Information Security Management Report - University of Hertfordshire
VerifiedAdded on  2023/04/21
|21
|5376
|392
Report
AI Summary
This report analyzes information security management within the Department of Computer Science at the University of Hertfordshire, focusing on a CISO memo and an acceptable use policy (AUP) aligned with the ISO27000 family, including a BYOD (Bring Your Own Device) policy. The report addresses key security principles such as availability, integrity, confidentiality, and compliance, and examines policy areas including business continuity, outsourcing, user management, and network management. It identifies areas for improvement, such as regular system assessments and enhanced security for assets and resources. The report also outlines an AUP, considering the CIA triad (confidentiality, integrity, and availability) for information assets, and discusses the importance of such policies in organizational decision-making and security frameworks. The report emphasizes the importance of security in the University of Hertfordshire.
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................2
Task 1: The CISO Memo...........................................................................................................2
Task 2: Information Security Policy..........................................................................................6
Conclusion................................................................................................................................15
References................................................................................................................................16
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................2
Task 1: The CISO Memo...........................................................................................................2
Task 2: Information Security Policy..........................................................................................6
Conclusion................................................................................................................................15
References................................................................................................................................16
2
INFORMATION SECURITY MANAGEMENT
Introduction
The information security is the subsequent practice to prevent any type of
unauthorized access, utilization, disruption, inspection, destruction or recording of relevant
information. This relevant data or information could eventually undertake any specific form
electronic and physical and the major focus of this information security is to balance the
protection of confidentiality, integrity as well as availability of data by maintenance of focus
on the efficient policy deployment without even hampering the productivity of the
organization (Siponen, Mahmood and Pahnila 2014). A multi step risk management process
is required for identifying assets, potential impacts, threat sources and many more are
considered here. The following report outlines a brief discussion about the information
security management in the organization of University of Hertfordshire with proper details. A
CISO Memo and information security policy of the organization will be provided here.
Security issues as well as relevant solutions will be properly described in this report to
understand the current position of the University of Hertfordshire in respect to information
security.
Task 1: The CISO Memo
A new Chief Information Security Officer or CISO has been appointed for the
respective Department of Computer Science within the University of Hertfordshire (Crossler
et al. 2013). The existing information security policy of this particular organization is
required to be reviewed as well as analysed. The respective information security policy of
this organization subsequently identifies every key security principle that are underpinning
the policy (Von Solms and Van Niekerk 2013). This particular information-security policy is
supplementary to the subsequent information management policy and follows a standard code
of practice. The major purpose of this specific document is to adopt several principles,
INFORMATION SECURITY MANAGEMENT
Introduction
The information security is the subsequent practice to prevent any type of
unauthorized access, utilization, disruption, inspection, destruction or recording of relevant
information. This relevant data or information could eventually undertake any specific form
electronic and physical and the major focus of this information security is to balance the
protection of confidentiality, integrity as well as availability of data by maintenance of focus
on the efficient policy deployment without even hampering the productivity of the
organization (Siponen, Mahmood and Pahnila 2014). A multi step risk management process
is required for identifying assets, potential impacts, threat sources and many more are
considered here. The following report outlines a brief discussion about the information
security management in the organization of University of Hertfordshire with proper details. A
CISO Memo and information security policy of the organization will be provided here.
Security issues as well as relevant solutions will be properly described in this report to
understand the current position of the University of Hertfordshire in respect to information
security.
Task 1: The CISO Memo
A new Chief Information Security Officer or CISO has been appointed for the
respective Department of Computer Science within the University of Hertfordshire (Crossler
et al. 2013). The existing information security policy of this particular organization is
required to be reviewed as well as analysed. The respective information security policy of
this organization subsequently identifies every key security principle that are underpinning
the policy (Von Solms and Van Niekerk 2013). This particular information-security policy is
supplementary to the subsequent information management policy and follows a standard code
of practice. The major purpose of this specific document is to adopt several principles,
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
INFORMATION SECURITY MANAGEMENT
policies as well as practices that eventually maximize the overall protection against all types
of risks so that this security of the information and even the systems are being ensured
eventually (Peltier 2013). Moreover, they ensure that the University’s systems and
information are the most significant assets of an organization that should be protected
properly.
