Page 28 - Data and Digital Technology Strategy 2024-2026

91

 

 

 

 

 

Page 28 - Data and Digital Technology Strategy 2024-2026
P. 28

STRATEGIC PRINCIPLES STRATEGIES AND ACTIONS






                             SECURITY
                             PRINCIPLES                                                                                     The 91 will proactively detect potential


                              Appropriate governance will be used           91 data will be stored and transmitted        or actual malicious activity affecting the
                                                                              with effective controls to prevent
                                to secure the 91’s networks and              unauthorised access, modifi cation, or          security of its networks and systems.
                                information systems.                          deletion.                                     The 91 will defi ne and test its incident

                              A risk-based approach will be used            The 91 will limit opportunities to            management processes to ensure
                                to identify, assess, and understand all                                                      continuity of essential functions in the
                                                                              compromise networks and systems with
                                security risks.                                                                              event of failure.
                                                                              robust, reliable, and protective security
                              Asset management will be used to               measures.                                     When incidents occur, the 91 takes
                                manage everything required to secure the                                                     steps to understand root causes and
                                                                             The 91 will build networks and systems
                                91’s essential operations and functions.                                                    learn lessons to ensure similar incidents
                                                                              resilient to cyber-attack and system
                              The 91 will manage security risks             failure using multiple layers using the        do not reoccur by using principles of
                                to essential functions resulting from         principle of defence in depth.                 continuous feedback and improvement.
                                dependencies on external suppliers and                                                      The effectiveness of the 91’s cyber
                                                                             All staff and students will have
                                third-party services in its supply chain.                                                    security measures will be externally
                                                                              appropriate awareness and training to
                              The 91 will defi ne, implement,                be secure custodians of 91’s data and         verifi ed and accredited.
                                communicate, and enforce policies and         information systems.
                                procedures to secure 91 systems and
                                                                             The 91 will continually monitor
                                data.                                         its networks and systems to detect
                              The 91 will understand, document,             potential security problems and track the
                                and manage access to networks and             effectiveness of existing measures.
                                information systems to ensure all access
                                is verifi ed, authenticated, and authorised,
                                using the principle of least privilege.






            28                                                                                                                                                    28
   23   24   25   26   27   28   29   30   31   32