Information Security


Our Services


Information Security Incident Management

  • Follow-up of copyright and malware incidents which have not been resolved by first line.
  • Management of major incidents, including liaison with multiple stakeholders (e.g. ISD, Faculties, HR, the Data Protection Officer and the police), correlation of incident data, and documentation.
  • Forensic data acquisition and investigation in accordance with ACPO guidelines.

Information Security Technical Testing

  • Penetration testing
    • Web application penetration testing
    • Infrastructure penetration testing
    • Mobile application penetration testing
  • Vulnerability management
    • Infrastructure vulnerability management
    • Application vulnerability management

Information Security Monitoring

  • Monitoring of incoming, outgoing and internal attacks.
  • Provision of metrics to stakeholders.
  • Development and management of IDS, SIEM.


Information Security Policies, Procedures and Standards

  • Creation, agreement and maintenance or documentation to support appropriate information security in all UCL operations.
  • Review of existing documentation at least once per year, development of new policies, retirement of old.
  • Creating and maintaining a database of relevant and appropriate technical resources and assisting UCL members in interpreting it for their situation.

Information Risk Management and Compliance

  • Provision of advice and guidance to new and on-going initiatives.
  • Addressing information security risk and compliance requirements of projects and services, with full lifecycle contact to a level commensurate with risk.

Information Security Management System Support

  • Advice, guidance, and software tools to assist Schools and Faculties in managing their information security risk. Includes development and maintenance of software tools.
  • Audit of information security management systems against appropriate standard (e.g. IG Toolkit, ISO/IEC 27001, PCI DSS).

Information Security Awareness

  • Raising the understanding of information security amongst UCL members of staff and students. To include: awareness campaigns, email newsletters, website, blog, training courses.
  • Information Security Awareness course