The scope of the information security policy of University of Hertfordshire is that
each and every member of the university is subsequently required to comply with the policy
that on the contrary, applies to the collaborative activities undertaken by its partner
organizations (Siponen, Mahmood and Pahnila 2014). As per the University’s information
policy, the wholly owned subsidiaries and companies where the university has any interest
would be in subject to few processes as well as policies set out in the document. The various
financial regulations, relevant memoranda of understanding and relevant shareholder’s
agreements of this organization are clearly stated within this information security policy.
The key principles of this information security policy of University of Hertfordshire
majorly involves the principles of availability, integrity, confidentiality, compliance,
responsibilities of members of the university and analysis (Yang, Shieh and Tzeng 2013).
The availability of the data of this university states that for the purpose of enabling the data
and fulfil the defined roles, the respective members of this university would have subsequent
access to the information and hence the various systems, which handle information in
restrictions of few advantages are eventually granted to these members. The second principle
is integrity (Peltier 2016). The information that is available to each and every member of this
university must be in timely manner, complete as well as accurate so that the respective
university has the ability of conducting its business processes and academic processes
effectively and efficiently.
INFORMATION SECURITY MANAGEMENT
policies as well as practices that eventually maximize the overall protection against all types
of risks so that this security of the information and even the systems are being ensured
eventually (Peltier 2013). Moreover, they ensure that the University’s systems and
information are the most significant assets of an organization that should be protected
properly.
The scope of the information security policy of University of Hertfordshire is that
each and every member of the university is subsequently required to comply with the policy
that on the contrary, applies to the collaborative activities undertaken by its partner
organizations (Siponen, Mahmood and Pahnila 2014). As per the University’s information
policy, the wholly owned subsidiaries and companies where the university has any interest
would be in subject to few processes as well as policies set out in the document. The various
financial regulations, relevant memoranda of understanding and relevant shareholder’s
agreements of this organization are clearly stated within this information security policy.
The key principles of this information security policy of University of Hertfordshire
majorly involves the principles of availability, integrity, confidentiality, compliance,
responsibilities of members of the university and analysis (Yang, Shieh and Tzeng 2013).
The availability of the data of this university states that for the purpose of enabling the data
and fulfil the defined roles, the respective members of this university would have subsequent
access to the information and hence the various systems, which handle information in
restrictions of few advantages are eventually granted to these members. The second principle
is integrity (Peltier 2016). The information that is available to each and every member of this
university must be in timely manner, complete as well as accurate so that the respective
university has the ability of conducting its business processes and academic processes
effectively and efficiently.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY MANAGEMENT
Confidentiality, on the other hand, ensures that confidential information must be
accessible only to those specified people, who had been authorized for accessing the accurate
information (Xu et al. 2014). The information, which is not at all confidential must be
promptly accessible without any type of limitation. The next significant security principle
present in this information security policy of University of Hertfordshire is compliance. This
information must be detained as well as operated in such a manner that all contractual,
statutory and legal responsibilities of this particular organization are not being compromised.
The responsibilities of the members of the university must have proper authority and they
must comprehend their duties in respect to the information privacy and then conform to each
and every university regulation as well as policy (Singh 2013). The proper analysis of the
threats and a systematic identification of relevant and accurate risks is highly required in this
case for proper eradication of issues within the respective information security policy.
This information security policy of University of Hertfordshire also provides major
policy areas by which risk could be analysed properly and systematically. The first policy
area is business continuity, which defines that the university is needed to progress as well as
sustain a specific business continuity planning on the basis of formalized risk analysis (Safa,
Von Solms and Furnell 2016). The various duties must be established and it should be
ensured that all the members are meeting their responsibilities effectively. Compliance is the
next policy area, where the information management process should allow this university in
complying with the obligations of legal or statutory. The compliance issues like protection of
data, information freedom, copyrights, IP or intellectual property, protection of software and
licensing, and finally disposal of equipment are to be removed eventually. The outsourcing
and the third party access are also checked with this particular information security policy
(Andress 2014). The external supplier, who is being given contract to the supplying of goods
or services to this University of Hertfordshire, which would eventually bring them to the
INFORMATION SECURITY MANAGEMENT
Confidentiality, on the other hand, ensures that confidential information must be
accessible only to those specified people, who had been authorized for accessing the accurate
information (Xu et al. 2014). The information, which is not at all confidential must be
promptly accessible without any type of limitation. The next significant security principle
present in this information security policy of University of Hertfordshire is compliance. This
information must be detained as well as operated in such a manner that all contractual,
statutory and legal responsibilities of this particular organization are not being compromised.
