Principles of information security

The purpose of information security is to protect the information resources of the university from unauthorized access or damage. The underlying principles followed to achieve this objective are:

• Information Protection, Back-Up and Recovery - Institutional information resources, including systems, workstations, and data and record classifications, identified by this policy, shall be operated in a manner that reasonably minimizes the threat of internal or external compromises to the security, confidentiality or integrity of university information. Information custodians and users are expected to safeguard such information in compliance with legal obligations and administrative policies and procedures, including confidentiality and non-disclosure agreements.
• Support of Academic Pursuits and Business/Administrative Functions - The information resources of the university, including the network, the hardware, the software, the facilities, the infrastructure, hard-copy documents and any other such resources, must be available to support the teaching, learning, research and administrative roles for which they are created. The requirement to safeguard information resources should balance the need to meet regulatory guidelines, legal requirements, and audit criteria with the support of these critical university functions.
• Information Integrity - Information stewards should employ appropriate authentication and verification measures so that the information, used in the pursuit of teaching, learning, research and administration, can be trusted to be accurate.
• Information Use - The use of Restricted Information for identification, authentication, or any other purpose should be eliminated whenever possible. Historical records containing Restricted Information shall be appropriately maintained and destroyed in accordance with legal and regulatory standards, and the principles set forth in this policy.