ISO27001 is an information security management standard (ISMS), which is based on risk management principles to establish, implement, operate, monitor, review, maintain, and improve an organization’s information security system. Its purpose is to ensure the security and reliability of information services, and to provide users with information security operation standards. In other words, in the field of information security management, information is a valuable asset. Therefore, it is necessary to maintain that the information meets the following three elements in the process of creation, transmission, storage, and use, generally called CIA, and such requirements are also the requirement of the Macao Cybersecurity Law, in which the University must fulfill the relevant regulations.
- Confidentiality To ensure not to disclose to any unauthorized persons
- Integrity To ensure there is no unauthorized tampering of information
- Availability To ensure authorized users can access information and resources properly and reliably
ICTO used to attach great importance to information security. In order to ensure that the University’s information management can meet the international standards and best practices, since the end of last year, ICTO has actively planned to obtain the certification for ISO27001 information security management in stages, and the first stage of certification is about to be carried out.
In addition, information security is everyone’s shared responsibility. Every user may need to send, handle, and access different types of information. ICTO will timely announce and refine the related information security reference materials, guidelines and tips, etc., so as to ensure that users can easily understand the related requirements and important matters of information security.