The objective of cyber and information security is to achieve and maintain a condition where all information and data (physical and digital) are always available to all those who need and are authorised to access it, where it cannot be corrupted or disclosed to unauthorised persons and its origin is authenticated. This involves the preservation of:  

Confidentiality
Ensuring that information is only accessible to authorised persons throughout its entire lifecycle; 

Integrity
Safeguarding the accuracy and completeness of information and processing methods, and ensuring modification by authorised persons only;

Availability
Ensuring that authorised users have access to information and associated assets when required;  

Non-repudiation 
The assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information. Additionally, being able to evidence that an individual has accessed information and whether or not they altered it, ensuring that actions cannot be denied.

It is the policy of the University to ensure that information assets are appropriately protected from all threats, whether internal or external, deliberate or accidental. The policy therefore requires that measures are implemented to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems, disasters and unauthorised access.

This is achieved through implementation of a combination of organisational and technical controls which are supported by guidelines and processes that are designed to detect, deter and delay security attacks and facilitate investigation.