Updating of security procedures policy
Risk assessments must include at a minimum:2.1 Identification of risk factors: Evaluation of risk by considering the potential threats to the information and the IT Resources, including:2.1.1 Loss of the information or systems due to accident or malicious intent.2.1.2 Loss of availability such as the system being unavailable for a period of time.2.1.3 Unknown changes to the information or system so the information is no longer reliable.2.2 Identification of threat: Evaluation of impact and likelihood of potential threat, including:2.2.1 Cost if each threat were to actually occur.
This website is the official repository for all current University of Lethbridge policies and procedures.
A company's security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company's assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made.
Should security teams clean up the malware and move on or format the hard drives to start over with a clean system?
This new policy aims to better identify resources and supports available to the University community, promote an “only with consent” campus culture, and demonstrate the Uof L’s commitment to addressing the issue of sexual violence on campus.
In business, a security policy is a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets.
A security policy is often considered to be a "living document", meaning that the document is never finished, but is continuously updated as technology and employee requirements change.
Agencies must achieve compliance with the overall information security goals of the Commonwealth including compliance with laws, regulations, policies and standards to which their technology resources and data, including but not limited to personal information, are subject.
Other Commonwealth entities are encouraged to adopt security requirements in accordance with the Enterprise Information Security Policy at a minimum or a more stringent agency specific policy in compliance with agency and business related directives, laws, and regulations.