Cybercrime is a feature of modern life and the number of attempted and successful cyberattacks across all areas of business continues to increase year-on-year. The university sector is seen as an attractive target for cyber criminals, due to the amount of personal data, finance and research activities that are a feature of a thriving and busy institution.
To help tackle this, a number of Information Security Standards have been produced which provide guidance around information security good practice and are available for staff within the Schools and Colleges to download and use locally.
The standards outline the level and type of information security controls the University should adopt to protect its information assets from cyberattacks. They feature key aspects of information security that help teams to develop and manage their own infrastructure, processes and procedures against a common framework and to deploy suitable controls to underpin them.
The level of detail is aimed at those involved with providing and supporting services and is not guidance for the user – the standards outline what needs to be done rather than explain how to do it. They can, however, be used to help create such guidance and assist with developing secure processes for all colleagues.
The standards are designed to meet the information security objectives detailed in the University’s Information Security Policy, including protection against compromise and to foster a security-aware culture, while promoting information security as everyone’s responsibility.
Find out more
The standards can be accessed from within the University network, from the link available on the Information Security website.
Information security | The University of Edinburgh