Information security management
Information Security is about ensuring that stakeholders have confidence and trust in the University's ability to manage and protect the information it collects and holds - including academic records, curriculum information, student credit card details, research and development output and university financials. Loss of that confidence and trust will have a major impact on the University's operations.
Properly managing and securing information is a complex process that requires input and support from almost everyone with access to any UQ information or information system. Because of the broad involvement of all levels of the organisation, to be effective, the information security management programme must have the real and visible support of Executive Management. The Queensland Government has defined the standard requirements applicable to all governmental and semi-governmental entities for securing organisational information; this is contained in Queensland Government Information Standard 18: Information Security. The University of Queensland is required to comply with the principles contained in IS18 for effective information security management.
The standard defines security based on 10 principles that cover many aspects of security, from traditional physical and document security to information technology controls, and are applicable to all departments in the University. To be effective, implementation of these principles needs to be lead by management, and one of the principles specifically describes the role of management in achieving this. See the links below for more information about IS18.