SlideShare a Scribd company logo

Comprehensive plans are in place to improve our institutional cyber security

J
JasonTrinhNguyenTruo

Comprehensive plans are in place to improve the institution's cyber security through various measures: 1) Up-skilling all staff, students and visitors on cyber defenses and providing 24/7 online training and support. 2) Senior managers and IT staff routinely monitor internal and external cyber security events to inform best practices and risk management is conducted at central and departmental levels. 3) Clear processes define roles and responsibilities for securely handling incidents, with escalation pathways for major events, and feedback is gathered to improve support processes.

Software
1 of 4
Download to read offline
• Training is planned to up-skill all staff, students and visitors to optimise our front-line defences against cyber-attacks. • Senior managers understand the threat landscape and risk management is in place at central and departmental levels. • ISD staff and faculty IT colleagues routinely monitor cyber security events in order to inform best practice. • Processes are reviewed by routine and incorporate lessons learnt from internal and external incidents. • Customers Services feedback is in place to identify where support processes could be improved. • Training and online materials are routinely reviewed to ensure they are kept up-to-date and relevant. • Ad hoc specialist campaigns are used to promote awareness when new security threats emerge. • Cyber security messages are consistent across all departments and media. • All staff, students and visitors understand they are responsible for cyber security. • Specialised role-related training is in place and supports career progression where sensible. • Training requirements are embedded into the induction processes for all staff and students. • Different types of simulation tests have been evaluated and useful ones have been adopted. • Escalation processes for major cyber security incidents are streamlined and effective. • General cyber security training has been provided to all staff and students which is available 24/7. • Online guidance and trained support services have been provided and are available 24/7. • Clear processes are in place for reporting security incidents as quickly as possible. • IT staff categorise and handle cyber security events efficiently and effectively. • Roles and responsibilities are defined and understood at all levels in the organisation. CYBER SECURITY 1 2 3 Y o u ’ l l k n o w i t ’ s Y o u ’ l l k n o w Y o u ’ll know how You’ll know it’s You’ll know You’ll know how You’ll know i t ’ s Y o u ’ l l k n o w Y o u ’ l l k n o w h o w t a k e n c a r e o f w h a t t o d o t o get help taken care of what to do to get help taken care o f w h a t t o d o t o g e t h e l p opportunities optimised b u s i n e s s a s u s u a l Y e a r 1 – a l l s t a f f a n d s t u d e n t s t r ained Year 2 – security dependent income Y e a r 3 – e m b e d d e d i n t o • Cyber security accreditation is in place, enabling Strathclyde to optimise security dependent income opportunities. • Anti-virus and OS updates are delivered automatically. • Secure identification and management processes are in place for bring-your-own-devices (BYOD). • Data is accessible from any location once a device has been authenticated. • Desktop maintenance and software installation is automated. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security • Role-based authentication means users can access their desktop profile whenever, wherever, and from whatever device they are using. • Multi-factor authentication is used for important secure actions, like changing your password. • Cyber security standards are built into all new infrastructure and software development. 3 C y b e r H y g i e n e Cyber Resilience Cy b e r b y D e s i g n
Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security 1 • Senior managers understand the threat landscape and risk management is in place at central and departmental levels. • All IT staff understand the threat landscape and routinely contribute to risk assessments and management. • Comprehensive plans are in place to up-skill all staff, students and visitors to optimise our front-line defences against cyber-attacks. • ISD staff work with faculty IT colleagues to routinely monitor cyber security events, both internally and externally, in order to inform best practice. • Comprehensive plans are in place to improve our institutional cyber security. • General cyber security training has been provided to all staff and students which is available 24/7. • Online guidance and trained support services have been provided and are available 24/7. • Lightweight awareness and training has been provided for visitors and 3rd parties. • ISD Cyber Security Team disseminate ad hoc messages relating to end-user cyber security practice. • Clear processes are in place for reporting security incidents (and/or events?) as quickly as possible. • IT staff categorise and handle cyber security events efficiently and effectively. • Escalation processes for major cyber security incidents are in place and documented. • Roles and responsibilities are defined and understood at all levels in the organisation. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p Cyber Hygiene Year 1 – all staff and students trained
Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security 2 • Cyber security accreditation is in place, enabling Strathclyde to optimise security dependent income opportunities. • Secure identification and management processes are in place for bring-your-own-devices (BYOD). • Data is accessible from any location once a device has been authenticated. • Anti-virus and OS updates are delivered automatically. • Apps are installed automatically from a single catalogue. • Management information drawn from the app catalogue is used to define role-based standard build profiles and optimise software license costs. • Robust processes are in place to support changes in role ensuring that end-users can access data when, where and for the duration they need to as quickly as possible. • Processes for desktop management have been reviewed and consolidated to achieve standardisation where sensible. • All staff, students and visitors understand they are responsible for cyber security. • Specialised role-related training is in place and supports career progression where sensible. • Training requirements are understood and driven by policy. • Training requirements are embedded into the induction processes for all staff and students. • Training materials and online guidance have been optimised to reflect feedback from Year 1. • Different types of simulation tests have been evaluated anduseful ones have been adopted. • Escalation proces ses for major cyber security incidents are efficient and effective. • Processes are in place for raising awareness of lessons to be learnt from breaches reported in the news. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p Cyber Resilience Year 2 – security dependent income opportunities optimised
Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security • Training and online materials are routinely reviewed to ensure they are kept up-to-date and relevant. • A network of departmental contacts liaises with ISD Cyber Security Team to escalate concerns, manage training and disseminate key information updates about cyber security practice. • Ad hoc specialist campaigns are used to promoteawareness when new security threats emerge. • Refresher training requirements are understood and driven by policy. • Cyber security messages are consistent across all departments and media. • Processes are reviewed by routine and incorporate lessons learnt from internal and external incidents. • Customers Services feedback is in place to identify where support processes could be improved. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p 3 • Desktop maintenance and software installation is automated so admin rights have been restricted to user accounts with specialist requirements (VIP). • Devices are a portal to access and work with data – not the place where data is stored. • Role-based standard build profiles that automatically deliver user-related software and services are in place. • Role-based authentication is in place so that end-users can access their standard build profile whenever, wherever, and from whatever device they log into. • Multi-factor authentication is in place for important secure actions, like changing your password. • Agreed cyber security standards are built into all new infrastructure and software development. • The threat landscape is routinely reviewed and the risk management of emerging issues is built into the University planning round. Cyber by Design Year 3 – embedded into business as usual