The responsibilities of the members of the university must have proper authority and they
must comprehend their duties in respect to the information privacy and then conform to each
and every university regulation as well as policy (Singh 2013). The proper analysis of the
threats and a systematic identification of relevant and accurate risks is highly required in this
case for proper eradication of issues within the respective information security policy.
This information security policy of University of Hertfordshire also provides major
policy areas by which risk could be analysed properly and systematically. The first policy
area is business continuity, which defines that the university is needed to progress as well as
sustain a specific business continuity planning on the basis of formalized risk analysis (Safa,
Von Solms and Furnell 2016). The various duties must be established and it should be
ensured that all the members are meeting their responsibilities effectively. Compliance is the
next policy area, where the information management process should allow this university in
complying with the obligations of legal or statutory. The compliance issues like protection of
data, information freedom, copyrights, IP or intellectual property, protection of software and
licensing, and finally disposal of equipment are to be removed eventually. The outsourcing
and the third party access are also checked with this particular information security policy
(Andress 2014). The external supplier, who is being given contract to the supplying of goods
or services to this University of Hertfordshire, which would eventually bring them to the
5
INFORMATION SECURITY MANAGEMENT
contract with every resource of university and he should agree for abiding by this information
security policy.
The University of Hertfordshire has even mentioned about the information handling
of the organization. The respective management of the company should ensure that the
safeguards are kept in place for the core purpose of ensuring proper protection of integrity of
information during the restoration or recovery of the lost or corrupted data files or folders
(Soomro, Shah and Ahmed 2016). User management and utilization of computers are also
enhanced here so that illegal and unethical use of data is being stopped by them efficiently
and without any complexity (Dehling et al. 2015). Moreover, mobile computing, network
management and business critical software management are also checked by them.
The problems or areas of improvements of information security policy of this
university mainly include regular assessments (Sommestad et al. 2014). They do not check
for their system issues regularly and thus this could turn out to be a major problem in their
daily work. As the students and university members have to follow the rules and regulations
for the proper maintenance of information and data security effectively and efficiently. A
periodical assessment of their policy is recommended for University of Hertfordshire. The
other issue includes lack of security to their assets and resources. Since the students and other
organizational members are provided with resources, it is quite important for them to
maintain them with utmost security. However, no such extra security is incurred in the
information security policy of this organization (Parsons et al. 2014). Although, they have
maintained few rules for such act, there always remains a high security issue for them.
INFORMATION SECURITY MANAGEMENT
contract with every resource of university and he should agree for abiding by this information
security policy.
The University of Hertfordshire has even mentioned about the information handling
of the organization. The respective management of the company should ensure that the
safeguards are kept in place for the core purpose of ensuring proper protection of integrity of
information during the restoration or recovery of the lost or corrupted data files or folders
(Soomro, Shah and Ahmed 2016). User management and utilization of computers are also
enhanced here so that illegal and unethical use of data is being stopped by them efficiently
and without any complexity (Dehling et al. 2015). Moreover, mobile computing, network
management and business critical software management are also checked by them.
The problems or areas of improvements of information security policy of this
university mainly include regular assessments (Sommestad et al. 2014). They do not check
for their system issues regularly and thus this could turn out to be a major problem in their
daily work. As the students and university members have to follow the rules and regulations
for the proper maintenance of information and data security effectively and efficiently. A
periodical assessment of their policy is recommended for University of Hertfordshire. The
other issue includes lack of security to their assets and resources. Since the students and other
organizational members are provided with resources, it is quite important for them to
maintain them with utmost security. However, no such extra security is incurred in the
information security policy of this organization (Parsons et al. 2014). Although, they have
maintained few rules for such act, there always remains a high security issue for them.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
INFORMATION SECURITY MANAGEMENT
Task 2: Information Security Policy
The Chief Information Security Officer or simply CISO of the University of
Hertfordshire has to draft an AUP or Acceptable Use Policy with the lines of ISO27000
family for the Department of Computer Science at this particular university (Disterer 2013).
