Information Security

1. Information Security Best Practice Project

Our aim is to help members of the collegiate University employ best practice within information security.

The Information Security Best Practice project (May 2010 - Oct 2011) helped the collegiate University employ best practice by providing:

Are you responsible for how your department or college operates? Information for Administrators.

About the Project

The Information Security Best Practice Project was housed within the Oxford University Computer Emergency Response Team (OxCERT). The project was led by Jonathan Ashton, member of the OxCERT team and Chair of the ICT Forum's Information Security Advisory Group (IS-AG). The project received valuable technical expertise from the OxCERT team and was guided by the Information Security Advisory Group.

The project sought to build on the knowledge, commentary and information gathered during the 2009 Self-Assessment exercise.

The main objectives of the project were to:
  • Consolidate the existing policies on information security (Conditions for Connection and Security of Information) into one, high-level policy document.
  • Review the best practice guidelines provided in 2009, taking into account comments made in the 2009 Self-Assessment Questionnaire, and in accordance with the consolidated policy.
  • Develop an Information Security Toolkit, which includes policies, guidelines, documentation and education and awareness programmes.
  • Identify areas where resources (knowledge and skills) can be found and shared and investigate the possible pooling and sharing of those resources.
  • Investigate the area of Information Handling to develop guidelines and classification schemes.
  • Consider specific services that could be provided centrally, resulting in a more efficient use of resources.
Updates:
  • November 2011 - End of the project
  • November 2011 - as part of the process of submitting to Council, the new Information Security Policy will be submitted to PRAC in December 2011
  • October 2011 - Toolkit published online Information Security Toolkit
  • October 2011 - Toolkit reviewed by the Information Security Advisory Group
  • September 2011 - Presentation at the UAS conference The new Information Security Policy (PDF 557kb) (only available within the University network)
  • July 2011 - Latest draft of the Information Security Policy available
  • July 2011 - Toolkit additions
  • July 2011 - Meeting with Council Secretariat to discuss submission to Council
  • June 2011 - Information Security Policy package approved by the PRAC ICT Sub-committee
  • June 2011 - Submitted the Information Security Policy package to the PRAC ICT Sub-committee
  • May 2011 - Spin off project: bid for Whole Disk Encryption project submitted to the PRAC ICT Sub-committee
  • May 2011 - Information Security policies circulated to Advisory Group and Council Secretariat
  • March 2011 - Meeting of Advisory Group to refine the subsidiary policies
  • March 2011 - Progress report at the ICT Forum Termly meeting
  • February 2011 - One page briefing document for Heads Div/Dept: ISBP Flyer [52KB PDF]
  • February 2011 - Subsidiary policies drafted and circulated to Advisory Group
  • January 2011 - Meeting with Council Secretariat and Legal Services
  • November 2010 - Draft policy submitted to the PRAC ICT Sub-committee
  • September 2010 - Policy in drafting stage
  • September 2010 - ISBP project at UAS Conference
  • August 2010 - Meeting of Advisory Group
  • August 2010 - Online access to British Standards, see Toolkit
  • July 2010 - ISBP project at ICTF conference

Up: Contents Next: 2. Information Security Policy

Sections in this document: