of significant amounts of valuable staff time.
Whilst the majority of information held and processed by the University is intended to be widely disseminated, we have a duty of care to ensure its integrity and availability.
However, some of the University's corporate information must be kept confidential in accordance with legal requirements. Failure to implement appropriate controls to protect this information could adversely affect the University's reputation and potentially leave it open to prosecution under the various pieces of legislation that apply.
Due to the rapid development of information technology, legislation often lags behind these developments and when introduced can sometimes be complex and appear to be contradictory. However we are all governed by such legislation and ignorance of it is no excuse in the eyes of the law.
It is therefore clear that a framework is required if members of the University are to work in a manner that protects our information and IT/IS facilities.
This Information Security Policy provides this framework for our University. It has been compiled through consultation with the wider community and it is designed to protect the best interests of the University and its members.
Professor Michael Arthur
Vice-Chancellor, University of Leeds
© University of Leeds 2008
The intellectual property contained within this publication is the
property of the University of Leeds.
This publication (including its text and illustrations) is protected
by copyright. Any unauthorised projection, editing, copying, reselling,
rental or distribution of the whole or part of this publication in
whatever form (including electronic and magnetic forms) is prohibited.
[Any breach of this prohibition may render you liable to both civil
proceedings and criminal penalties].
Author: Kevin Darley, IT Security Co-ordinator,
Information Systems Services, University of Leeds
Related Documents: Supporting Policies (currently in preparation):
Acknowledgements: KPMG
Document Control
This document is subject to change control and any amendments will
be recorded below.
Change History
Version:2.3
Date:8 April 2008
Circulation: Campusweb
Changes:Foreword signed off by current VC and general
review and update.
Pages in Information Security Policy
- 1. You are here: Vice-Chancellor’s Foreword
- 2. 1. Introduction
- 3. 2. Organisational security
- 4. 3. Asset classification
- 5. 4 Personnel security
- 6. 5. Physical and environmental security
- 7. 6. Communications and operations management
- 8. 7. Access control
- 9. 8. Systems development and maintenance
- 10. 9 Business continuity management
- 11. 10. Compliance
- 12. Appendix A - Glossary of terms
- 13. Annex B - Security responsibilities