Recommended

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Avantika University
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
CHFI v10
CHFI v10CHFI v10
CHFI v10
SagarNegi10
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 

Recommended

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Why is Cyber Security Important - Importance of Cyber Security - Avantika Uni...
Avantika University
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
CHFI v10
CHFI v10CHFI v10
CHFI v10
SagarNegi10
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information Security
CompTIA
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Edureka!
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
NIST Cybersecurity Framework Cross Reference
NIST Cybersecurity Framework Cross ReferenceNIST Cybersecurity Framework Cross Reference
NIST Cybersecurity Framework Cross Reference
Jim Meyer
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
DelforChacnCornejo
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmm
canpaksolutions04
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 

More Related Content

What's hot

How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information Security
CompTIA
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Edureka!
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
NIST Cybersecurity Framework Cross Reference
NIST Cybersecurity Framework Cross ReferenceNIST Cybersecurity Framework Cross Reference
NIST Cybersecurity Framework Cross Reference
Jim Meyer
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
DelforChacnCornejo
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 

What's hot (20)

How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information Security
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
NIST Cybersecurity Framework Cross Reference
NIST Cybersecurity Framework Cross ReferenceNIST Cybersecurity Framework Cross Reference
NIST Cybersecurity Framework Cross Reference
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
Network security
Network securityNetwork security
Network security
 

Similar to Comprehensive plans are in place to improve our institutional cyber security

Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmm
canpaksolutions04
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
Shreeveni
 