BYOD or Bring Your Own Device Policy is to be linked with the Acceptable Use Policy.
Three distinctive issues of CIA or confidentiality, integrity and availability of the information
assets are to be taken into consideration for each and every asset and even to assess the major
risks and threats within the Department (Jouini, Rabai and Aissa 2014).
The AUP or Acceptable Use Policy is the set of few rules that are being applied by
the owner, administrator and creator of the network, service and web site, which restricts the
methodologies, where that particular network, web site and system might be utilized and then
sets subsequent guidelines for the procedure of using them (Shropshire, Warkentin and
Sharma 2015). These types of documents are usually written for schools, ISPs or internet
service providers, corporations, businesses and universities for the purpose of reducing the
overall potential of legal action, which might be undertaken by the user with a little
enforcement prospect. Such policies are considered as the integral parts of the framework of
any specific information security policy (Baskerville, Spagnoletti and Kim 2014). It is
extremely common to ask any new member of the company for signing an acceptable use
policy even before they are provided major access to the information systems.
An organizational policy eventually performs some of the most important and
significant functionalities within an organization (Cardenas, Manadhata and Rajan 2013).
Finally, these policies help in securing equity as well as consistency within the respective
organizational decisions. Hence, when the various managers would be making such decisions
within any specific policy area, the decisions would be completely consistent in the limits
INFORMATION SECURITY MANAGEMENT
Task 2: Information Security Policy
The Chief Information Security Officer or simply CISO of the University of
Hertfordshire has to draft an AUP or Acceptable Use Policy with the lines of ISO27000
family for the Department of Computer Science at this particular university (Disterer 2013).
BYOD or Bring Your Own Device Policy is to be linked with the Acceptable Use Policy.
Three distinctive issues of CIA or confidentiality, integrity and availability of the information
assets are to be taken into consideration for each and every asset and even to assess the major
risks and threats within the Department (Jouini, Rabai and Aissa 2014).
The AUP or Acceptable Use Policy is the set of few rules that are being applied by
the owner, administrator and creator of the network, service and web site, which restricts the
methodologies, where that particular network, web site and system might be utilized and then
sets subsequent guidelines for the procedure of using them (Shropshire, Warkentin and
Sharma 2015). These types of documents are usually written for schools, ISPs or internet
service providers, corporations, businesses and universities for the purpose of reducing the
overall potential of legal action, which might be undertaken by the user with a little
enforcement prospect. Such policies are considered as the integral parts of the framework of
any specific information security policy (Baskerville, Spagnoletti and Kim 2014). It is
extremely common to ask any new member of the company for signing an acceptable use
policy even before they are provided major access to the information systems.
An organizational policy eventually performs some of the most important and
significant functionalities within an organization (Cardenas, Manadhata and Rajan 2013).
Finally, these policies help in securing equity as well as consistency within the respective
organizational decisions. Hence, when the various managers would be making such decisions
within any specific policy area, the decisions would be completely consistent in the limits
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY MANAGEMENT
that are being established by the governing policy (Tamjidyamcholo et al. 2013). These
policies are the standing plans, which provide guidelines to undertake decision making. The
Acceptable Use Policy provides certain guides to thinking, which could establish the limits as
well as boundaries at which decisions are eventually made. However, in such boundaries,
subsequent judgment is exercised (Flores, Antonsen and Ekstedt 2014). The specific degree
for discretion that is provided permission would eventually vary from any one policy to the
next. Few subsequent policies are extremely broader and they enable better latitude; however,
the others are hardly fabricated and they leave small rooms for judgment. The policy for
selection of the most efficient qualified candidate for all managerial positions significantly
permit more discretion than this particular policy to promote the most efficient and qualified
candidate in the company. An Acceptable Use Policy is the narrower policy since it restricts
the selection to all current employees (Layton 2016). This specific policy in the organization
is completely based on the standardized test scores as well as seniority scores for being more
restrictive policy.
