Check .lt domain
Information security policy
The information security policy is made for the information managed by the assigned department of Kaunas University of Technology – the Internet Service Centre.
The information security policy is focused on the insurance of accessibility, authenticity, integrity and confidentiality of information according to the requirements of the applicable legislation and standard ISO/IEC 27001:2013 “Information technology – Security techniques – Information security management systems – Requirements” in the context of the activities of the Internet Service Centre.
The implementation of the information security policy is based on the risk assessment in terms of threats and vulnerabilities that could impact the security of information managed by the Internet Service Centre and the improvement of the information security management system for the reduction of the identified risks to the acceptable level.
The goals of the information security policy:
• Priority is given to the protection of confidential information and personal data against unauthorised disclosure or use.
• Information has to be timely accessible to the persons authorised to process it and used as authorised.
• Information has to be relevant and sufficient to identify its source, the person who has created and/or processed it.
• Information cannot be illegally changed, destroyed or lost.
• Information cannot be intentionally or accidentally revealed to the persons who are not authorised to access it.
• The internal users have to be periodically trained and instructed on the issues of information security.
The information security policy is implemented simultaneously with the cyber security and the business continuity policies according to the principles of complexity, procedural approach, separation of functions, informal enforcement, resistance to social engineering methods, avoidance of security fatigue, need-to-know, proportionality, balance and efficiency.
*The mark of certification and the certificate are published with permission of the certification institution.