Network Authorities

Network Authorities and Authorisers are responsible for approving connection of devices to the wired University Network within their Network Organisation. Approval must be obtained from a Network Authority or Authoriser before connecting a device to the wired network.

Network Organisations and Network Authorities

Network Organisation is an IT Services term meaning a group of networked devices which are managed by a particular sub-organisation of the University.

A Network Authority is an individual, nominated by a Head of Department, to be the primary point of contact for matters relating to security of devices in a particular Network Organisation; they authorise connection of devices to the wired network and may delegate this task to assistants known as Network Authorisers.

IT Services staff primarily liaise with Network Authorities and Authorisers about departmental computer security matters.

Contents

Controlling connections to the wired network

Primary control over access to the wired network is to be implemented by staff in the Network Authority and Authoriser roles who must decide whether to approve requests for connection of devices on the basis of the connection requirements set out in Network Management Policy (ISP-S12).

Approval must be obtained from a Network Authority or Authoriser before connecting a device to the wired network. The request for connection may only be made by a member of staff.

Security management and liaison with IT Services

Network Authorities and Authorisers are also a point of contact with IT Services in relation to the security of the networked devices within their area of responsibility i.e. their Network Organisation. They have authority and responsibility for handling computer security problems that arise.

Removal of devices from the network

Systems running software, including the operating system, which are clearly not being maintained adequately and which may be presenting a wider risk to security are liable to have their University network connectivity withdrawn.

Where considered necessary Network Authorities may remove a device from the network to help protect operation or security of the wider network. This should be undertaken in collaboration with IT Services and where possible the person with day-to-day responsibility for the device.

Controlling malicious or illegal software usage

Malicious software (malware) is often installed and run inadvertently. Malware often purports to be desirable free software or is packaged to quietly install alongside some other piece of ordinary free software. Resolving the various problems that can ensue create a significant amount of extra work for computer support staff. There are far fewer such problems where ability to install software, i.e. use of administrator privilege, is controlled.

Each department must determine its approach to managing its own personal computers. However; there may be some benefit in having a local departmental or Network Organisation level policy requiring staff to obtain approval, e.g. from the Network Authority, before installing items of non-standard software on University computer equipment. (The approval procedure would include a basic assessment of whether use of the software is necessary, that it seems to be from a reputable source, and confirmation that any software licensing requirements are met.)

University Policy

This communication is based on the Information Security Policy documents:
Network Management Policy (ISP-S12)
Use of Computers Policy (ISP-S9)
Software Management Policy (ISP-S13)

Share this page:

Request Information

To make a Data Subject Access Request, or a Freedom of Information Request, please contact IAS directly.