The digital assets that the community relies upon must be protected from unauthorized access, use, disclosure, modification, or destruction. The Digital Information Security Policy supports the university's mission, vision, and values, as well as its legal, ethical, and contractual obligations, by establishing accountability for ensuring the confidentiality, integrity, and availability of university digital information and assets.
A summary of this policy can be found below. The full policy is available on the University Secretariat website.
Why do we need a Digital Information Security Policy?
The Digital Information Security Policy outlines how the university will identify, assess, and safeguard risks associated with the use of digital technologies and services that support the university's academic, research, administrative, and community engagement functions. The Policy authorizes the CIO to establish a Cybersecurity Program to provide governance, oversight, and coordination of activities related to the protection of digital assets, and to implement containment measures when assets aren’t appropriately protected.
The Policy defines roles and responsibilities of different participants in the risk management process, including Risk Owners, Risk Assessors, Digital Service Managers, and Digital Custodians. Each participant plays a role in selecting, implementing, and authorizing appropriate safeguards throughout the lifecycle of digital assets within their area of responsibility. The participants are expected to follow the principles, standards, and guidelines set out in the Digital Information Security Policy, as well as the applicable laws and regulations, when using or managing digital technologies and services operated by, or on behalf of, the University.
In summary, the Digital Information Security Policy outlines how we protect our systems and data from unintended and potentially damaging activities.
What is a Digital Asset?
A Digital Asset is defined as data, information, digital technologies, and services that are accessed and used by community members in support of academic, research, administrative and community engagement functions. This includes discrete or aggregated data, digital services, digital identities, digital technologies, and the endpoints community members use that are purchased or provided by the University, or funded in part or in whole, using University funds.