UPDATE ON INFORMATION SECURITY BASELINE ASSESSMENTS

Background 

In June 2018 the Information Security Team initiated the collegiate University’s second annual information security review, which aims to assess progress in implementing the University’s baseline security requirements that define the minimum set of controls deemed necessary to achieve an acceptable level of security of the University’s information. 

Progress

We issued 145 self-assessment questionnaires, in the form of spreadsheets pre-populated with last year’s responses for ease of completion. We then worked hard to advise those needing help with completing questionnaires and, are pleased to say that the response rate has been very good. 124 questionnaires have been successfully completed and returned for analysis, which represents a great achievement for all involved. We hope to see the remaining 21 returned in the next two weeks so we can finalise our analysis. If you have yet to complete a questionnaire and need help in completing it please do not hesitate to get in touch at baseline@infosec.ox.ac.uk 

Reporting

As with last year, individual reports will be produced for each respondent highlighting progress since last year, a comparison across the university and priority areas for action. To make the reports more meaningful the format of the report has been updated following consultation with a sample of recipients and to reflect feedback received last year. In particular the report will have an improved management overview which will provide visualisations of key metrics as well as a summary of recommendations in plain English, avoiding technical jargon. The main report will contain more specific detail and, for ease of reference, more of the underlying data used in the analysis. Our target is to have the reports out by the start of October 2018.

Feedback

We hope you will find the report and recommendations useful in helping you secure your information. We will of course be available to discuss any aspects of the recommendations with you once you have had a chance to read it. As always feedback on the process and report itself would be welcome.

 
 

an image of clocks piled on top of each other