SlideShare a Scribd company logo

Comprehensive plans are in place to improve our institutional cyber security

J
JasonTrinhNguyenTruo

Comprehensive plans are in place to improve our institutional cyber security

Software
1 of 4
Download to read offline
• Training is planned to up-skill all staff, students and visitors to optimise our front-line defences against cyber-attacks. • Senior managers understand the threat landscape and risk management is in place at central and departmental levels. • ISD staff and faculty IT colleagues routinely monitor cyber security events in order to inform best practice. • Processes are reviewed by routine and incorporate lessons learnt from internal and external incidents. • Customers Services feedback is in place to identify where support processes could be improved. • Training and online materials are routinely reviewed to ensure they are kept up-to-date and relevant. • Ad hoc specialist campaigns are used to promote awareness when new security threats emerge. • Cyber security messages are consistent across all departments and media. • All staff, students and visitors understand they are responsible for cyber security. • Specialised role-related training is in place and supports career progression where sensible. • Training requirements are embedded into the induction processes for all staff and students. • Different types of simulation tests have been evaluated and useful ones have been adopted. • Escalation processes for major cyber security incidents are streamlined and effective. • General cyber security training has been provided to all staff and students which is available 24/7. • Online guidance and trained support services have been provided and are available 24/7. • Clear processes are in place for reporting security incidents as quickly as possible. • IT staff categorise and handle cyber security events efficiently and effectively. • Roles and responsibilities are defined and understood at all levels in the organisation. CYBER SECURITY 1 2 3 Y o u ’ l l k n o w i t ’ s Y o u ’ l l k n o w Y o u ’ll know how You’ll know it’s You’ll know You’ll know how You’ll know i t ’ s Y o u ’ l l k n o w Y o u ’ l l k n o w h o w t a k e n c a r e o f w h a t t o d o t o get help taken care of what to do to get help taken care o f w h a t t o d o t o g e t h e l p opportunities optimised b u s i n e s s a s u s u a l Y e a r 1 – a l l s t a f f a n d s t u d e n t s t r ained Year 2 – security dependent income Y e a r 3 – e m b e d d e d i n t o • Cyber security accreditation is in place, enabling Strathclyde to optimise security dependent income opportunities. • Anti-virus and OS updates are delivered automatically. • Secure identification and management processes are in place for bring-your-own-devices (BYOD). • Data is accessible from any location once a device has been authenticated. • Desktop maintenance and software installation is automated. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security • Role-based authentication means users can access their desktop profile whenever, wherever, and from whatever device they are using. • Multi-factor authentication is used for important secure actions, like changing your password. • Cyber security standards are built into all new infrastructure and software development. 3 C y b e r H y g i e n e Cyber Resilience Cy b e r b y D e s i g n
Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security 1 • Senior managers understand the threat landscape and risk management is in place at central and departmental levels. • All IT staff understand the threat landscape and routinely contribute to risk assessments and management. • Comprehensive plans are in place to up-skill all staff, students and visitors to optimise our front-line defences against cyber-attacks. • ISD staff work with faculty IT colleagues to routinely monitor cyber security events, both internally and externally, in order to inform best practice. • Comprehensive plans are in place to improve our institutional cyber security. • General cyber security training has been provided to all staff and students which is available 24/7. • Online guidance and trained support services have been provided and are available 24/7. • Lightweight awareness and training has been provided for visitors and 3rd parties. • ISD Cyber Security Team disseminate ad hoc messages relating to end-user cyber security practice. • Clear processes are in place for reporting security incidents (and/or events?) as quickly as possible. • IT staff categorise and handle cyber security events efficiently and effectively. • Escalation processes for major cyber security incidents are in place and documented. • Roles and responsibilities are defined and understood at all levels in the organisation. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p Cyber Hygiene Year 1 – all staff and students trained
Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security 2 • Cyber security accreditation is in place, enabling Strathclyde to optimise security dependent income opportunities. • Secure identification and management processes are in place for bring-your-own-devices (BYOD). • Data is accessible from any location once a device has been authenticated. • Anti-virus and OS updates are delivered automatically. • Apps are installed automatically from a single catalogue. • Management information drawn from the app catalogue is used to define role-based standard build profiles and optimise software license costs. • Robust processes are in place to support changes in role ensuring that end-users can access data when, where and for the duration they need to as quickly as possible. • Processes for desktop management have been reviewed and consolidated to achieve standardisation where sensible. • All staff, students and visitors understand they are responsible for cyber security. • Specialised role-related training is in place and supports career progression where sensible. • Training requirements are understood and driven by policy. • Training requirements are embedded into the induction processes for all staff and students. • Training materials and online guidance have been optimised to reflect feedback from Year 1. • Different types of simulation tests have been evaluated anduseful ones have been adopted. • Escalation proces ses for major cyber security incidents are efficient and effective. • Processes are in place for raising awareness of lessons to be learnt from breaches reported in the news. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p Cyber Resilience Year 2 – security dependent income opportunities optimised
Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security • Training and online materials are routinely reviewed to ensure they are kept up-to-date and relevant. • A network of departmental contacts liaises with ISD Cyber Security Team to escalate concerns, manage training and disseminate key information updates about cyber security practice. • Ad hoc specialist campaigns are used to promoteawareness when new security threats emerge. • Refresher training requirements are understood and driven by policy. • Cyber security messages are consistent across all departments and media. • Processes are reviewed by routine and incorporate lessons learnt from internal and external incidents. • Customers Services feedback is in place to identify where support processes could be improved. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p 3 • Desktop maintenance and software installation is automated so admin rights have been restricted to user accounts with specialist requirements (VIP). • Devices are a portal to access and work with data – not the place where data is stored. • Role-based standard build profiles that automatically deliver user-related software and services are in place. • Role-based authentication is in place so that end-users can access their standard build profile whenever, wherever, and from whatever device they log into. • Multi-factor authentication is in place for important secure actions, like changing your password. • Agreed cyber security standards are built into all new infrastructure and software development. • The threat landscape is routinely reviewed and the risk management of emerging issues is built into the University planning round. Cyber by Design Year 3 – embedded into business as usual

