Why keep information secure?
Information Security has three core principles, the CIA (not the Central Intelligence Agency!):
This training identifies the policies and processes that we use to ensure the confidentiality, integrity and availability of the University’s information.
For contractual or legal reasons, or due to other obligations, your department may have additional information security policies or guidelines to which you must adhere; it is their responsibility to make you aware of them.
The importance of good information security
Have a think about the information that you deal with whilst at work. For example, the University deals with student and staff personal data, unpublished research and reports, marketing materials such as the prospectus and financial details. What would be the consequence to you or the University if this information was corrupted or misused?
The following examples highlight some real information security incidents (external links open in a new window):
The Information Commissioners Office (ICO) - carries out prosecutions, penalties and undertakings for those in breach of the Data Protection or Freedom of Information Act. See more.
The ICO web site lists recent breaches of the Data Protection Act. These are categorised into differnt sections such as Monetary penalty notices and Undertakings. Take a look at a few and notice the frequency and type of offences.
There are plenty examples of councils and other organisations leaving unencrypted laptops on trains, in their cars, disposing of personal data in a skip, leaving personal data in a pub.... Hide this content.
York University - student data breach on web site. See more.
An example closer to home: York University in March 2011 had an ‘unauthorised breach of student records’. In September 2009 the University of York undertook a Software Development project to update a web template. The test program created was not appropriately secured. On completion, they did not remove the test version. This version was available to unauthorised users. This error was not detected for a considerable period. 148 student records were accessed and personal information such as name, address, gender, emergency contact information, course details (not marks) and more were accessible. More information: >http://www.bbc.co.uk/news/uk-england-york-north-yorkshire-12756951 Hide this content.
Surrey College - leaked student medical details. See more.
Surrey College accidentally emailed the private medical details of more than 300 students to an entire year group. Including details of a student with a brain tumour, anorexia etc. More information at http://www.bbc.co.uk/news/uk-england-surrey-12998421
...think of the effects on the individuals concerned and the organisation... there would be many consequences and knock on effects for Lancaster University and its information if the information is not kept secure. Hide this content.
Consequences of POOR Information Security
Poor information security means there is more chance of a breach in information security occurring. For example, if someone walked into the building and you had left your computer unattended and unlocked, they potentially could do some damage to our systems or gain access to valuable information.
Depending on the type of security breach, there could be a variety of consequences. The following lists some possible consequences of poor information security:
| Identity Theft | If people gain access to your private details – someone could pretend to be you, use your bank details to shop with, take out bank loans/mortgages in your name etc. |
| Stalking and House Robbery | If someone gains access to your timetable, where you live, or know what you look like, they may rob your house when you are not in, stalk you etc. |
| Spam | Once spammers gain access to your account, email addresses for all your contacts could be sold to spammers, spam could be sent from your email, looking like it is being sent from Lancaster. Genuine emails from Lancaster would then soon be blocked by different places as Lancaster University would be marked as senders of spam. Eventually this could lead to University being blacklisted. |
| Breaking the Law | The Data Protection Act would be broken if personal information is not secured appropriately and dealt with accordingly (this is discussed in more detail in the next section). |
| Intellectual Property Loss | Gaining access to your PC or your systems would enable someone to steal or corrupt your research data, by someone who could, for example, pass your research off as their own. |
| Inaccuracy | If data becomes corrupted and not spotted immediately then it can take time and money to fix. |
| Damaged Reputation | There are many articles in the media that tell of institutions that have lost personal data. The cost of the resulting loss of reputation is unknown. Bad press can take many years to recover from. E.g. loss of statue, worldwide effects etc. |
>>> Continue to 'Self Test 1'