Why implement a robust cyber security policy?
Why implement a robust cyber security policy?Why implement a robust cyber security policy?
Why implement a robust cyber security policy?
Jisc
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Richard Lawson
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
InfosecTrain
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
Accounting_Whitepapers
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by
FirstMutualHoldings
 
How does cyber security work.pdf
How does cyber security work.pdfHow does cyber security work.pdf
How does cyber security work.pdf
Bytecode Security
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
How to make employees aware and responsible towards security of the Company's...
How to make employees aware and responsible towards security of the Company's...How to make employees aware and responsible towards security of the Company's...
How to make employees aware and responsible towards security of the Company's...
CommLab India – Rapid eLearning Solutions
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
AmeliaJonas2
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
Jisc
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
Swati Gupta
 
Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)
NAFCU Services Corporation
 

Similar to Comprehensive plans are in place to improve our institutional cyber security (20)

Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmm
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
 
Why implement a robust cyber security policy?
Why implement a robust cyber security policy?Why implement a robust cyber security policy?
Why implement a robust cyber security policy?
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by
 
How does cyber security work.pdf
How does cyber security work.pdfHow does cyber security work.pdf
How does cyber security work.pdf
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
How to make employees aware and responsible towards security of the Company's...
How to make employees aware and responsible towards security of the Company's...How to make employees aware and responsible towards security of the Company's...
How to make employees aware and responsible towards security of the Company's...
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
Fissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-trainingFissea09 mgupta-day3-panel process-program-build-effective-training
Fissea09 mgupta-day3-panel process-program-build-effective-training
 
Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)
 

Recently uploaded

First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
abdulrafaychaudhry
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
ShamsuddeenMuhammadA
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
abdulrafaychaudhry
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Yara Milbes
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 

Recently uploaded (20)

First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaTop 7 Unique WhatsApp API Benefits | Saudi Arabia
Top 7 Unique WhatsApp API Benefits | Saudi Arabia
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 

