The objectives of AU's policy for information security policies are:
All information security responsibilities shall be defined and allocated. (A.6.1.1)
The senior management team has overall responsibility for information security at Aarhus University.
The Central Information Security Committee has been formed to decide the objectives and frameworks for information security. Permanent committees have been appointed at the faculties and the administration to ensure collaboration between the university's units.
The senior management team has delegated overall responsibility for information security at a unit to the unit manager. The unit manager is thereby responsible for ensuring and complying with the requirements and objectives in the information security policies for the university and the units.
Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorised or unintentional modification or misuse of the organisation's assets (A.6.1.2)
Appropriate contact with relevant authorities shall be maintained. (A.6.1.3)
Appropriate contact with special interest groups or other specialist security forums and professional associations shall be maintained. (A.6.1.4)
Information security shall be addressed in project management, regardless of the type of the project. (A.6.1.5)
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices. (A.6.2.1)
A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites. (A.6.2.2)
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
QUESTION GUIDE
Consider the question guide as a tool to navigate the requirements of the policy: