Professional Documents
Culture Documents
Did you know that the Cyber Security Breaches Survey 2023
reports Six in Ten of the higher education institutions that
identified any breaches or attacks report losing money or data,
or having compromised accounts used for illicit purposes.
1|Page
Introduction
Purpose
Scope
2|Page
User interactions that span across email, learning
management systems, and other communication platforms.
Audience
3|Page
Managing Security Risk
Governance
Asset Management
4|Page
• Catalogue every digital asset, from hardware like
servers and laptops to software applications and the
data they process.
• Maintain records of where these assets are located,
who has access to them, and the security measures in
place.
• Classify assets based on their sensitivity and value to
the institution, prioritising them accordingly for risk
management purposes.
• Use a consistent tagging system for assets to aid in
tracking and managing them throughout their
lifecycle.
Risk Management
5|Page
for research materials, and anti-malware defences for
endpoints.
• Regularly reviewing and updating the risk
management plan to adapt to new threats, changes in
the institution's digital assets, or shifts in regulatory
requirements.
6|Page
Identity and Access Control
Data Security
7|Page
• Establishing clear protocols for data handling, storage,
and sharing, including guidelines on how to safely use
cloud services.
System Security
8|Page
Detecting Cyber Security Events
Security Monitoring
9|Page
Staff Training and Awareness:
10 | P a g e
Minimising the Impact of Cyber Security Incidents
11 | P a g e
Incident Response
Communication Strategy:
12 | P a g e
Lessons Learned after an incident
13 | P a g e
Performance Review: In UK schools and colleges, a structured
approach to reviewing cybersecurity performance is essential
to maintain alignment with educational objectives and legal
compliance.
14 | P a g e
accountability and trace the evolution of the cybersecurity
strategy.
15 | P a g e
Technology Investments: Based on the reviews, identify areas
where investment in new technologies or infrastructure
upgrades is needed to bolster the institution’s cybersecurity
defences. Consider implementing a rolling 5-year ICT plan.
16 | P a g e
Recovery Plans: Include plans for the recovery of services and
systems following an incident. This could involve restoring
from backups, rebuilding systems, and verifying the integrity
of data.
17 | P a g e
Ransomware example:
Systems are
isolated from the
network to stop the
Containment ransomware spread,
safeguarding
unaffected areas and
backup systems.
18 | P a g e
The pre-defined
playbook recovery
strategies are
initiated to maintain
educational
Activation of the
operations in an
Recovery Plan
offline mode where
possible. The school
have policies in place
for the loss of
phones and internet.
The IT team
evaluates the scope
of the attack,
Assessment determining which
Damage
and data and systems
Assessment
Mitigation are affected and
how school
operations are
impacted.
19 | P a g e
The school
informs the
Information
Commissioner’s
Legal and
Office (ICO) within
Regulatory
the mandated 72-
Compliance
hour window about
the data breach
under GDPR
regulations.
Law enforcement
and the National
Cyber Security
Centre (NCSC) are
Engaging with
contacted for
Authorities
assistance, following
the playbook’s
emergency
procedures.
Students, parents,
and staff receive
regular updates
Communicating
through unaffected
with Stakeholders
channels like social
media or physical
notices.
20 | P a g e
Following the
playbook’s guidance,
the IT team begins
restoring services
Recovery and
System from backups—
Business
Restoration especially cloud
Continuity
backups, which
remain uninfected
thanks to the 3-2-1
backup strategy.
The school
implements its
business continuity
Business
measures, which
Continuity
could include using
paper records or
relocating classes
A detailed
investigation
uncovers the attack
vector, frequently
Forensic Analysis
found to be a
phishing email that
led to account
compromise.
21 | P a g e
The IT team
conducts an
Long-term exhaustive review to
Response Review and document the
and Lessons Learned incident’s timeline,
Adaptation response
effectiveness, and
improvement areas.
Cybersecurity
policies are revised
to strengthen
Policy and
defences, informed
Training Updates
by the insights
gained during the
incident.
A deep dive into
the incident helps
pinpoint exactly how
the breach occurred,
Root Cause
focusing on
Analysis
enhancing
protections against
similar attack
vectors.
22 | P a g e
An educational
program is rolled
out, heightening
Staff and Student awareness around
Training cybersecurity,
particularly in
recognising and
reporting phishing
23 | P a g e
Microsoft and Google products for cyber security
Microsoft:
24 | P a g e
System Security: Microsoft Defender for Endpoint offers
preventative protection, post-breach detection, automated
investigation, and response capabilities.
25 | P a g e
Directory (Azure AD) that enables you to manage, control,
and monitor access to important resources in your
organisation.
26 | P a g e
Google:
27 | P a g e
Anomaly Detection: Google Cloud's Security Command
Centre helps identify anomalies and maintain insights across
your Google Cloud resources.
28 | P a g e