Service Catalogue

Governance

Information Security Policies, Procedures and Standards

  • Creation, agreement and maintenance of documentation to support appropriate information security in all UCL operations.
  • Review of existing documentation at least once per year, development of new policies, retirement of old.
  • Creating and maintaining a database of relevant and appropriate technical resources and assisting UCL members in interpreting it for their situation.

Information Risk Management and Compliance

  • Provision of advice and guidance to new and on-going initiatives.
  • Addressing information security risk and compliance requirements of projects and services, with full lifecycle contact to a level commensurate with risk.

Information Security Management System Support

  • Advice, guidance, and software tools to assist Schools and Faculties in managing their information security risk. Includes development and maintenance of software tools.
  • Audit of information security management systems against the appropriate standard (e.g. IG Toolkit, ISO/IEC 27001, PCI DSS)

Information Security Awareness

  • Raising the understanding of information security amongst UCL members. To include: awareness campaigns, email newsletters, website, workshops, training courses
  • Information Security Awareness Moodle course:

Operations

Information Security Incident Management

  • Follow-up of copyright and malware incidents which have not been resolved by first line.
  • Management of major incidents, including liaison with multiple stakeholders (e.g. ISD, Faculties, HR, the Data Protection Officer and the police), correlation of incident data, and documentation.
  • Forensic data acquisition and investigation in accordance with ACPO guidelines.

Information Security Monitoring

  • Monitoring of incoming, outgoing and internal attacks.
  • Provision of metrics to stakeholders.
  • Development and management of IDS, new SIEM and new honeypot.

Information Security Technical Testing

  • Penetration testing.
  • Web application testing
  • Code review
  • Monthly scanning of key servers

Page last modified on 01 jul 15 10:12