110 likes | 182 Views
BS 7799 Pilot. Protecting your Information JISC Assist Workshop. Dr Mike Jinks Director, Computing Service. Information Strategy. agreed July 1999 process-based key business processes educational experience research managing external interface statutory requirements income generation.
E N D
BS 7799 Pilot Protecting your Information JISC Assist Workshop Dr Mike Jinks Director, Computing Service
Information Strategy agreed July 1999 process-based key business processes educational experience research managing external interface statutory requirements income generation
integrating and enabling processes principles and policies Information Strategy
Information access and security policy covers all forms of information and media to be developed - 1999/2000 addresses ethical and statutory requirements + business continuity planning etc new data protection act confidentiality
BS 7799 Pilot University policy of openness why? gain experience quickly right time investigate an ‘emerging’ standard outcome eg generic security policy - basis for part of local policy
what? applicable to all forms of information concentrated on electronic information considered some relevance to management of official records most work undertaken within Computing Service BS 7799 Pilot
applicable to all form of information more mature for electronic info useful checklists not as bureaucratic as expected not intending to become accredited unless necessary eg to obtain access to research data BS 7799 Pilot - conclusions
devolved governance departmental systems many not actively managed ethos expect responsible actions policies and guidelines not regulations University issues
development of information access and security policy many aspects different authors and areas of expertise education and awareness Heads of Department Departmental Computing Officers University issues
implementation and monitoring risk assessment connection and disconnection collaborative research authority of centre local ‘CERT’ and UKERNA CERT University issues
expectations of other sites level of standardisation - minimum levels? Role and relationships with UKERNA CERT generation and dissemination of best practice JISC UCISA HE community issues