For the purpose of comprehending the nature of such policies, it is quite useful for
differentiating them from the other respective standing plans. These plans are designed for
dealing with recurring issues like standard methods (Kolkowska and Dhillon 2013). Standard
operating processes and rules. These rules are the particular statements of what should be
done and what should not be done within a specific situation. Unlike these policies, they
eventually provide absolutely no room for managerial discretion. These rules are also
designed for suppressing the thinking; however policies need varying judgment degrees
(Posey et al. 2014). The SOPs or standard operating procedures are the detailed instructions
that help in executing any specific operation. The perfect consecutive order of steps are
substantially monitored and they eventually permit lesser area for discretion. Every process
cut across the departmental line and they include various employees. These standard
INFORMATION SECURITY MANAGEMENT
that are being established by the governing policy (Tamjidyamcholo et al. 2013). These
policies are the standing plans, which provide guidelines to undertake decision making. The
Acceptable Use Policy provides certain guides to thinking, which could establish the limits as
well as boundaries at which decisions are eventually made. However, in such boundaries,
subsequent judgment is exercised (Flores, Antonsen and Ekstedt 2014). The specific degree
for discretion that is provided permission would eventually vary from any one policy to the
next. Few subsequent policies are extremely broader and they enable better latitude; however,
the others are hardly fabricated and they leave small rooms for judgment. The policy for
selection of the most efficient qualified candidate for all managerial positions significantly
permit more discretion than this particular policy to promote the most efficient and qualified
candidate in the company. An Acceptable Use Policy is the narrower policy since it restricts
the selection to all current employees (Layton 2016). This specific policy in the organization
is completely based on the standardized test scores as well as seniority scores for being more
restrictive policy.
For the purpose of comprehending the nature of such policies, it is quite useful for
differentiating them from the other respective standing plans. These plans are designed for
dealing with recurring issues like standard methods (Kolkowska and Dhillon 2013). Standard
operating processes and rules. These rules are the particular statements of what should be
done and what should not be done within a specific situation. Unlike these policies, they
eventually provide absolutely no room for managerial discretion. These rules are also
designed for suppressing the thinking; however policies need varying judgment degrees
(Posey et al. 2014). The SOPs or standard operating procedures are the detailed instructions
that help in executing any specific operation. The perfect consecutive order of steps are
substantially monitored and they eventually permit lesser area for discretion. Every process
cut across the departmental line and they include various employees. These standard
8
INFORMATION SECURITY MANAGEMENT
operating procedures are frequently utilized for supporting the overall deployment of these
policies (McIlwraith 2016). The standard work methodologies are the established methods to
perform specified tasks.
The respective Acceptable Use Policy or AUP of the University of Hertfordshire after
linking it with the BYOD or Bring Your Own Device Policy and by considering CIA or
confidentiality, integrity and availability issues of the information assets at the Department of
Computer Science is given below:
Review History
Names Departments Role or Position Date Approved Signature
Mr. X Information
Security
Department
Security Analyst 31/12/2018 X
Mr. Y Risk
Management
Department
CRO 31/12/2018 Y
Mr. Z Finance
Department
Employee 30/12/2018 Z
The approval history of this Acceptable Use Policy is as follows:
Approval History
Names Departments Role or Position Date Approved Signature
Mr. A Management CEO 3/1/2019 A
Mr. B Information CIO 3/1/2019 B
INFORMATION SECURITY MANAGEMENT
operating procedures are frequently utilized for supporting the overall deployment of these
policies (McIlwraith 2016). The standard work methodologies are the established methods to
perform specified tasks.
The respective Acceptable Use Policy or AUP of the University of Hertfordshire after
linking it with the BYOD or Bring Your Own Device Policy and by considering CIA or
confidentiality, integrity and availability issues of the information assets at the Department of
Computer Science is given below:
Review History
Names Departments Role or Position Date Approved Signature
Mr. X Information
Security
Department
Security Analyst 31/12/2018 X
Mr. Y Risk
Management
Department
CRO 31/12/2018 Y
Mr. Z Finance
Department
Employee 30/12/2018 Z
The approval history of this Acceptable Use Policy is as follows:
Approval History
Names Departments Role or Position Date Approved Signature
Mr. A Management CEO 3/1/2019 A
Mr. B Information CIO 3/1/2019 B
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
INFORMATION SECURITY MANAGEMENT
Security
Department
Mr. C Operations
Department
COO 3/1/2019 C
1. Company
The purpose of this Acceptable Use Policy is establishing acceptable as well as
unacceptable utilization of electronic devices as well as network resources within the
University of Hertfordshire in combination with the conventional culture of lawful and
ethical behaviours, trust, integrity and openness (Nazareth and Choi 2015).
This University of Hertfordshire eventually provides networks, computer devices and
electronic information system to their students for helping them in meeting their goals,
initiatives and missions of career or even managing them responsibly for the proper
maintenance of CIA or confidentialities, integrities and availabilities of the information asset
(Hsu et al. 2015). The policy needs few user of these informational assets for complying with
their University policies as well as protecting against damage of legal issues.
2. Scope
All the students and the employees at University of Hertfordshire, after inclusion of
all the personnel, who are affiliated with the third parties should abide by to this policy
(Ermakov et al. 2014). Acceptable Use Policy then eventually applies to each and every
information asset that are either leased or owned by the University of Hertfordshire, or to
several devices, which link to any network of the University of Hertfordshire or be inherent
in at the site of University of Hertfordshire (Flores, Antonsen and Ekstedt 2014). Information
security should approve certain exceptions to the policy in advanced stage.
INFORMATION SECURITY MANAGEMENT
Security
Department
Mr. C Operations
Department
COO 3/1/2019 C
1. Company
The purpose of this Acceptable Use Policy is establishing acceptable as well as
unacceptable utilization of electronic devices as well as network resources within the
University of Hertfordshire in combination with the conventional culture of lawful and
ethical behaviours, trust, integrity and openness (Nazareth and Choi 2015).
This University of Hertfordshire eventually provides networks, computer devices and
electronic information system to their students for helping them in meeting their goals,
initiatives and missions of career or even managing them responsibly for the proper
maintenance of CIA or confidentialities, integrities and availabilities of the information asset
(Hsu et al. 2015). The policy needs few user of these informational assets for complying with
their University policies as well as protecting against damage of legal issues.
2. Scope
All the students and the employees at University of Hertfordshire, after inclusion of
all the personnel, who are affiliated with the third parties should abide by to this policy
(Ermakov et al. 2014). Acceptable Use Policy then eventually applies to each and every
information asset that are either leased or owned by the University of Hertfordshire, or to
several devices, which link to any network of the University of Hertfordshire or be inherent
in at the site of University of Hertfordshire (Flores, Antonsen and Ekstedt 2014). Information
security should approve certain exceptions to the policy in advanced stage.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
INFORMATION SECURITY MANAGEMENT
3. Policy Statement
The policy statement of University of Hertfordshire is given below:
3.1 General Requirements
3.1.1 The students and organizational members are responsible to exercise good
judgment about the correct utilization of University of Hertfordshire’s resources in respect to
the policies, guidelines and standards of University of Hertfordshire (Cardenas, Manadhata
and Rajan 2013). The various resources of University of Hertfordshire might not be utilized
for the unlawful as well as prohibited purposes.
3.1.2 For certain purposes of maintenance, compliance and security, the authorized
personnel might audit as well as monitor the equipment, network traffic and systems
according to their Audit Policy (Kolkowska and Dhillon 2013). The devices, which
eventually interfere with the various devices and users on the network of University of
Hertfordshire might be disconnect ted. This information security prohibits actively the
blockage of authorized audit scanning (Baskerville, Spagnoletti and Kim 2014). There are
various firewalls as well as blocking technology should provide permission subsequent
access to scanning sources.
3.2 System Accounts
3.2.1 The students and organizational members are responsible to provide security to
the systems, accounts and data under control. Passwords should be kept safe and secured and
they do not share password information or account information with anyone other than the
organizational members and students (Shropshire, Warkentin and Sharma 2015). Providing
access to any other person, irrespective of the fact of being deliberate or by failure for
securing the access is a significant violation of policy.
