Zie Diensten-ABC

Information security and privacy

Deze pagina is alleen beschikbaar in het Engels

The aim of the information security policy at the UT is to guarantee the continuity of business operations and to minimize any damage caused, through preventing security incidents and minimizing any consequences.

 PRINCIPLES

Information security is a line responsibility: this means that line managers (departmental heads) bear primary responsibility for good information security in their department/unit. This includes the choice of measures and their implementation and enforcement.

Information security is everyone's responsibility. Explain to employees, students, lecturers, and third parties that they are expected to actively contribute to the security of automated systems and the information stored there. This can be done in the appointment letter, during performance reviews, through an institution-wide code of conduct, periodic awareness-raising campaigns, etc. The imposition of sanctions after infringements ensures the credibility of the system.

POLICY

The information security policy forms the basis for the approach to information security within the institution. The information security policy defines the framework conditions and principles and the way in which the policy is translated into concrete measures. To ensure that the policy is supported within the organization and that the organization acts accordingly, it is promoted by (or on behalf of) the Executive Board. The information security policy is drawn up by University Information Management and determined by the Executive Board.

ROLES

The Information Security Officer is a role on a strategic (and tactical) level within University Information Management. Together with LISA, UIM provides advice to the Executive Board. The Security Officer monitors uniformity within the institution. The Security Manager is an officer at LISA and plays a role in translating the strategy into tactical (and operational) plans. For the sake of uniformity, the officer does this together with the Information Security Officer, the system owners, and the faculty information managers.

For more practical information about IT security, visit the Cyber safety website.

DOCUMENTs

Information security policy
Information security is a policy responsibility of the Executive Board of the University of Twente. Operational management, but also education and research are increasingly dependent on information and computer systems, which may be subject to vulne
Privacy policy
The privacy policy regulates the protection of processing in which personal data is recorded. Within the framework of current legislation and regulations, responsibilities and roles are being defined which are necessary to protect the privacy of ever
Classification guideline
We work with information and computerized information systems that must be protected. Protection is provided at the level appropriate to the risks posed for the information in question. The higher the risk, the better the information must be protecte
Password policy
The password policy describes the criteria the password must meet and how these were arrived at.
Code of integrity for IT STAFF
Due to their far-reaching rights, IT staff can collect privacy-sensitive data. This document includes the ethical values and code of conduct to which they are held, in order to prevent abuse.
Policy identity management University of Twente
As holder, LISA is responsible for the Identity Management (IDM) system. The IDM system ensures the authentication of users for the information systems.
Autorisation policy University of Twente
As holder, LISA is responsible for the Identity Management (IDM) system. The IDM system ensures the authentication of users for the information systems.