Preaload Image

 

5.           Cyber Security Policy

Cyberspace is a virtual computer environment that typically involves a large computer network made up of many world-wide computer subnetworks[7]. This space is vulnerable to security threats. Cyber security, also called information technology security, refers to the body of technologies, processes, and practices designed to protect network infrastructure, connected devices, programs, and data from attack, damage, or unauthorized access[8]. In the day- to- day activities of the University, sensitive data and information of staffs and students are transmitted in cyberspace. Supported by appropriate policy statements, cyber security helps protect data and information generated, stored, and shared in and out of the University.  

Purpose 

The purpose of this policy is to provide the University’s community with adequate protection from cyber attacks such as computer viruses and spam (unwanted) emails, and data loss or destruction. This policy ensures copies of critical data are retained and available in case of disaster, software, or hardware failures.  

Scope 

This policy applies to all staff, both academic and administrative, students, and guests of the University. 

Policy Statements

  • The ICT Directorate shall conduct education activities to ensure awareness of cyber security threats and defenses within the University;
  • The ICT Directorate shall establish effective management of cyber security measures based on the National “Critical Mass Cyber Security Requirement Standard”[9], and regularly monitor and assess the cyber security controls to ensure ongoing effectiveness;
  • The ICT Directorate shall immediately report all security incidents and breaches to the Office of the Vice President for Business and Development;
  • The ICT Directorate shall identify and disconnect any equipment or ICT services and resources from the University’s network which pose a severe and unacceptable risk;
  • Use of ICT services and resources must comply with the University’s policies and relevant legislations. Examples of legal regulation include the National Computer Crime and Proclamation No.958/2016 [10].

 

5.1. Anti-Virus and Anti-Spamming Policy  

5.2. User Password Policy  

5.3. Data Backup and Disaster Recovery Policy  

5.4. Computer Laboratory Facility Security Policy