O4.2.3

=Access to all course digital information is authenticated and authorised.=

Evidence
In a comprehensive review of the security of technology systems Kvavik and Voloudakis (2003) discuss the complex issues involved in ‘preserving confidentiality; protecting information from unauthorized use or disclosure; assuring information’s integrity, including accuracy and completeness of the data, through protecting from unauthorized unanticipated, and unintentional modification; and, making data available to authorized users on a timely basis’ (p. 9). Their key findings identify two dimensions: security technologies and a security culture, which both involve institutional values and rules. Kvavik and Voloudakis elaborate on an institution’s position as originating in the following matters: ‘Perceptions about the risks…internal, external or both; the institution’s propensity to take on or accept risks; the resources an institution has to deploy, both financial and human; and, the institution’s priorities and culture reflecting where it feels it can effectively make changes’ (p. 10). They emphasise that without attending to the human aspects of security, technological solutions are ineffective. In concluding they consider that although loss-of-service damage and identity theft pose serious threats, the unintended mistakes of authorised users are often the most hazardous (p. 17).

Resources
Stoll (2008) discusses how to ensure information security and the importance of establishing objectives and strategies surrounding information security and e-learning. The ISO/IEC 27001 standard directly addresses information security management.