Cyber security management
The UC Digital Security and Risk Team provides the cyber risk and resilience capability within the University that ensures effective management of cyber risk and resilience of technology across the University of Canterbury landscape.
Cyber risk refers to the potential of loss or harm related to technical infrastructure or the use of technology. Cyber resilience is when people, processes and technologies can quickly adapt to changing cyber threats.
In an increasingly hostile and rapidly changing digital world, our purpose is to provide effective, adaptable and risk appetite-aligned management of cyber risks to support the University of Canterbury in its vision of a University that is Engaged, Empowered, Making a Difference.
Cyber security strategy and leadership:
Oversight of the University Cybersecurity Risk Profile
Development and execution of security strategy, vision & policies
Executive and key stakeholder engagement
Vendor management
Team development and leadership
Alignment with University strategy and risk appetite
External contact for government agencies
Security incident management
Technical security control testing and compliance monitoring
Vulnerability management
Threat prevention, detection, recovery and intelligence
Secure Operations Improvement
Security Assuarance
Security Testing
Security Consulting
Solutions or design security guidance
Security control design
Development of standards
Development of tactical solutions
Security standards and guidelines
Security domain roadmaps
Security programme roadmap
- Information security risk and controls assessments
Cyber risk management consultancy and advisory
NIST CSF compliance and maturity monitoring
Cybersecurity Audit
Governance – security frameworks, policies and standards
Security domain roadmaps
Security programme roadmap
Cyber awareness and culture program planning and delivery
Training, event, communications planning and facilitation
Knowledge testing design and delivery
Proactive engagement of University communities
Education and awareness content development
Awareness and behavioural metrics and reporting
Risk area profiling/identification and learning needs analysis
Security domain roadmaps
Security programme roadmap
Cybersecurity Infrastructure & Platform Management
Agile cyber team operational delivery management
Protective Security Requirements (PSR) advisory
University Foreign Interference
Proactive, collaborative engagement of University research areas
Communication and facilitation of cybersecurity service offerings to research areas
Execution of approved cybersecurity strategic plan
Cybersecurity continuous improvement program planning & delivery
The Digital Security & Risk Practice works closely with capabilities and areas throughout the University, including:
Risk & Insurance
Research
Information Management
Digital Services
Facilities
People & Culture
The University’s cyber security and general IT policies and procedures can be viewed on the University Policy Library
Key University policies/procedures relevant to cybersecurity include:
Cyber Security Policy
The governance of cyber security and cyber risks is embedded throughout operational, executive and strategic layers within the University. Regular cybersecurity briefings are provided to key University executive management and governance groups including:
Cybersecurity & Risk Working Group
Cybersecurity Program Board
Risk Advisory Committee (RAC)
Audit and Risk Committee (ARC)
Senior leadership Team
Council
Cyber risk management processes are being developed to include identifying, analysing, evaluating, treating, and monitoring cyber risks for university information assets and services. These cyber risk management processes are supported by the University’s cybersecurity policies, standards, and procedures and are aligned with the University enterprise risk management framework and industry best practices.
Further information:
The Digital Security and Risk capability provides Information Security Risk Assessment to ensure that the university upholds its responsibilities. To find out more about the cybersecurity assessments process visit ( UC user access ony): UC Cybersecurity Assurance Process.
