The Information System Security Policy Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Informative data security means securing qualified data and informative content frameworks from unauthorized access, utilize, exposure, interruption, change, scrutiny, investigation, recording or obliteration The terms informative content security, workstation security and informative content certification are much of the time utilized conversely. These fields are interrelated regularly and offer the normal objectives of securing the honesty and accessibility of qualified data; notwithstanding, there are some subtle contrasts between them. (Kim, 2012)

Qualified data Technology security is actualized by accomplishing a suitable set of controls, incorporating approaches, courses of action, strategies, organizational structures, and programming and equipment capacities. The aforementioned controls need to be secured, enabled, followed, audited and enhanced, where essential, to guarantee that the particular security and business goals of Ras Al Khaimah Women's College (RKWC) are met.


Information Technology assets are a valuable college holding and must be administered in like manner to guarantee their honesty, security and accessibility for legitimate instructive and research purposes. This report is aimed as an abnormal amount security strategy articulation for utilization by all school staff, learners and clients of the school's qualified data innovation assets. The motivation behind this strategy is to guarantee:

The procurement of reliable and uninterrupted IT fixes;

The honesty and validity of information;

A capability to recoup finally and powerfully from disturbance; and

The assurance of every bit of the school's IT holdings incorporating information, programming and equipment.


Within this Policy, Information Technology assets incorporate qualified information stakes (e.g. scrutinize information, databases, documents, teaching materials, hazard evaluation archives, business progression ideas); programming holdings (e.g. provisions and frameworks programming and improvement devices); and physical possessions (e.g. PCs, correspondences gear and media).

The Policy has an association with all clients of the college's Information Technology assets, incorporating those who introduce, improve, administer, regulate or alternately utilize those frameworks and requisitions. This policy applied to entire university including Director, Dean, Department head ,Student , Alumni and outsider using university data,

Information System Security Policy:

Risk assessment:

A danger evaluation is a methodology which figures out what informative content assets exist that need insurance, and to grasp and archive potential dangers from IT security flops that may create misfortune of qualified information privacy, honesty, or accessibility. The motivation behind a danger evaluation is to help administration make suitable procedures and controls for stewardship of informative data possessions. For the reason that commercial concerns, administrative and working conditions will keep up the drive to update, components are requested to distinguish and manage the exceptional dangers connected with adaptation. (Micki Krause, n.d.)With the help of different sections, will direct a twelve-month hazard appraisal or alternately business effect dissection so as to:

Inventory and figure out the nature of grounds qualified information assets

Understand and record the dangers in the occasion of washouts that may create misfortune of privacy, honesty, or accessibility of informative content assets

Identify the level of security fundamental for the security of the assets.

Members of Information technology security system:

The University collects a facilitated methodology to the insurance of informative content assets and safes of ensured qualified information that are under its guardianship by making fitting and sensible managerial, specialized and physical protects that incorporate all sections, people, or alternates that direct, establish, look after, or make utilization of RKWC figuring assets and different stores of qualified information.

Access Control Management:

All clients of the school's Information Technology assets must be authorized to enter the suitable frameworks and their assets. Access is regulated and followed as per college arrangement. The components included in regulating and overseeing access incorporate ID, authorization and confirmation.


All framework clients are allotted an exceptional ID or username to gain entrance to the college's frameworks and requisitions. Usernames are not to be imparted, excluding for designated Group Accounts, authorized by ITSC. Clients are answerable for administering the security of their particular Usernames and all movement happening under the previously mentioned Usernames. Usernames are issued as per endorsed gauges. In unique situations, interim bland records may be endorsed by the Director, Information Technology Services Centre or candidate.


Just those clients who have valid explanations (as resolved by Heads of Departments/ Units) for gaining entrance to the school's frameworks and informative content are conceded access prerogatives suitable to their instructive or business necessities. Access is allowed by method of a machine record, which in addition serves as recognizable proof. Records are issued as per sanction principles.


Validation guarantees a personality. Every Username needs a watchword for validating personality. Norms connect with all frameworks needing verification. Every secret word may as well not be less than 8 elements in length, incorporating a mixture of alphabetic and numeric elements. It ought to be altered in any event each 90 days.

Privileged Access:

Certain framework clients have abnormal amount access rights; preparing them to enter any information archived on the school's Information Technology frameworks. These staff might be nonexclusively termed System Administrators. Staff with elevated amount access rights may as well comply with the Code of Ethics. Framework Administrators considered blameworthy of breaking this Code of Ethics may be subject to disciplinary movement took care of under the school's typical disciplinary techniques.

Remote Access:

Remote access to informative data engineering assets (switches, routers, machines, and whatnot.) and to delicate or classified informative content (government disability numbers, Visa numbers, ledger numbers, and so forth.) are just allowed by way of secure, validated and halfway- supervised access routines. Frameworks that hold delicate scholar, work force and monetary information can be accessible for off- locale remote access with a midway supervised VPN that gives encryption and secure verification. It may as well additionally be comprehended that when entering touchy information remotely, it is precluded to archive cardholder or other delicate information onto neighborhood hard drives, floppy plates, or other outer media (incorporating laptops

Outer machines that are utilized to oversee University assets or access delicate qualified information must be secured. This incorporates fixing (managing frameworks and provisions), controlling upgraded hostile to- virus programming, working a firewall and being arranged as per all important University arrangements and techniques.

Data Security Measures:

University must have data security management in order keep all the backups' files and data list for in case of any theft or hacking. (Clark, 2006) It can be done by proceeding number of backup files. Followings backups are required to protect any loss of data

Server backup


Data retention


Denial of Service Attacks

E-mail Monitoring

Virus Defenses

Security Codes

Biometric security

Computers Failure Controls

Fault-Tolerant system

Disaster Recovery

Networks are mounting and they are acting a excess of applications that affects the information retrieving from all sources. (James, George, & Ramesh, 2009) All major qualified data possessions must be elucidated and have an assigned caretaker who is answerable for the execution and administration of this strategy in connection to those stakes. Here are following securities procedures:


This includes reporting of any illegal or miss use of data or any this incorporates whatever from innocuous investigation, to hacking so as to increase access to informative data. Unauthorized access additionally incorporates adding on access to workstation frameworks for destiny utilizes (e.g. coercion). All unauthorized access tries must be noted and logged. The Audit Trail/System Access Log must be inspected consistently, special case reports produced and assessed by the System Administrator and fitting movement taken. A duplicate of the article of unauthorized access endeavors must be handled and kept for destiny reference