What is Information Security?
Information Security refers to various measures taken to protect and safeguard information against any unauthorised access, misuse, modification, deletion or improper disclosure. More generally, information security focuses on policies, procedures and technologies used to establish sufficient controls to maintain the integrity, confidentiality and availability of information.
Information security typically consists of both proactive and reactive components. The proactive components aim to prevent incidents which adversely affect the integrity, confidentiality and availability of information while the reactive components focus on the handling of incidents once they occur and includes assessment, remediation, reporting and recovering from incidents.
Common proactive information security activities include:
- Security awareness and education programs
- Risk assessments and identification of appropriate controls
- Development of policies and procedures
- Providing advice and guidance with respect to the implementation and use of technology and business processes from a security perspective
- Auditing to ensure systems and procedures comply with various legislation, regulations, policies and procedures
- Ensuring areas have adequate ICT disaster recovery and business continuity plans
Reactive information security activities include:
- Responding to and assessing of security incidents or potential security issues
- Assessing the impact of security incidents and providing recommendations regarding appropriate remediation
- Assisting individuals and areas in handling a security incident
- Reporting incidents and security issues to management, senior executive and where necessary or appropriate, external agencies.
- Overall coordination of security incident response processes
Who is responsible for information security?
All users of UNE ICT services are responsible for Information Security. The role of the information security team within ITD is to assist all staff and organisational units with the development and implementation of secure processes and practices with respect to the use and maintenance of information and ensure these processes and practices comply with relevant legislation, regulations and policies.
Any UNE representative who becomes aware of an information security issue or a potential security issue is required to inform the Information Security Team via email at firstname.lastname@example.org. Anyone who wants guidance or assistance with respect to Information security processes or practices is encourage to contact the Information Security team.