![]() Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements.Recognize a possible security violation and take appropriate action to report the incident, as required.Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations. ![]() Participate in the development or modification of the computer environment cybersecurity program plans and requirements.Participate in an information security risk assessment during the Security Assessment and Authorization process.Oversee the information security training and awareness program.Manage the monitoring of information security data sources to maintain organizational situational awareness.Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.Identify information technology (IT) security program implications of new technologies or technology upgrades.Identify alternative information security strategies to address organizational security objective.Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.Ensure that security improvement actions are evaluated, validated, and implemented as required.Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.Collect and maintain data needed to meet system cybersecurity reporting.Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.Advise senior management (e.g., Chief Information Officer ) on risk levels and security posture.Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.Incidents are followed up by a Computer Emergency Response Team (CERT-UU), consisting of a broad selection of experts from all over the university. When there is a breach in our network – or a suspicion of one – there are several tactics in place to ensure rapid and effective reaction. We also make use of tooling and third-party audits to actively scan and monitor our systems and websites for potential weaknesses. We provide information on online privacy, safe passwords and how to keep data and documents safe. We also actively promote Security Awareness amongst all users and process owners within the university. This policy ensures that everyone using the network is aware that security is a shared responsibility, and what risks are out there in today’s highly digitalised world. We implement and maintain both reactive and proactive measures to effectively address potential weaknesses and breaches in our systems.Īll users must accept an acceptable use policy with rules and guidelines before they are allowed to use UU IT Services. One of our most important responsibilities is keeping Utrecht University’s data safe and secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |