By: Sandeep Gupta, Security Architect
The increasingly publicized cybersecurity threats and incidents coupled with information breaches across key industries, including in higher education, provide a fitting backdrop to the recent approval of the University of Ottawa’s IT security policies.
Information is at the centre of the University’s research, teaching, and administrative functions. Compromises to the availability, integrity, or confidentiality of information could prevent the University from functioning effectively and efficiently. Furthermore, the loss or unauthorised disclosure of information could negatively affect the University and cause financial loss. To mitigate these risks, information security must be an integral part of information management, whether the information is held in electronic or hard copy form.
In addition, IT resources support the University activities essential to its research, teaching and administrative functions. As such, the University recognizes the role of IT security in enabling access to the information needed to perform daily work while at the same time deterring threats.
The University is committed to protecting both the security of its information and information systems to ensure that:
- the integrity of information is maintained so that it is accurate, up-to-date and ‘fit for purpose’;
- information is always available to those who need it and there is no disruption to the business of the University;
- confidentiality is not breached so that information is accessed only by those authorized to do so;
- the University meets its legal and compliance requirements; and
- the reputation of the University is safeguarded.
In the wake of constant and increasing threats, a framework for selecting and implementing countermeasures against them becomes necessary. To that end, the University has established the following IT security policies to provide advice on the technical aspects of information security.
Use and Security of Information Technology Assets (updated: January 2018)
- Information Classification and Handling Policy
- Electronic Mail (E-Mail) Policy
The policies, based on best practices and industry standards, aim to:
- Set guidelines and best practices related to IT resource use;
- Protect the information and IT assets from malicious external and internal threats;
- Protect information, an institutional asset, from unauthorized access, modification, disclosure and destruction;
- Uphold University policies, procedures, guidelines, regulations and legislation a through a proactive security stance in an increasingly digital context.
Your ongoing vigilance along with the implementation of the new IT security policies will allow the University to provide its community a safe and secure digital environment.