ITServices proposes new electronic information policy
A policy framework for the security of electronic information has recently been proposed by Queen’s ITServices.
This policy applies to all members of the Queen’s University who, in the course of their employment or academic activities, will gather, manage, distribute or use sensitive information, wrote Jim Lesslie, ITServices assessment specialist, on Queen’s Wiki.
“This includes departments, research groups, faculty, staff, students, and volunteers, and extends to external vendors, suppliers, contractors or collaborators engaged in the gathering, management and use of Sensitive Information,” he added.
The purpose of the Queen’s Electronic Information Security Policy is to establish responsibility for preserving the confidentiality, integrity, privacy and availability of electronically maintained University information or data, stored on site or externally.
The framework is composed of several different policies drafted collectively by the Queen’s Security Community of Practice and the former Senate Information Technology Committee, and reviewed by the Enterprise Information Technology Advisory Committee, research ethics boards and stakeholders on campus.
Bo Wandschneider, CIO/AVP, ITServices, said the policy is about building awareness.
“Maybe 10 years ago, if somebody got into your system, they weren’t really looking for anything — they just wanted to get there.
Now, today, they’re looking for something, and they’re going to take something away. That’s what we have to protect,” Wandschneider said.
Wandschneider said there are many threats towards information and technology resources at Queen’s and attempts to take advantage of unsecured connections, but the threats are always changing so the policies have to do the same to manage the risk.
Keith McWhirter, associate director of IT, Office of the CIO and ITServices, wants the report not to be reactionary when control audits are done in the future.
“The policies do speak to the different levels of ownership. You’ve got the end user, policies around those actions,” McWhirter said.
With files from Nick Faris
