Information Security




Endorsed by the Information Strategy Committee, 27 November 2008

CHEST - The Combined Higher Education Software Team, a body which negotiates with software and hardware vendors on behalf of UK Higher Education.

Custodian - A person appointed by a Head of Department or Division with responsibility and authority to implement the Information Security Policy and supporting policies in respect of a College-wide or departmental system, to ensure that the security measures adopted for systems under his/her control meet the requirements of these policies and to carry out the duties as set out in the associated Codes of Practice. In the case of a large system some duties may be delegated, to named persons whose particular duties are set out in writing, although the Custodian retains overall responsibility for the security of that system.

Data Controller - As defined by the Information Commissioner, a Data Controller is an institution which holds and uses personal data – i.e. UCL.

Data Custodian - The individual unit or person identified by the data owner to be responsible for the collection, creation, modification and deletion of specified personal data element(s).

Data Owner - The UCL member of staff with lead responsibility for permitting and managing the retention and processing of a data holding for which UCL is the Data Controller

Data Protection Officer - A person appointed by the Data Controller (UCL) to manage the registration of the College's use of personal data under the Data Protection Acts 1984 and 1998, to advise the ISC on the appropriateness of the College's Data Protection Policy and associated Codes of Practice, monitor the College's compliance with that policy and to be UCL's point of contact with the Government's Information Commissioner appointed under the 1998 Act.

Data User - A person who uses Personal Data.

Departmental Network Administrator - A person in a Department, Division or Centre responsible for the management of its local area network (LAN).

Encryption - Encryption is the process of transforming information to make it unreadable to anyone who does not posses special knowledge (usually referred to as the `encryption 'key'). The Computer Security Team advise on what constitutes "strong" encryption (and keep this definition under review); they also offer guidance on suitable software.

Forged email addresses (spoofing) - When an e-mail header is changed in such a way as to attempt to mask its actual source.

IANA - The Internet Assigned Numbers Authority, an organization that is responsible for assigning new Internet-wide IP addresses.

JISC - The Joint Information Systems Committee, a body that promotes the innovative application and use of information systems and information technology in further and higher education across the UK .

Local Area Network (LAN) - That combination of networks serving a Department/Division/ Centre, building or campus and including all those components up to, but not including the switch/router and associated components that connect the network to the UCL backbone.

Network - A system of physical computer network apparatus and logical network connections.

Personal Data - Information about a living person which identifies that person, and which may be of a sensitive nature, for instance, their health, ethnicity or marital status. This includes opinions about that person, and the intentions of other people towards them.

Spoofing - See “forged email addresses”.

System - A computer or group of computers which stores and processes information for a discrete purpose to facilitate teaching, research and administrative activities, and which may be accessed by staff, students or third parties authorised to do so.

UCL Backbone - That combination of networks and components that link all the College LANs at all UCL campuses together and provide a gateway to the Internet.

UCL Network - A network that is identifiable with University College London
•  by an Internet network domain identifier allocated to UCL, such as .ucl.ac.uk and/or
•  by use of address space allocated to UCL and/or
•  by connection downstream of the Kathleen Lonsdale Building and Foster Court Metropolitan Area Network routers.

This definition shall also apply where, by agreement of UCL, third-party network service providers provide facilities that are identifiable with the UCL Campus Network, for example ‘virtual local area network' (VLAN) and ‘virtual wide area network' (VWAN) type connections.