Comprehensive plans are in place to improve our institutional cyber security

  • 1. • Training is planned to up-skill all staff, students and visitors to optimise our front-line defences against cyber-attacks. • Senior managers understand the threat landscape and risk management is in place at central and departmental levels. • ISD staff and faculty IT colleagues routinely monitor cyber security events in order to inform best practice. • Processes are reviewed by routine and incorporate lessons learnt from internal and external incidents. • Customers Services feedback is in place to identify where support processes could be improved. • Training and online materials are routinely reviewed to ensure they are kept up-to-date and relevant. • Ad hoc specialist campaigns are used to promote awareness when new security threats emerge. • Cyber security messages are consistent across all departments and media. • All staff, students and visitors understand they are responsible for cyber security. • Specialised role-related training is in place and supports career progression where sensible. • Training requirements are embedded into the induction processes for all staff and students. • Different types of simulation tests have been evaluated and useful ones have been adopted. • Escalation processes for major cyber security incidents are streamlined and effective. • General cyber security training has been provided to all staff and students which is available 24/7. • Online guidance and trained support services have been provided and are available 24/7. • Clear processes are in place for reporting security incidents as quickly as possible. • IT staff categorise and handle cyber security events efficiently and effectively. • Roles and responsibilities are defined and understood at all levels in the organisation. CYBER SECURITY 1 2 3 Y o u ’ l l k n o w i t ’ s Y o u ’ l l k n o w Y o u ’ll know how You’ll know it’s You’ll know You’ll know how You’ll know i t ’ s Y o u ’ l l k n o w Y o u ’ l l k n o w h o w t a k e n c a r e o f w h a t t o d o t o get help taken care of what to do to get help taken care o f w h a t t o d o t o g e t h e l p opportunities optimised b u s i n e s s a s u s u a l Y e a r 1 – a l l s t a f f a n d s t u d e n t s t r ained Year 2 – security dependent income Y e a r 3 – e m b e d d e d i n t o • Cyber security accreditation is in place, enabling Strathclyde to optimise security dependent income opportunities. • Anti-virus and OS updates are delivered automatically. • Secure identification and management processes are in place for bring-your-own-devices (BYOD). • Data is accessible from any location once a device has been authenticated. • Desktop maintenance and software installation is automated. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security • Role-based authentication means users can access their desktop profile whenever, wherever, and from whatever device they are using. • Multi-factor authentication is used for important secure actions, like changing your password. • Cyber security standards are built into all new infrastructure and software development. 3 C y b e r H y g i e n e Cyber Resilience Cy b e r b y D e s i g n
  • 2. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security 1 • Senior managers understand the threat landscape and risk management is in place at central and departmental levels. • All IT staff understand the threat landscape and routinely contribute to risk assessments and management. • Comprehensive plans are in place to up-skill all staff, students and visitors to optimise our front-line defences against cyber-attacks. • ISD staff work with faculty IT colleagues to routinely monitor cyber security events, both internally and externally, in order to inform best practice. • Comprehensive plans are in place to improve our institutional cyber security. • General cyber security training has been provided to all staff and students which is available 24/7. • Online guidance and trained support services have been provided and are available 24/7. • Lightweight awareness and training has been provided for visitors and 3rd parties. • ISD Cyber Security Team disseminate ad hoc messages relating to end-user cyber security practice. • Clear processes are in place for reporting security incidents (and/or events?) as quickly as possible. • IT staff categorise and handle cyber security events efficiently and effectively. • Escalation processes for major cyber security incidents are in place and documented. • Roles and responsibilities are defined and understood at all levels in the organisation. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p Cyber Hygiene Year 1 – all staff and students trained
  • 3. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security 2 • Cyber security accreditation is in place, enabling Strathclyde to optimise security dependent income opportunities. • Secure identification and management processes are in place for bring-your-own-devices (BYOD). • Data is accessible from any location once a device has been authenticated. • Anti-virus and OS updates are delivered automatically. • Apps are installed automatically from a single catalogue. • Management information drawn from the app catalogue is used to define role-based standard build profiles and optimise software license costs. • Robust processes are in place to support changes in role ensuring that end-users can access data when, where and for the duration they need to as quickly as possible. • Processes for desktop management have been reviewed and consolidated to achieve standardisation where sensible. • All staff, students and visitors understand they are responsible for cyber security. • Specialised role-related training is in place and supports career progression where sensible. • Training requirements are understood and driven by policy. • Training requirements are embedded into the induction processes for all staff and students. • Training materials and online guidance have been optimised to reflect feedback from Year 1. • Different types of simulation tests have been evaluated anduseful ones have been adopted. • Escalation proces ses for major cyber security incidents are efficient and effective. • Processes are in place for raising awareness of lessons to be learnt from breaches reported in the news. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p Cyber Resilience Year 2 – security dependent income opportunities optimised
  • 4. Comprehensive plans are in place to improve our institutional cyber security All staff, students and visitors understand they are responsible for cyber security • Training and online materials are routinely reviewed to ensure they are kept up-to-date and relevant. • A network of departmental contacts liaises with ISD Cyber Security Team to escalate concerns, manage training and disseminate key information updates about cyber security practice. • Ad hoc specialist campaigns are used to promoteawareness when new security threats emerge. • Refresher training requirements are understood and driven by policy. • Cyber security messages are consistent across all departments and media. • Processes are reviewed by routine and incorporate lessons learnt from internal and external incidents. • Customers Services feedback is in place to identify where support processes could be improved. Y o u ’ l l k n o w i t’s You’ll know what Yo u ’ l l k n o w h o w t a k e n c a r e of to do t o g e t h e l p 3 • Desktop maintenance and software installation is automated so admin rights have been restricted to user accounts with specialist requirements (VIP). • Devices are a portal to access and work with data – not the place where data is stored. • Role-based standard build profiles that automatically deliver user-related software and services are in place. • Role-based authentication is in place so that end-users can access their standard build profile whenever, wherever, and from whatever device they log into. • Multi-factor authentication is in place for important secure actions, like changing your password. • Agreed cyber security standards are built into all new infrastructure and software development. • The threat landscape is routinely reviewed and the risk management of emerging issues is built into the University planning round. Cyber by Design Year 3 – embedded into business as usual