Service Catalogue

Governance

Information Security Policies, Procedures and Standards

  • Creation, agreement and maintenance of documentation to support appropriate information security in all UCL operations.
  • Review of existing documentation at least once per year, development of new policies, retirement of old.
  • Creating and maintaining a database of relevant and appropriate technical resources and assisting UCL members in interpreting it for their situation.
  • http://www.ucl.ac.uk/informationsecurity/policy

Information Risk Management and Compliance

Information Security Management System Support

  • Advice, guidance, and software tools to assist Schools and Faculties in managing their information security risk. Includes development and maintenance of software tools.
  • Audit of information security management systems against the appropriate standard (e.g. IG Toolkit, ISO/IEC 27001, PCI DSS)

Information Security Awareness

  • Raising the understanding of information security amongst UCL members. To include: awareness campaigns, email newsletters, website, workshops, training courses

Operations

Information Security Incident Management

  • Follow-up of copyright and malware incidents which have not been resolved by first line.
  • Management of major incidents, including liaison with multiple stakeholders (e.g. ISD, Faculties, HR, the Data Protection Officer and the police), correlation of incident data, and documentation.
  • Forensic data acquisition and investigation in accordance with ACPO guidelines.

Information Security Monitoring

  • Monitoring of incoming, outgoing and internal attacks.
  • Provision of metrics to stakeholders.
  • Development and management of IDS, new SIEM and new honeypot.

Information Security Technical Testing

  • Penetration testing.
  • Web application testing
  • Code review
  • Monthly scanning of key servers.

Page last modified on 28 jan 14 14:46