Information security toolkit


About this toolkit

Type
Toolkit
Subject areas
Information security, information management
Technology Platform
PDF or web-based
Conditions of use
Copyright conditions apply
Access
Free to download from website (hardcopy available for purchase)
Date of original release
May 2005
Date of last known update
2007 (3rd edition)
Current status
Active
mm-is.png

 

Summary of stated purpose

 

The UCISA Information Security Toolkit is intended to support UK Higher and Further Education institutions in producing Information Security policies to address (and to demonstrate that they are addressing) threats to the confidentiality, integrity and availability of information systems for which they are responsible, and to help meet audit requirements.

 

It has been constructed as an aid to organisations wishing to put in place a basic information security policy framework. It can be used to develop organisational policies which can then be implemented over a period of time.

 

Output types

 

Qualitative

It focuses on functions that have information security implications and provides guidance on how to develop policies around these grouped by organisational policies (e.g. information security, business continuity, compliance); policies about the use of information and information systems (e.g. information handling, user management) and optional policies (e.g. mobile computing).

 

Supporting evidence

 

The sections draw heavily on British Standard BS 7799, not least by adopting its structure for control objectives and controls. A survey of institutions in May 2011 identified information security policies in use or development in 18 HEIs http://www.ucisa.ac.uk/en/members/activities/ist/samples.aspx

 

URL http://www.ucisa.ac.uk/publications/toolkit/ist_sections.aspx

 

CONTACT Email UCISA