The Cyber Security Strategy
The University’s cyber strategy focuses on identifying critical information assets that it needs to be able to operate effectively and putting in place layers of protection around these assets.
Information security assets are things like people, their data, the IT devices they use, the programmes that run on these devices, the networks students and staff at University use to communicate with each other and on the internet, as well as the physical and technological infrastructure that underpins all these services.
Having identified its most important assets, the University’s cyber security team continually monitors external and internal threats to its systems and data. Understanding the most likely cyber security risks to the University, a series of measures (called ‘controls’) are then put in place to detect and prevent attacks, as well as to manage and mitigate attacks should they happen.
The University recognise that no one ‘thing’ is going to protect it from constantly evolving cyber threats. It has put in place a combination of different technologies, processes and policies that provides different kinds of controls specific to the assets being protected. It avoids reliance on any single vendor, technology or approach to cyber security. This approach is called ‘defence-in-depth’. A significant benefit is that if one layer of defence is breached in a cyber attack, there are additional layers of protection to prevent the attack progressing and doing further harm.