University Chief Information Security Officers (CISOs) have had a tough time lately. According to information acquired under the Freedom of Information Act by The Times newspaper, some of the UK’s top universities have seen cyber security breaches double in the 2016-17 period, suffering a total of 1,100 cyber security breaches. These include instances of research data compromise. Given the value of data and research projects in particular, it is likely that this trend will continue into the next academic year.
With an institution’s reputation at stake, the CISO is often judged not on what he or she successfully does, but on what they don’t. But this is also true of any business which conducts its business online. Increasingly, the corporate world looks to specialist CISO support to enhance and support the resident CISO. Universities are also beginning to see the advantages of using additional professional CISO support.
In a similar way to their corporate counterparts, the university CISO’s role is not limited to managing a robust defence of the institution’s systems. To really be effective, their role needs to go beyond a thorough understanding of information technology and cyber defence. They also need to be business leaders, garnering support across all departments. They need to have influence at the highest level and the industry knowledge to anticipate future trends. Few individuals have the skills or resources to fulfil all these roles without additional resource.
Just as the finance department works with professional accountants and the legal department works with specialist lawyers, so the CISO benefits from a collaborative relationship with information security specialists whose role is to support, enhance and resource the CISO function within the university.
At SRM we have a professional team with a high level of expertise and experience in supporting the CISO function. We offer VirtualCISOTM which is a totally bespoke service, providing as much or as little as is required depending on the individual organisation. We are also able to provide a tailored package to support university CISO’s with their specific role, focusing on strategic guidance in the definition and maintenance of an effective security strategy and business continuity plan.
Because we are immersed in the information security industry we are also able to provide a proactive approach to keeping up-to-date with ever-changing threats including the latest social engineering threat vectors. We provide training of all relevant personnel in how to manage change to the broad spectrum of legal requirements such as data protection, emerging GDPR legislation and computer misuse.
In addition we are able to assist in the development and delivery of senior-level presentations detailing an organisation’s security posture to key stakeholders, while also providing a full range of other services including information security testing and incident response.