Information security

Information Security (InfoSec) has probably one of the widest scopes in any organisation. It touches every department, every employee and nearly every technology, process and procedure. There are technical, business and legal risks to consider. InfoSec is about letting the right people in, and selecting the correct controls to ensure our infrastructure and its data remain safe and sound. Everything comes under 3 main headings; Confidentiality, Integrity, Availability.

Everything that the InfoSec function enforces is in the Trust Information Security Policy. It is the top level policy that the Trust Board has signed off. It contains security best practice, and is there to mitigate legal risks also. Everyone has the responsibility to read and adhere to it.

Just some of the services that are provided through Information Security in both technical and non-technical functions include:

• Risk Assessments: New technology, 3rd party connections, rights management, movement of data etc.
• Forensic Investigations: Evidence gathering to support internal and external (such as the HPC) tribunals or investigations.
• Anti-Virus: Ensure that Anti-Virus is deployed throughout the enterprise and that computers are kept up to date.
• Internet Content Filtering: Protects staff from technical and legal risks whilst also ensuring that the internet is used as a business tool.