Universities are the critical component of human development worldwide, which aims to

provide highly skilled and trained individual to our society. These trained individuals who
develop the capacity and analytical skills that drive local economies. For student
convenience, every university provides an easy access to its vital assets. It is the sole
responsibility of users to not utilize these assets for any illegal activity which may jeopardies
the image of university, authorities and individuals[ CITATION Ben07 \l 1033 ]. These vital
assets should be classified based on their importance with respect to their protection.
University assets can be classified in three different categories which are followed by the
three rules of Cyber-security Confidentiality, Integrity & Availability (CIA):
Tier 1- Public Information
Tier 2- Internal information
Tier 3- Restricted Information

RULES Category Information & Security

Information Security
Availability High Data which is to be used for Providing systems that could
Public Info. (Protected) financial purposes. (Bank keep a track on activities and
transfer info., Course details etc.) monitoring threats and attacks.

Medium The daily data for example A proper dedicated team which
(Sensitive) notices, date deadlines & low can take control on any misuse
value information.[ CITATION or sourcing through it.
Aus82 \l 1033 ]
Low Need to know information (e.g. No specification required
(Official) requirements & basic
informational data, texts)
[ CITATION Aus82 \l 1033 ]
Integrity High Clerical data, official bank Strict Validations, Automated
Internal Integrity accounts, bank statements & system checks. Automated
(Protected) Library plans. integrity checks.
Info.
Medium Daily operational information’s. Data validation, manual
Integrity integrity checks.
(Sensitive)
Low Routine business information. No protection required
Integrity
(Official)
Confidential Highly Student information, Faculty Strong encryption Routines,
ity: Confidential personal info, University data, Key change after a certain
(Protected) Study Materials, Strategies and period. No use of electronic
Restricted
planning’s, Business Strategies’. media (e.g. pen drives, compact
Info. disks). Bio-metrics & safes.

Medium Examination info., Student Locked filing cabinets, Routine

Confidential health records, Academic network checkups, Backhand
(Sensitive) records, Teaching resources, operations for examination
Student Research works, Theses, online operations. Proper keys
Teaching Resources. and pass-codes for student and
faculty Id’s.
Low User Accounts, Budgets, Routine security policy checks.
Confidential Working perspective’s,
(Official) Contract’s, Human resource
Planning’s.

Public Information (Availability): Information’s which can be easily accessed by the new
students or aspiring students, an easy access to that information should be provided, with no
rights to be altered or mishandled[ CITATION Que \l 1033 ].
Internal Information (Integrity): Data that is for the internal use which is mostly utilized,
operated or accessed by students, faculty and clerical departments. These should be provided
with multi-factor authorization[ CITATION Que \l 1033 ].
Restricted information (Confidentiality): The data should be kept with the internal
authorities or with the leading heads of the university[ CITATION Que \l 1033 ]. This
information should have special access like providing them bio-metric access or similar.
After the representation of the assets based on their importance and security, the controls for
these assets should be in the hand of the authorized personnel or AI based to respond to risk
assessment and management. Hence, the correct Identification, assessment, management and
reverts for the risks and threat should be accurate in matters to get a secure network for the
university.

References
(QGISCF), Q. g. (2018, September). Queensland government Information Security
classification Framework (QGISCF). Retrieved from Queensland Government Chief
Information Office: https://www.qgcio.qld.gov.au/documents/information-security-
classification-framework-qgiscf
Australia, G. O. (1982). Government of Australia Office of Australia Information
Commissioner. Retrieved from https://www.oaic.gov.au/freedom-of-
information/rights-and-responsibilities
Team, B. A. (2007, July). Almanac. University of Pennsylvania, 1. Retrieved from
https://almanac.upenn.edu/archive/volumes/v54/n01/benassets.html