About the Faculty
Information for Students
OPPORTUNITIES FOR STUDENTS
Courses
Research
Academic Units
Related Links
Device and Network Security Policy
Introduction
This policy provides a framework to ensure security requirements of services offered by and data stored, processed and transmitted by devices are identified and managed. It contains significant elements of the ITS Device Security Policy (Draft) but extends some definitions and requirements for the School of Information System and Technology and School of Computer Science and Software Engineering.
Definitions
Device is Hardware and software or firmware that form an information technology apparatus and offers a service or services to users and may store, transmit and process data.
User is a person who uses a service offered by a device
School of Information System & Technology and School of Computer Science & Software Engineering.
Scope
This policy applies to any device owned by, under the control of or connected to the University network that satisfies any of the following criteria:
The device stores, processes or transmits data that has requirements with respect to confidentiality, integrity or accessibility which if breached affects the business of the University or the privacy of a user or users other than the single primary user of the device.
The device offers a service or services
An officer of the Schools responsible for the device decides to apply this policy for reasons other than the criteria above
Purpose
The purposes of this policy are:
Assigning responsibility for the security of devices.
Identification and consideration of security issues relating to the services devices offer and to data stored, processed or transmitted by these devices.
Identification of security requirements of devices and avoidance of conflicting requirements
Planning, implementation and management of measures to meet identified security requirements of devices
Provision of minimum security requirements that must be met or exceeded by the processes derived form this policy for devices.
Identification of Security Issues
Performing regular risk assessments will identify security issues relating to devices that fall within the scope of this policy. Threats posed to services offered by the device, data stored, manipulated or transmitted and to other devices on the network shall be identified.
Meeting Security Requirements
Measures necessary for meeting the identified requirements shall be chosen with consideration given to the implementation and ongoing management and maintenance of these measures.
Base Security Level
The following minimum set of security requirements will be met or exceeded by any device falling within the scope of this policy:
Least access
The device offers only services to meet specific requirements of identified users
The services offered by the device are accessible only to the identified users
Least privilege
Users of the device have access to only the services and data which is required to meet their needs
Administrative access to the device is limited to a small number of identified individual users
Disaster Recovery
Measures should be implemented to recover the services offered and data stored by the device within an acceptable period of time* following a disaster.
Reliability and Integrity
Measures are implemented to ensure the ongoing reliability of services offered and integrity of data stored on the device.
Auditing and Logging
Audit trails and logs of events are kept which assist in recognising and investigating breaches of security requirements of the device.
Physical Security
Measures are implemented to mitigate significant risks to the hardware component of the device.
* acceptable period of time varies from device to device and will be defined in associated procedures and service level agreements
ACADEMIC ADVICE
Find out who to contact for advice about your studies. See Academic Advice contacts of Undergraduate and Postgraduate for the current session
Student Enquiry Centre
Need help?
Contact the Faculty of Informatics, Student Enquiry Centre!
Monday - Friday
8.30am - 5.00pm
T:
E: Informatics Enquiries
Opt In to SMS Service
FEEDBACK
PRIVACY: click here to read about our commitment to privacy.
CONFIDENTIALITY: All feedback is treated in the strictest of confidence.
NOTICE BOARD
SEMINAR AND WORKSHOPS
SCSSE Seminar
Title: Linear Time Complexity Solvers for Lattice Quantum Field Calculations
Speaker: Mr. Dieter Beaven
Day: Thursday 24 May 2012
Location: 3.224
Time: 11:30 - 12:30
Title: Operating Principles of RFID Systems and Attacks Related to the Location
Speaker: Mr Jorge Munilla
Day: Thursday 31 May 2012
Location: 3.224
Time: 11:30 - 12:30
SISAT Seminar
Title: Information Systems Solutions to Wicked Problems
Speaker: A/Prof Helen Hasan
Day: Thursday 24 May 2012
Location: 3.215
Time: 12:30 - 13:30
NEWS AND EVENTS
















