Cybersecurity Maturity Programme
The University has a good foundation of cybersecurity in place however as the complexity and frequency of cyber attacks continue to increase, how we keep our information secure online is becoming increasingly important.
The Cybersecurity Maturity Programme will see us implement a number of initiatives to develop our cybersecurity and keep our University information safe.
This includes:
- Security by design: ensures that security is built into how we work and deliver services, rather than treated as an afterthought. We are bringing in processes to make sure security requirements are factored into any new IT systems or services, whether developed internally or procured. We’re also extending the services which lets developers see how secure their code is, and introducing website vulnerability scanning to alert us of any security flaws across our websites and other web services.
- Cyber protections: looking at cybertooling and supporting services to allow us to monitor our systems 24/7, 365 days a year. This will help us prevent cyber attacks and malicious activity, as we’ll be ready to deploy countermeasures at the first sign of an issue.
- Information assurance: as part of this we will also be reviewing where we let third parties and suppliers access or host our information as well as helping departments identify their “crown jewels” of data and information in order to protect them.
When?
Improving our cybersecurity is an ongoing piece of work and the three areas identified above will be developed independently.
Why?
We continue to see instances of cyber attacks against the education sector, public sector and wider private organisations. Introducing these measures through the Cybersecurity Maturity Programme will help us keep our staff, student and research information secure.
Benefits
- any new IT services and systems will be developed with security controls from the outset
- increased support and guidance for staff regarding how to manage information, embed the classification scheme and greater knowledge of where and how we store and share University information
- improve our cyber incident response time through enhanced monitoring tooling and services, which will allow us to identify malicious activity as it happens and deploy countermeasures in real time, rather than retrospectively.