Information Security is a domain residing within the Information Communication Systems (ICS) Department in the University of Johannesburg (UJ) managing Information Security programs.
The main objectives of the domain are to ensure the following:
- Confidentiality of information
- Integrity of information
- Availability of information systems in a timely manner
MAIN FUNCTIONS ARE:
- Information Security Policies – Development of the Information Security policies, standards, guidelines and procedures that communicate security requirements and guide the selection and implementation of security control measures within the IT department for the entire University.
- Information Security awareness – Training and conducting awareness programs which are intended to ensure that stakeholders (employees and students) utilizing IT technology are aware of information security threats.
- Compliance Assurance – Ensures that the University complies with and adheres to the IT related laws, rules, codes, standards, guidelines and best practices through implementation and monitoring thereof.
- IT Risk Management & Audit – IT Risk & Audit Management ensures that findings and risks are adequately addressed through risk management, monitoring and assurance processes. These processes assist ICS in determining an acceptable level of risk; taking steps to reduce risk to the acceptable level and maintaining that level of risk.
- IT Continuity – Plans are put in place and managed to ensure that IT systems and services can be recovered and continue should a serious incident occur. This also ensures that IT supports the Business Continuity Planning (BCP), in ensuring that the whole end-to-end university IT processes can continue should a serious incident occur.