Cookies

We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Computing and Information Services

Project Background

Summary

IT increasingly underpins all University activity and therefore risk to IT security presents clear risk to the University business. To this end, IT security underpins the University Strategy in its entirety. To achieve our goals to "be recognised, world-wide, for creative thought, transformative research of the highest calibre" and to "set the highest standards in research-led education for both undergraduates and postgraduates", it is vital that we have a secure IT foundation which allows our staff and students to develop and share research and learning in a secure way.

A review of IT security across the University was carried out in 2010 by members of the IT departments from across the University. The review took the form of a risk based analysis, using the standard University risk appetite matrix and the output from the review - a set of prioritised recommendations on how to address IT security within the University - form the basis of the Security Hardening Project within the Unified Infrastructure Programme.

The Security Hardening Project will improve security of the IT infrastructure in a range of areas - from technical architecture, to policy and user education - as identified and recommended in the IT Security Risk Review. The project is split into 7 work streams. The activity carried out within each work stream will be clearly defined and managed, with recommendations for further activity.

Workstreams

Work Stream 1 - Network

The University network is the central core for all IT activity. The project will develop improvements to the security of the University network to reduce the possibility of internal and external breaches and to mitigate the impact should a breach occur.

Work Stream 2 - Server/Desktop Hardening

Individual devices functioning within the University each have the potential to present a security risk. The project will deliver improvements to the security of both individual desktop machines and the servers that these machines access.

Work Stream 3 - User Account Management

There are many thousands of user accounts across the University and the project will implement developments to improve the security of all user accounts - both personal and non-personal.

Work Stream 4 - Email

Email is perhaps the most significant communication tool within the University. The project will make developments to central email systems to improve security which will include upgrading staff email to Exchange 2010 and outsourcing student email.

Work Stream 5 - Communication

Whilst user education in its own right will never completely mitigate the risks we have, it is crucial that we engage with staff and students alike to ensure they understand and accept their responsibilities from a security aspect. Through the work identified above, a communication work stream would cover; regular communications on security changes, published best practice advice, security information to be a feature of induction for staff and high visibility support materials.

Work Stream 6 - Policy

The policy work stream will develop an information security framework and related policies which will help to enforce information security compliance amongst staff and students and will complement the solid technical foundation to be developed by the project's other work streams.

Work Stream 7 - Web

The University website serves as a gateway to the outside world for many of our systems and services and it is therefore crucial that we suitably protect this key area. This work stream will ensure that the technical architecture of our website is robust and introduce secure web tools (e.g. blogs) suitable for all web users.

Benefits

Benefit

Summary

Underpinning the Unified Infrastructure

The project is a pre-requisite to the Unified Infrastructure, providing the foundations (e.g. network zoning) upon which further unification can be developed.

Facilitating research and business engagement

The project will facilitiate the secure management and transfer of confidential data both within and without the University (e.g. NEPHO, CEM Centre)

Improving user experience

The project will deliver email environments for both students and staff that are more stable and provide a better user experience

Improving University's reputation as secure environment

Project deliverables will enhance the University's reputation as a secure IT environment both internally and with external partners

Facilitating alumni relations

The email work stream will enable email for life, making it easier for alumni to retain their link with the University

Engendering a secure information culture

Particularly through the Policy and Communications work streams the project will improve the awareness and common practice of staff and students

Timeline

Overall project timescale will be confirmed during project planning.

Budget

The total project budget is £1.2m over 3 years.

Governance

  • UEC Sponsor: Mrs Carolyn Fowler (Registrar & Secretary)

Security Hardening Project Board

  • Andy Nixon [Project Executive]
  • Carolyn Fowler [Project Sponsor]
  • Paul Drummond [Senior User - Social Sciences & Health, Queen's Campus, Colleges]
  • Paul Brierley [Senior User - Professional Support Services]
  • Sophie Philipson [Senior User - Records Management, Management Information]
  • Mark Wilson [Senior User - Science, Research]
  • TBC [Senior User - Information Systems]
  • Steve Shotton [Senior Supplier]
  • Tony McAndrew [Unified Infrastructure Programme Manager]
  • James Pettican [Project Manager]

The Project Board reports into the IT Programme Board and, in turn, to the IT Steering Group and UEC.