SEPTEMBER 2023 - Cyber Security and Universities - Managing the risk (2023 update)

Assessing risks and threats The process of assessing risk requires open and transparent dialogue between all interested parties, including organisations’ governance and technology teams and the researchers and administrators who have responsibility for collecting, managing and publishing data. [...] Institutions should consider who in the organisation ‘owns’ or ‘controls’ data to establish clear lines of assessment, accountability and monitoring between the decentralised production and use of data and the overarching shared organisational 13 CYBER SECURITY AND UNIVERSITIES – MANAGING THE RISK (2023 UPDATE) responsibility for security. [...] Changes and improvements in security behaviours and mindsets will not happen overnight, and security awareness and training programmes must be driven from the _______________ 20 15 CYBER SECURITY AND UNIVERSITIES – MANAGING THE RISK (2023 UPDATE) highest levels of the organisation to be credible. [...] Rehearsals, exercises and tests Regular rehearsals, exercises and tests are key to a strong security posture and institutions’ capability and capacity to respond to cyber security threats and incidents. [...] Jisc provides a key point of focus in this area, via its Cyber Threat Intelligence Service,29 its Cyber Security Community30 and its Cyber Threat Monitoring Service.31 The NCSC has established the Cyber Security Information Sharing Partnership (CiSP) to improve the exchange and monitoring of information about evolving cyber threats and targets across industry and higher education.32 The Universiti.