Information Security, Risk and Compliance
About Information Security, Risk and Compliance
We ensure the confidentiality, integrity and availability of information is protected. We maintain robust policies, ensure risks are identified and treated, and provide necessary awareness on good information security practices.
Information Security Operations: We protect the University’s digital environment by maintaining the technical security tools, attending to security incidents, and providing expertise on cyber security.
Adrian Hope - Chief Information Security Officer
My role is to provide leadership and direction to protect the University’s valuable information, including the wealth of intellectual property and the personal data we process for our staff, students, and others. Whilst information security is central to my team's role, it’s important to remember that we are all responsible for information security.
My team and I help to achieve that by providing polices, resources and tooling as well as training and awareness to drive positive security behaviours. I’ve worked in a variety of roles over my career, primarily in Information Technology, but also looking after a range of central services functions including HR, Procurement, Legal and Estates Management. Information security isn’t just about the technical protections but also incorporates effective management of our supply chain, who processes confidential data, including ensuring that our contracts are water-tight and that we have effective measures in place from human resources and physical security perspectives. We collaborate closely with these departments and other stakeholders across the University.
From a personal perspective, I enjoy spending time with my family as well as watching, listening to, and playing (badly) music of various genres, sports, and pub quizzes.
Incidents and data breaches
Incidents: Security incidents are any event where the security of information, devices or technical infrastructure have their confidentiality, integrity or availability compromised. Examples of this include lost devices, malware and phishing. Our team provide support and expertise in identifying and resolving these incidents.
Data Breaches: Any event where personal data is mishandled (e.g. lost, stolen, altered, accessed by unauthorised personnel). As part of our legal obligations to protect personal data, any suspected data breach must be reported without delay. Our team will assist in investigating as well as providing mitigating and remedial measures to keep personal data secure.