Page 12 - THE REGENT SCHOOL 1
P. 12

Theme 8:


        Establish  Balance  between  Strong  IT  Security  and  Increased  Access  to

        Information and Services



        Who are the main leads and what do they need to do?
                The Board expects that sensitive data and information technology resources will be safeguarded, that
                confidentiality will be maintained, and that access will be restricted to those individuals who require
                access to carry out their job responsibilities. On the other hand, as discussed in Theme 6, data are not
                readily  accessible  in  a  format  that  enables  them  to  make  critical  decisions.  This  is  becoming
                increasingly difficult in an increasingly risky global technical environment. It is necessary to strike a

                balance between security and accessibility.



        Risks:


            1.  Governance
               Due to the absence of staff IT policy, the IT department lacks formal processes for adhering to IT
               policies when dealing with staff.  Current processes within the organisation are inconsistent, and there
               is no established mechanism for reporting and monitoring compliance.
            2.  Asset and Data Inventory
               The  school  does  not  maintain  an  accurate  inventory  of  its  data  and  assets.  Across  schools,

               documentation is inconsistent and fragmented. Failure to identify, authorise, and assign ownership of
               critical assets jeopardises the organization's ability to secure data and respond efficiently and effectively
               to information security breaches.
            3.  Vulnerability Network  Management
               Our school network is secure and is not currently vulnerable to common attacks. The IT team will
               continue to manage and monitor our network's vulnerability through a formal and accountable
               process.
            4.  User Access Management
               The school lacks consistent and documented user management processes. In addition, the school has
               not formally defined role-based access for some key organizational applications and there is no process

               for reviewing access on a periodic basis. This lack of standardization creates an environment where
               requesting and granting access to resources and data is time-consuming and cumbersome and logical
               access to school IT resources is not terminated in a timely fashion after an individual’s official capacity
               with the school has ended.




        IT STRATEGIC FOCUS FOR 2021-2025                                                                          12
   7   8   9   10   11   12   13   14   15