INFORMATION SECURITY MANAGEMENT
3. Policy Statement
The policy statement of University of Hertfordshire is given below:
3.1 General Requirements
3.1.1 The students and organizational members are responsible to exercise good
judgment about the correct utilization of University of Hertfordshire’s resources in respect to
the policies, guidelines and standards of University of Hertfordshire (Cardenas, Manadhata
and Rajan 2013). The various resources of University of Hertfordshire might not be utilized
for the unlawful as well as prohibited purposes.
3.1.2 For certain purposes of maintenance, compliance and security, the authorized
personnel might audit as well as monitor the equipment, network traffic and systems
according to their Audit Policy (Kolkowska and Dhillon 2013). The devices, which
eventually interfere with the various devices and users on the network of University of
Hertfordshire might be disconnect ted. This information security prohibits actively the
blockage of authorized audit scanning (Baskerville, Spagnoletti and Kim 2014). There are
various firewalls as well as blocking technology should provide permission subsequent
access to scanning sources.
3.2 System Accounts
3.2.1 The students and organizational members are responsible to provide security to
the systems, accounts and data under control. Passwords should be kept safe and secured and
they do not share password information or account information with anyone other than the
organizational members and students (Shropshire, Warkentin and Sharma 2015). Providing
access to any other person, irrespective of the fact of being deliberate or by failure for
securing the access is a significant violation of policy.
11
INFORMATION SECURITY MANAGEMENT
3.2.2 The students and organizational members should maintain user level as well as
system level passwords according to the Password Policy.
3.2.3 The students and organizational members should ensure through the technical or
legal means, which proprietary information or data within the proper control of University of
Hertfordshire ate every time (Jouini, Rabai and Aissa 2014). The conduction of University of
Hertfordshire system, which results within the storage of all types of proprietary information
on the controlled environment of University of Hertfordshire after inclusion of devices that
are being maintained by the third party is strictly prohibited. Moreover, it also prohibits the
utilization of any electronic mail account, which is not being provided by the University of
Hertfordshire for the students and the other organizational members for benefit (Soomro,
Shah and Ahmed 2016).
3.3 Computing Assets
3.3.1 The students and organizational members are responsible for ensuring the
proper protection and security of the assigned assets or resources of University of
Hertfordshire, which involves utilization of computer cable lock or any other security device
(Safa, Von Solms and Furnell 2016). The laptops that are being left at University of
Hertfordshire for a longer time by the students should be properly secured as well as placed
within a locked drawer and cabinet. A prompt report of any theft of the University of
Hertfordshire resources or assets (Singh 2013).
3.3.2 Every personal computers and laptops should be protected with the respective
password-protected screensavers with any automated activation characteristic set to about 10
minutes or even lesser (Yang, Shieh and Tzeng 2013). The students should lock the
respective screen for logging off when that particular device is being unattended.
INFORMATION SECURITY MANAGEMENT
3.2.2 The students and organizational members should maintain user level as well as
system level passwords according to the Password Policy.
3.2.3 The students and organizational members should ensure through the technical or
legal means, which proprietary information or data within the proper control of University of
Hertfordshire ate every time (Jouini, Rabai and Aissa 2014). The conduction of University of
Hertfordshire system, which results within the storage of all types of proprietary information
on the controlled environment of University of Hertfordshire after inclusion of devices that
are being maintained by the third party is strictly prohibited. Moreover, it also prohibits the
utilization of any electronic mail account, which is not being provided by the University of
Hertfordshire for the students and the other organizational members for benefit (Soomro,
Shah and Ahmed 2016).
3.3 Computing Assets
3.3.1 The students and organizational members are responsible for ensuring the
proper protection and security of the assigned assets or resources of University of
Hertfordshire, which involves utilization of computer cable lock or any other security device
(Safa, Von Solms and Furnell 2016). The laptops that are being left at University of
Hertfordshire for a longer time by the students should be properly secured as well as placed
within a locked drawer and cabinet. A prompt report of any theft of the University of
Hertfordshire resources or assets (Singh 2013).
3.3.2 Every personal computers and laptops should be protected with the respective
password-protected screensavers with any automated activation characteristic set to about 10
minutes or even lesser (Yang, Shieh and Tzeng 2013). The students should lock the
respective screen for logging off when that particular device is being unattended.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.