3. Project Objectives
The objectives for the project revolve around the recommendations made in the ISBP 2009 report to PICT. They are:
- To investigate, via the Advisory Group, the scope of the project and incorporate other relevant user groups
such as Administrators.
- Consolidation of the Conditions for Connection and Security of Information policies into one, high-level policy
- Review the best practice guidelines, taking into account comments made in the 2009 Self-Assessment questionnaire,
and in accordance with the consolidated policy.
- Development of the best practice guidelines into an Information Security Toolkit to include, for example,
sample policies, guidelines, documentation and suggestions for education and awareness programmes.
- Identification of areas where resources (knowledge and skills) can be found and shared and investigate
the possible pooling and sharing of those resources.
- Investigate the area of 'Information Handling' with a view to developing relevant guidelines,
classification schemes and approaches to risk analysis/management.
- Identify requirements for possible future projects, for example requirements for services that could be
The key deliverables for the project are:
- Consolidated Information Security policy – agreed by all relevant parties across the University
- A revised "Best Practice" document
- Information Security Toolkit or portfolio of resources
- Recommendations regarding information classification and "information handling"
- Recommendations regarding approaches to risk assessment/analysis
- Subsequent recommendations regarding appropriate controls for securing storage and sharing of information
- Recommendations regarding a framework to maintain and monitor information security throughout the collegiate University
- Progress Report to PICT after 12 months, making recommendations for the final 6 months of the project
- Repeat of the Self-Assessment Questionnaire exercise (if confirmed by PICT through the Progress Report)
- Final report on findings and further recommendations
Up: Contents Previous: 2. Organisation of ISBP 2010 Next: 4. Information Security Policy