Information Security

Cyber Security Programme

Cyber security “refers to the protection of information systems (hardware, software and associated infrastructure), the data on them, and the services they provide, from unauthorised access, harm or misuse. This includes harm caused intentionally by the operator of the system, or accidentally, as a result of failing to follow security procedures.” [The UK National Cyber Security Strategy 2016-2021,  HM Government, UK.]

Broadly, there are three primary principles that underlie cyber security (also referred to as ‘information security’):

• Confidentiality - ensuring that information is only available to authorised users;

• Integrity - ensuring that information is accurate and fit for purpose;

• Availability - ensuring that information is available when and where it is needed.

The aim of the Cyber Security programme is to put in place a number of measures that enhances the existing capability of the University to protect itself from both deliberate cyber attacks and accidental disruption to its services. 

Cyber Security is a fundamental element of the University’s digital strategy, ‘Ahead of the Digital Curve’, which places a significant focus on the continually enhanced and sophisticated levels of threat that face institutions in the Higher Education environment.   The Cyber Security programme, began in 2020 and expected to be completed by 2025, is the response to these threats.

In keeping with the defence-in-depth strategy, the programme comprises around 20 projects of varying complexity that cover a broad range of matters that enhances existing cyber security capabilities with a focus on people, process and technology.  These include:

  • Cyber security training and awareness for staff and students;
  • Detecting, predicting and countering direct or accidental attacks;
  • Strengthening protection systems for higher risk assets;
  • Strengthening the security of the University’s supply chain;
  • Improving and updating policies and processes to reflect current and emerging threats;
  • Enhancements to business continuity and disaster recovery planning to manage and recover from attacks; and
  • Implementing security audit recommendations.