Why keep information secure?
Information Security has three core principles, the CIA (not the Central Intelligence Agency!):
This training identifies the policies and processes that we use to ensure the confidentiality, integrity and availability of the University’s information.
For contractual or legal reasons, or due to other obligations, your department may have additional information security policies or guidelines to which you must adhere; it is their responsibility to make you aware of them.
The importance of good information security
Have a think about the information that you deal with whilst at work. For example, the University deals with student and staff personal data, unpublished research and reports, marketing materials such as the prospectus and financial details. What would be the consequence to you or the University if this information was corrupted or misused?
The following examples highlight some real information security incidents (external links open in a new window):
Consequences of POOR Information Security
Poor information security means there is more chance of a breach in information security occurring. For example, if someone walked into the building and you had left your computer unattended and unlocked, they potentially could do some damage to our systems or gain access to valuable information.
Depending on the type of security breach, there could be a variety of consequences. The following lists some possible consequences of poor information security:
|Identity Theft||If people gain access to your private details – someone could pretend to be you, use your bank details to shop with, take out bank loans/mortgages in your name etc.|
|Stalking and House Robbery||If someone gains access to your timetable, where you live, or know what you look like, they may rob your house when you are not in, stalk you etc.|
|Spam||Once spammers gain access to your account, email addresses for all your contacts could be sold to spammers, spam could be sent from your email, looking like it is being sent from Lancaster. Genuine emails from Lancaster would then soon be blocked by different places as Lancaster University would be marked as senders of spam. Eventually this could lead to University being blacklisted.|
|Breaking the Law||The Data Protection Act would be broken if personal information is not secured appropriately and dealt with accordingly (this is discussed in more detail in the next section).|
|Intellectual Property Loss||Gaining access to your PC or your systems would enable someone to steal or corrupt your research data, by someone who could, for example, pass your research off as their own.|
|Inaccuracy||If data becomes corrupted and not spotted immediately then it can take time and money to fix.|
|Damaged Reputation||There are many articles in the media that tell of institutions that have lost personal data. The cost of the resulting loss of reputation is unknown. Bad press can take many years to recover from. E.g. loss of statue, worldwide effects etc.|