Information Security Toolkit - Best Practices

New: In July 2012 an Information Security Policy was approved by Council and this will be implemented across the University. For further information about this IS Policy please see the Information Security pages from the InfoSec project in the IT Services department. This Toolkit is intended to help you implement the new IS Policy in your unit.

We are developing an online Information Security Toolkit with example policies and suggested technical solutions, as part of the new Information Security Policy documentation. The toolkit provides best practices and further guidance in support of the new policy and aims to be a viable starting point in terms of unit policy - the example policies can be tailored to suit the individual needs of your department, college or hall.

The toolkit focuses on the areas below, each section sets out the recommended best practices menionted in the University's Information Security Policy. These best practices are split into sectinons targeted at specific user groups. Following the best practices below is University policy.

Further Guidance is provided to put the best practices into context and to give practical advice and guidance on how the best practices can be implemented

Suggested technical solutions and example local policies can be found here.

Sections in this document:

• 1. IT Management Structure
• 2. Personnel, Recruitment and Training
• 3. Operations
• 4. Network Management
• 5. Access Control
• 6. User Management
• 7. Information Handling
• 8. Physical and Environmental Security
• 9. Incident Handling
• 10. Business Continuity Planning
• 11. Compliance