Security incident and computer misuse policy
Introduction
1.1 Purpose
University information systems utilise a combination of technical and procedural controls to provide protection against threats that have the potential to result in the compromise, modification or unavailability of data, or damage the reputation and interests of the University. However not all incidents, which may be either accidental or deliberate, can be prevented.
This document, which forms the University's
Security Incident and Computer Misuse Policy,
in support of the Information
Security Policy, defines the controls that
the University will implement in the event of a security
breach or an actual or suspected case of computer
misuse by one of its users. The University's
Information Security Policy and a full list of Supporting
Policies within the Information Security Management
System (ISMS) framework are on the ISS site.
1.2 Applicability
This particular Policy is primarily aimed at ISS staff and faculty, school and departmental systems administrators. Applicability naturally extends to anyone else who is subjected to the Policy framework who undertakes activities governed by this Policy.
1.3 Security Incidents
A security incident is an actual or suspected event or activity which has, or which might, compromise the security of the University's IT/IS systems or its data. Further references to security incidents can be found in the Systems Security & Network Access & Management Policy. Details of potential causes of security incidents and suggested means notification can be found at Annex A.
1.4 Major Security Incidents
A major security incident is any incident could result in the University suffering business impact as result of:
- The compromise of multiple machines or systems; or,
- the compromise of a single critical machine or system; or,
- the disruption of network services affecting multiple machines or systems; or,
- the disclosure or exposure of confidential information to an unauthorised recipient.
A major security incident may be the result of any deliberate or accidental activity. In this context, business impact means direct financial losses; criminal or civil proceedings or adverse publicity resulting in the loss of reputation, credibility or trust, and potentially leading to a loss of revenue (reduction in student numbers or research grants).
Although the outbreak of a virus or the introduction of a worm to the University network could be categorised as a major security incident, such events have been omitted from this Policy as they are addressed in the Virus Protection & Management Policy.
1.5 Computer Misuse
Computer misuse is any activity involving University computing resources which is illegal or prohibited, and which, not exhaustively:
- Compromises the security of the University's IT/IS systems or its data; or,
- breaches the University's Information Security Policies; or,
- generates a formal complaint from a member of the public or another member of the University; or,
- is investigated as part of a police enquiry; or,
- results in civil or criminal proceedings being mounted against the University or a member of the University.
Pages in Security incident and computer misuse policy
- 1. You are here: Introduction
- 2. Preventing, detecting & reporting security incidents
- 3. Investigating security incidents
- 4. Computer misuse & police enquiries
- 5. Annex A - Potential Causes & Suggested Notification of Security Incidents
- 6. Annex B - Security Investigations Team
- 7. Annex C - Police Investigating Computer Related Crime – Staff
- 8. Annex D- Police Investigating Computer Related Crime – Students
- 9. Annex E - Police Investigating Internet Crime
- 10. Annex F – Dealing with Computer Misuse by Students
- 11. Key points at a glance