5XÉçÇøÊÓƵ

Information Security

The Cyber Security Strategy

The 5XÉçÇøÊÓƵ’s cyber strategy focuses on identifying critical information assets that it needs to be able to operate effectively and putting in place layers of protection around these assets.

Information security assets are things like people, their data, the IT devices they use, the programmes that run on these devices, the networks students and staff at 5XÉçÇøÊÓƵ use to communicate with each other and on the internet, as well as the physical and technological infrastructure that underpins all these services.

Having identified its most important assets, the 5XÉçÇøÊÓƵ’s cyber security team continually monitors external and internal threats to its systems and data. Understanding the most likely cyber security risks to the 5XÉçÇøÊÓƵ, a series of measures (called ‘controls’) are then put in place to detect and prevent attacks, as well as to manage and mitigate attacks should they happen.

The 5XÉçÇøÊÓƵ recognise that no one ‘thing’ is going to protect it from constantly evolving cyber threats.  It has put in place a combination of different technologies, processes and policies that provides different kinds of controls specific to the assets being protected.  It avoids reliance on any single vendor, technology or approach to cyber security. This approach is called ‘defence-in-depth’.  A significant benefit is that if one layer of defence is breached in a cyber attack, there are additional layers of protection to prevent the attack progressing and doing further harm.

Infographic portraying a castle with defence areas depicted