Security Incident and Computer Misuse policy

This policy sets out how IT staff should deal with security and computer misuse incidents.

The numbers in brackets refer to the section in the full policy, which is available as a PDF

Applicability

  • IT staff and faculty, school and departmental IT support staff. (1.2)

Policy Requirements – Preventing, Detecting & Reporting Security Incidents

  • Supporting Policies which minimise the likelihood of security incidents must be fully complied with. (2.1)
  • Logfiles are to be regularly and frequently scrutinised and potential security incidents are to be investigated immediately. (2.2)
  • Network scanning and monitoring will be carried out by ISS, on behalf of the University. (2.2)
  • All security incidents, and suspected security incidents are to be reported as soon as possible. (2.3)
  • A Security Incident Team (SIT) will investigate all major incidents and preserve evidence. (3.1.1)
  • Computer support staff are required to co-operate fully with the SIT during investigations. (3.1.1)
  • Specialist computer forensics services will be brought into the University where investigations conducted by the SIT fail to establish the cause of a major security incident. (3.1.2)
  • Machines visible from the outside world will be blocked by ISS if compromised. (3.2.1)
  • The severity of security incidents will be assessed and they will be categorised as either Minor or Major. (3.2.2)
  • Major security incidents will be investigated by the SIT and Minor security incidents by local computer support staff. (3.2.3)
  • Details of Major security incidents will be made available to the University authorities so that an assessment can be made as to whether the CIMP (Critical Incident Management Plan) should be invoked. (3.3)
  • The ISS Emergency Communications Plan will be invoked for all Major security incidents. (3.3)
  • Post incident reviews will be carried out following all major security incidents. (3.4)

Policy Requirements – Computer Misuse

  • The University will investigate all allegations of computer misuse.
  • All requests from the police and other agencies are to be immediately directed to the University Secretary. (4.2)
  • The decision whether to report computer misuse activities to the police rests with the University Secretary*. (4.4)
  • Data may only be released to the police under the authority of the University Secretary. (4.4)
  • Anyone suspecting that a computer may contain pornographic material involving children under the age of 18 is to immediately contact the IT Security Co-ordinator. (4.5.1)
  • Anyone who receives an email containing embedded paedophilic images or a link to such material is encouraged to report the matter to the IT Security Co-ordinator. (4.5.1)
  • All computer misuse by students will be dealt with under University Computer Systems Disciplinary Regulations. (4.6.1)
  • All cases of actual or suspected computer misuse by students are to be reported to the IT Security Co-ordinator at the first opportunity and immediately when the police are involved. (4.6.1)
  • A student’s network connection will be suspended on the commission of an offence, but released once informed that they have been reported (except for Major or repeat Serious offences. (4.6.3)

* This does not infringe the rights of any individual to report illegal computer misuse activities to the police.