Something that JISC has been developing – this being presented by Christine Cooper from LSE.
Apparently BS7799 is the key standard in the area of Information Security. There are questions about how appropriate it is to the HE sector. When JISC first looked at this, they felt that the content of the standard was good, but that it may not be worth going for formal certification.
The toolkit https://www.ucisa.ac.uk/acuk/infosecurity is a translation of BS7799 for HE with best practice for the sector.
The toolkit is a structure/framework containing generic information security elements and specimen policies, which you can incorporate into local policies. It can be used as a template which you simply adapt for local use, or as a guide which you use to create your own policy.
Obviously creating the policy is only one part of this – you have to actually apply the policy for it it to be worthwhile!
Now just going over the detail of using the toolkit – all looks pretty straightforward – fit the procedures or policies that you already have into the framework outlined in the toolkit and also identify gaps, and start looking at how you fill these.
Need to remember – Information Security doesn’t just mean Information Technology – but all Information in the organisation. Also remember that not all Information Technology is provided by a central service – there will be local things happening in departments etc. Needs to be a pervasive attitude in the organisation.