Skip to main content

Information security

What is Information Security?

Access to information and IT systems is essential for the University to function competitively in the higher education environment. Information Security is the corporate framework of culture, policies, organisational structure and operating environments used to ensure confidentiality, integrity and availability of our information.

The Senior Information Security Officer based with Legal & Governance Directorate works together with all University departments and Schools to develop policy, advice and guidance on information security issues – whether new information systems, projects to share information with external partners or major revisions to existing information systems and procedures that hold personal information i.e. confidential information.

This can be achieved by implementing controls in:

Physical security

Responsibility of Estates with each resident School and department

Personnel and training security

Responsibility of Human Resources

Policy/procedural security

Responsibility of Senior Information Security Officer and Business Owners

Technical security

Responsibility of Digital IT and System Owners (outside DIT)

All these measures must be implemented in tandem rather than being a one-off, as you can see in the diagram below.

Information Security Onion