How CSI’s National Cyber Security Centre (NCSC) certified advisory team supported this University’s goal of achieving ISO27001 certification.
Our client: is a world-renowned UK top-10 ranked university. The University is one of the world’s leading research-intensive universities undertaking studies across medicine, science, engineering, the arts and humanities.
To find out how we can help you get a perpetual edge on protection...Contact us
Research activity and research data is critical to the advancement of knowledge and to tackle challenges that society faces.
Research data is valuable and is an attractive target for hackers. It must be protected from attack and handled in accordance with defined compliance standards.
The development of a dedicated secure research environment that would be designed to protect data against the latest cyber security threats.
The effectiveness of the security regime would be confirmed by achieving ISO27001 certification.
The University works with a range of partners that provide original data that is the basis for research studies. Each partner has its own assurance requirements and specific compliance obligations, including DPA and Caldicott which relate specifically to clinical patient data.
The University needed to identify a mechanism that would effectively communicate a security assurance profile for its new research environment to the satisfaction of all stakeholders.
The research environment needed to be located and accessible via a much wider enterprise ICT arrangement that served the accessibility requirements of all University users. This presented a security segregation challenge.
IN BOTH CULTURE AND TECHNOLOGY, UNIVERSITIES ARE ONE OF THE MOST OPEN AND OUTWARD FACING SECTORS. THIS ENABLES COLLABORATION BETWEEN ACADEMICS ACROSS BORDERS, AND A KEY COMPONENT OF THEIR SUCCESS. UNFORTUNATELY, THIS ALSO EASES THE TASK OF AN ATTACKER.
CSI’s advisory team was engaged to identify the most effective assurance mechanism to meet the security goals for the research environment.
We identified ISO27001 as the most likely mechanism that would meet the requirements of the majority of research data stakeholders.
Initial work commenced with a scoping study to determine the parameters of the ISO27001 project and to highlight key areas of security-related activity, such as identity and authentication, network separation, and security event monitoring.
Out team was integrated with the University’s internal project team and was responsible for all aspects of the certification preparation process.
Following a work programme lasting almost a year, the new research environment was securely designed and implemented. It was immediately subject to ISO27001 certification, which was achieved at the first attempt.
As a result of the successful ISO27001 certification, research data stakeholders immediately authorised the release of their data into the environment.
CSI’s advisory team is now engaged in a managed security service to ensure on-going compliance and continued certification to ISO27001.
In 2018, researchers discovered over 300 fake university websites designed to steal credentials - across 14 countries including the UK.
An NCSC referenced survey states that seven out of every ten universities have been subject to a phishing attack.
30TB of data stolen from universities by the Mabna Institute during a targeted attack discovered in 2017.