Why Keep Information Secure?
Information Security has three core principles, the CIA (not the Central Intelligence Agency!):
This training identifies the policies and processes that we use to ensure the confidentiality, integrity and availability of the University’s information.
For contractual or legal reasons, or due to other obligations, your department may have additional information security policies or guidelines to which you must adhere; it is their responsibility to make you aware of them.
The Importance of Good Information Security
Have a think about the information that you deal with during your working day. For example, the University deals with the personal data of both students and staff, unpublished research and reports, marketing materials such as the prospectus and financial information. What would be the consequence to you or the University if this information was corrupted or misused?
The following examples highlight some real information security incidents (external links open in a new window):
The Consequences of Poor Information Security
Poor information security results in a higher chance of a breach in information security occurring. For example, if someone walked into your workspace and you had left your computer unattended and unlocked, they could potentially do damage to our systems or gain access to valuable information.
Depending on the type of security breach, there are a number of different consequences. The following table lists some of the possible consequences of poor information security:
|Identity Theft||If people gain access to your private details – someone could impersonate you and then use your bank details to shop with, or take out bank loans/mortgages in your name etc.|
|Stalking and House Robbery||If someone gains access to your timetable, where you live, or know what you look like, they may use this information to commit crimes against you.|
|Spam||If spammers gain access to your account, email addresses for all your contacts could be sold on to other spammers, and/or spam could be sent from your email, under the guise of being sent from Lancaster. Genuine emails from Lancaster would then soon be blocked by different organisations as Lancaster University would be marked as senders of spam. Eventually this could lead to University being blacklisted.|
|Breaking the Law||Personal information must be secured appropriately and handled in accordance with The Data Protection Act. This is discussed in more detail in the next section.|
|Intellectual Property Loss||If someone gained access to your PC or your system this could enable them to steal or corrupt your research data, and potentially pass your research off as their own.|
|Inaccuracy||If data becomes corrupted and not spotted immediately then it can take time and money to fix.|
|Damaged Reputation||There are many articles in the media that tell of institutions that have lost personal data. The cost of the resulting loss of reputation is unknown. Bad press can take many years to recover from. E.g. loss of statute, worldwide effects etc.|