Recommended

NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nistNaveen Koyi
 
CompTIA CySA+ certification (CS0-003) changes: Everything you need to know
CompTIA CySA+ certification (CS0-003) changes: Everything you need to knowCompTIA CySA+ certification (CS0-003) changes: Everything you need to know
CompTIA CySA+ certification (CS0-003) changes: Everything you need to knowInfosec
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 

Recommended

NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nistNaveen Koyi
 
CompTIA CySA+ certification (CS0-003) changes: Everything you need to know
CompTIA CySA+ certification (CS0-003) changes: Everything you need to knowCompTIA CySA+ certification (CS0-003) changes: Everything you need to know
CompTIA CySA+ certification (CS0-003) changes: Everything you need to knowInfosec
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLCChitpong Wuttanan
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & ComplianceAmazon Web Services
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmcanpaksolutions04
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 

More Related Content

What's hot

CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 

What's hot (20)

CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
information security management
information security managementinformation security management
information security management
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLC
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness Briefing
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 

Similar to Comprehensive plans are in place to improve our institutional cyber security

Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmcanpaksolutions04
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxShreeveni
 
Why implement a robust cyber security policy?
Why implement a robust cyber security policy?Why implement a robust cyber security policy?
Why implement a robust cyber security policy?Jisc
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by FirstMutualHoldings
 
How does cyber security work.pdf
How does cyber security work.pdfHow does cyber security work.pdf
How does cyber security work.pdfBytecode Security
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
How to make employees aware and responsible towards security of the Company's...
How to make employees aware and responsible towards security of the Company's...How to make employees aware and responsible towards security of the Company's...
How to make employees aware and responsible towards security of the Company's...CommLab India – Rapid eLearning Solutions
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...AmeliaJonas2
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingSwati Gupta
 

Similar to Comprehensive plans are in place to improve our institutional cyber security (20)

Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmm
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
 
Why implement a robust cyber security policy?
Why implement a robust cyber security policy?Why implement a robust cyber security policy?
Why implement a robust cyber security policy?
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by
 
How does cyber security work.pdf
How does cyber security work.pdfHow does cyber security work.pdf
How does cyber security work.pdf
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
How to make employees aware and responsible towards security of the Company's...
How to make employees aware and responsible towards security of the Company's...How to make employees aware and responsible towards security of the Company's...
How to make employees aware and responsible towards security of the Company's...
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)
 

Recently uploaded

Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 

Recently uploaded (20)

Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 

Comprehensive plans are in place to improve our institutional cyber security

  • 1. • Training is planned to up-skill all staff, students and visitors to optimise our front-line defences against cyber-attacks. • Senior managers understand the threat landscape and risk management is in place at central and departmental levels. • ISD staff and faculty IT colleagues routinely monitor cyber security events in order to inform best practice. • Processes are reviewed by routine and incorporate lessons learnt from internal and external incidents. • Customers Services feedback is in place to identify where support processes could be improved. • Training and online materials are routinely reviewed to ensure they are kept up-to-date and relevant. • Ad hoc specialist campaigns are used to promote awareness when new security threats emerge. • Cyber security messages are consistent across all departments and media. • All staff, students and visitors understand they are responsible for cyber security. • Specialised role-related training is in place and supports career progression where sensible. • Training requirements are embedded into the induction processes for all staff and students. • Different types of simulation tests have been evaluated and useful ones have been adopted. • Escalation processes for major cyber security incidents are streamlined and effective. • General cyber security training has been provided to all staff and students which is available 24/7. • Online guidance and trained support services have been provided and are available 24/7. • Clear processes are in place for reporting security incidents as quickly as possible. • IT staff categorise and handle cyber security events efficiently and effectively. • Roles and responsibilities are defined and understood at all levels in the organisation. CYBER SECURITY 1 2 3 Y o u ’ l l k n o w i t ’ s Y o u ’ l l k n o w Y o u ’ll know how You’ll know it’s You’ll know You’ll know how You’ll know i t ’ s Y o u ’ l l k n o w Y o u ’ l l k n o w h o w t a k e n c a r e o f w h a t t o d o t o get help taken care of what to do to get help taken care o f w h a t t o d o t o g e t h e l p opportunities optimised b u s i n e s s a s u s u a l Y e a r 1 – a l l s t a f f a n d s t u d e n t s t r ained Year 2 – security dependent income Y e a r 3 – e m b e d d e d i n t o • Cyber security accreditation is in place, enabling Strathclyde to optimise security dependent income opportunities. • Anti-virus and OS updates are delivered automatically. • Secure identification and management processes are in place for bring-your-own-devices (BYOD). • Data is accessible from any location once a device has been authenticated. • Desktop maintenance and software installation is automated. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security • Role-based authentication means users can access their desktop profile whenever, wherever, and from whatever device they are using. • Multi-factor authentication is used for important secure actions, like changing your password. • Cyber security standards are built into all new infrastructure and software development. 3 C y b e r H y g i e n e Cyber Resilience Cy b e r b y D e s i g n
  • 2. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security 1 • Senior managers understand the threat landscape and risk management is in place at central and departmental levels. • All IT staff understand the threat landscape and routinely contribute to risk assessments and management. • Comprehensive plans are in place to up-skill all staff, students and visitors to optimise our front-line defences against cyber-attacks. • ISD staff work with faculty IT colleagues to routinely monitor cyber security events, both internally and externally, in order to inform best practice. • Comprehensive plans are in place to improve our institutional cyber security. • General cyber security training has been provided to all staff and students which is available 24/7. • Online guidance and trained support services have been provided and are available 24/7. • Lightweight awareness and training has been provided for visitors and 3rd parties. • ISD Cyber Security Team disseminate ad hoc messages relating to end-user cyber security practice. • Clear processes are in place for reporting security incidents (and/or events?) as quickly as possible. • IT staff categorise and handle cyber security events efficiently and effectively. • Escalation processes for major cyber security incidents are in place and documented. • Roles and responsibilities are defined and understood at all levels in the organisation. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p Cyber Hygiene Year 1 – all staff and students trained
  • 3. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security 2 • Cyber security accreditation is in place, enabling Strathclyde to optimise security dependent income opportunities. • Secure identification and management processes are in place for bring-your-own-devices (BYOD). • Data is accessible from any location once a device has been authenticated. • Anti-virus and OS updates are delivered automatically. • Apps are installed automatically from a single catalogue. • Management information drawn from the app catalogue is used to define role-based standard build profiles and optimise software license costs. • Robust processes are in place to support changes in role ensuring that end-users can access data when, where and for the duration they need to as quickly as possible. • Processes for desktop management have been reviewed and consolidated to achieve standardisation where sensible. • All staff, students and visitors understand they are responsible for cyber security. • Specialised role-related training is in place and supports career progression where sensible. • Training requirements are understood and driven by policy. • Training requirements are embedded into the induction processes for all staff and students. • Training materials and online guidance have been optimised to reflect feedback from Year 1. • Different types of simulation tests have been evaluated anduseful ones have been adopted. • Escalation proces ses for major cyber security incidents are efficient and effective. • Processes are in place for raising awareness of lessons to be learnt from breaches reported in the news. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p Cyber Resilience Year 2 – security dependent income opportunities optimised
  • 4. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security • Training and online materials are routinely reviewed to ensure they are kept up-to-date and relevant. • A network of departmental contacts liaises with ISD Cyber Security Team to escalate concerns, manage training and disseminate key information updates about cyber security practice. • Ad hoc specialist campaigns are used to promoteawareness when new security threats emerge. • Refresher training requirements are understood and driven by policy. • Cyber security messages are consistent across all departments and media. • Processes are reviewed by routine and incorporate lessons learnt from internal and external incidents. • Customers Services feedback is in place to identify where support processes could be improved. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p 3 • Desktop maintenance and software installation is automated so admin rights have been restricted to user accounts with specialist requirements (VIP). • Devices are a portal to access and work with data – not the place where data is stored. • Role-based standard build profiles that automatically deliver user-related software and services are in place. • Role-based authentication is in place so that end-users can access their standard build profile whenever, wherever, and from whatever device they log into. • Multi-factor authentication is in place for important secure actions, like changing your password. • Agreed cyber security standards are built into all new infrastructure and software development. • The threat landscape is routinely reviewed and the risk management of emerging issues is built into the University planning round. Cyber by Design Year 3 – embedded into business as usual