Authentication, Authorisation and Privacy in HE study
This webpage has been archived. Its content will not be updated.
View web retention policy
TIS (UK) Ltd was commissioned by JISC to undertake a study into the requirements within UK Higher Education (HE) for Authentication, Authorisation and Privacy. This study has been organised in 2 parts. The first part is a consultation exercise with the many user communities within HE to understand the real requirements for these and other security services. The second is to recommend a set of possible solutions that could be deployed within HE to address these requirements, and a number of actions for JISC to advance the adoption of those solutions and thereby to improve the level of security practised within HE networking.
Stage 1 findings
This report presents the findings from the first part of the study, the consultation exercise to understand the nature and scope of the security requirements within HE. Central to the approach taken in this study has been the over-riding need to ensure that any recommendations that might arise from the work are practical, appropriate to the way that UK HE is organised, and provide real benefits which are in proportion to the effort or resources that would be required. Consequently, the approach has been to identify the real business-led requirements for various aspects of security and to present these in a manner that shows how they arise out of an assessment of the key business objectives of HE institutions.
Recommended Security Solutions
The findings from the study have confirmed the need for institutions to adopt a more substantial Information Security posture. Institutions have a prime responsibility to keep proper control over their financial and information assets and the business process that operate on those assets. The widespread use of IT and networking to support those business processes, and the need continuously to improve services and to control costs, all necessitate institutions having an advanced Information Security posture.
Recommended Actions for JISC
The findings from the study have confirmed the need for institutions to adopt a more substantial Information Security posture. Institutions have a prime responsibility to keep proper control over their financial and information assets and the business process that operate on those assets. The widespread use of IT and networking to support those business processes, and the need continuously to improve services and to control costs, all necessitate institutions having an advanced Information Security posture.
The study has identified the security steps that institutions should expect to carry forward if they are to achieve an appropriate Information Security posture. These security steps cover both management and technical solutions. They are mostly for the individual HE institutions to implement, with there being a number of opportunities identified for JISC to act to ease or facilitate the institutions' uptake of these steps.