JISC

New guidelines on information security and safety were today issued to all colleges and universities in the UK. The guidelines, issued by JISC (Joint Information Systems Committee) and UCISA (Universities and Colleges Information Systems Association), are aimed at helping educational institutions reap the benefits of Information and Communications Technology (ICT) while protecting themselves, their staff and students from online threats. 

Increased use of any communications technology can increase exposure to threats, including security breaches, lack of compliance with legal requirements, online bullying, vandalism and fraud. While all types of communication – both in education and in everyday life - can be misused, the ease and immediacy of electronic communications mean that some forms of misuse can have a significant, even catastrophic, impact.  These risks can be greatly reduced by taking appropriate precautions. 

Calling for each college and university to adopt an institution-wide approach to protecting the integrity of information systems and the safety of their users, JISC and UCISA jointly issued a ‘security toolkit’ to help institutions and individuals assess the extent of the risks they face and to help ensure these are minimised. 

With data protection, human rights and freedom of information legislation in place to protect individuals and the confidentiality of the information held about them, legal compliance is a vital issue for all colleges and universities. As important, however, say the new guidelines, are the questions of reliability and trustworthiness of information systems, and the confidence that people have in them. “Information systems involve information, systems and people,” say the guidelines, “and all these need to work together to create a trustworthy system.” 

Contributor to the guidelines, Andrew Cormack, Chief Security Adviser at UKERNA (United Kingdom Education and Research Networking Association), said that colleges and universities needed support to help protect themselves, their staff and students: “Using ICT safely is mostly about understanding, preparedness and common sense but every individual needs to do their bit and not put themselves and others at risk by carelessness.” 

Mike Roch, Chair of UCISA, said: “From the earliest days of computing, university IT centres have deployed secure systems. However, in these risk-conscious times, when information systems are dispersed and their management devolved, it is vital that institutions adopt formal policies that uphold nationally recognised standards for information security. Adherence to standards makes institution-wide information security possible and its audit more straightforward. The components laid out in the Information Security Toolkit provide a valuable resource that institutions can use to assemble policies which meet the BS 7799 standard.” 

Brian Turtle, Chair of JISC’s Committee for Networking, said: “Digital information is exposed to different risks than paper-based. Unless they are managed, these risks - human, technical and legal - will grow as digital information is more widely used. Unsafe use of information can already damage the organisation's operation and its reputation, resulting in information chaos. It is therefore both timely and appropriate for JISC, its networking committee and UCISA to fund this work to develop an Information Safety Toolkit.” 

Copies of the Information Security Toolkit, along with a Senior Management Briefing Paper on Information Safety, has been sent to each college and university. These publications are supported by a national programme of training. 

To access the publications, please go to: http://www.ucisa.ac.uk/ist or  http://www.jisc.ac.uk/misuse.html 

Publication of these materials follows the launch of the Government’s “Get Safe Online” campaign in October. For further details of this please go to: http://www.getsafeonline.org

For further information, please contact:

Philip Pothen (JISC)

Peter Tinson (UCISA Executive Secretary) on 01865 283425 or execsec@ucisa.ac.uk.