Information Security Policy

School of Anthropology and Museum Ethnography & Oxford School of Global and Area Studies

Information Security Golden Rules

1. Classify

When making decisions about storing, sharing or transporting data take into account the sensitivity of the information it contains. Is it Sensitive and should not therefore be publically available? Is it Restricted and should be confined to a particular audience? Or is it Open and can be available to all?

2. Share

Sensitive data should not be removed from the School server unless absolutely necessary, and it should only be shared with authorised people via a secure method when agreed by the data owner. If it must be taken off-site ensure that the device on which it is held is encrypted. You must be aware of the information security policy of any destination and trust that it is secure. Email must not be used to transmit sensitive data.

3. Backup

All data held on the SAME/OSGA file server is backed up daily. All School data should be held here for security and not on the hard disk or storage of any other computing device.

4. Secure

Never divulge your passwords to anyone. Do not leave passwords in public spaces or in easily found locations such as your desk or laptop bag. Don’t open emails that you weren’t expecting and be cautious with attachments or internet links in any email. Ensure that all software – including anti-virus – is up to date.

5. Access

When connecting to any University resource from any device outside of the Oxford network please ensure that you use the University VPN software to secure your connection.

6. Knowledge

You are required to read and understand the School Information Security Policy and other University ICT rules, regulations and policies.