3. Project Objectives

The objectives for the project revolve around the recommendations made in the ISBP 2009 report to PICT. They are:
  • To investigate, via the Advisory Group, the scope of the project and incorporate other relevant user groups such as Administrators.
  • Consolidation of the Conditions for Connection and Security of Information policies into one, high-level policy document.
  • Review the best practice guidelines, taking into account comments made in the 2009 Self-Assessment questionnaire, and in accordance with the consolidated policy.
  • Development of the best practice guidelines into an Information Security Toolkit to include, for example, sample policies, guidelines, documentation and suggestions for education and awareness programmes.
  • Identification of areas where resources (knowledge and skills) can be found and shared and investigate the possible pooling and sharing of those resources.
  • Investigate the area of 'Information Handling' with a view to developing relevant guidelines, classification schemes and approaches to risk analysis/management.
  • Identify requirements for possible future projects, for example requirements for services that could be provided centrally.

Project Outline

The key deliverables for the project are:
  • Consolidated Information Security policy – agreed by all relevant parties across the University
  • A revised "Best Practice" document
  • Information Security Toolkit or portfolio of resources
  • Recommendations regarding information classification and "information handling"
  • Recommendations regarding approaches to risk assessment/analysis
  • Subsequent recommendations regarding appropriate controls for securing storage and sharing of information (e.g. encryption)
  • Recommendations regarding a framework to maintain and monitor information security throughout the collegiate University
  • Progress Report to PICT after 12 months, making recommendations for the final 6 months of the project
  • Repeat of the Self-Assessment Questionnaire exercise (if confirmed by PICT through the Progress Report)
  • Final report on findings and further recommendations

Up: Contents Previous: 2. Organisation of ISBP 2010 Next: 4. Information Security Policy