On 28 May, the IT Security team achieved Cyber Essentials accreditation for the University. The defined scope covers all centrally managed IT infrastructure and services, excluding only locally acquired and managed servers and end-points used by academics in colleges and BYOD devices.
Cyber Essentials is a UK Government security standard based on five basic security controls:
- Boundary firewalls and Internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
There are two levels; Cyber Essentials and Cyber Essentials Plus. The difference between them is that Cyber Essentials Plus involves the accreditation agency verifying our submission with penetration testing and phishing attacks. Cyber Essentials is a minimum requirement for an increasing number of government contracts, including research funding from bodies such as the Defence Science and Technology Laboratory (DSTL) or Network Rail and is often cited as a basic security standard by commercial organisations as well.
In the immediate, this qualifies the University to proceed with a number of contracts – such as the provision of Graduate Apprenticeship services with Network Rail; worth up to £6 million. Thanks to Network Operations and Universal Services who helped pull together the required data.