Developing a risk-based approach to information security to reduce institutional exposure to information security threats and challenges – balancing agility, openness and collaboration with security, risk and privacy and incorporating effective and efficient Identity and Access Management
(#2 on the 2018 CAUDIT Top Ten Topics)
The contours of information security change rapidly. Functional complexity and diversified interactions characterise universities and research institutions. They also offer numerous cyber attack entry points. Threats emerge as models for research, learning and teaching, and student support evolve and benefit from new technologies. Threat actors apply social engineering and probe vulnerabilities in business processes and systems introduced to serve changing models and improve efficiencies. In addition, the regulatory environment protecting privacy and personal data appropriately imposes new information security expectations on universities and research organisations.
Responsive, robust risk management is a touchstone for the sector’s information security. Minimising damage to individuals, financial stability and institutional reputation requires awareness across the institution, especially as human error enables most successful attacks.
Cybersecurity is everyone’s responsibility – Board members, University Executive, academics, professional staff, ICT staff and students. ICT leaders and staff cannot be alone in the unremitting contest with malevolent attempts to steal, compromise or shut down access to sensitive personal, research and operational data. Collaborative risk management with students and staff is the risk minimisation bottom line.(#2 on the 2018 CAUDIT Top Ten Topics)
To view the full 2018 Top Ten Topics report or to compare topics/years, visit: https://www.caudit.edu.au/caudit-top-ten-topics