Leading UK University
Learn how this leading UK University achieved its cyber security goals and ISO 27001 certification.
protecting data against cyber threats
Research activity and research data is critical to the advancement of knowledge and to tackle challenges that society faces.
However, data is valuable and is an attractive target to hackers so it must be protected from attack and handled in accordance with defined compliance standards.
The goal was to develop a dedicated, secure research environment that would be designed to protect data against the latest cyber security threats.
The effectiveness of the security regime would be confirmed by achieving ISO 27001 certification.
Fake websites designed to steal credentials found in 2018 in 14 countries including the UK
Universities subject to phishing attacks according to NCSC referenced survey
Data stolen from universities by the Mabna Institute during a targeted attack discovered in 2017
The University works with a range of partners that provide original data that is the basis for research studies.
Each partner has its own assurance requirements and specific compliance obligations, including DPA and Caldicott which relates specifically to clinical patient data.
The University needed to identify a mechanism that would effectively communicate a security assurance profile for its new research environment to the satisfaction of all stakeholders.
The research environment needed to be located and accessible via a much wider enterprise ICT arrangement that served the accessibility requirements of all University users – but this presented a security segregation challenge.
Tectrade’s cyber security advisory team was engaged to identify the most effective assurance mechanism to meet the security goals for the research environment.
We identified ISO27001 as the most likely mechanism that would meet the requirements of the majority of research data stakeholders.
Initial work commenced with a scoping study to determine the parameters of the project and highlighted key areas of security related activity, such as identity and authentication, network separation and security event monitoring.
Our team – integrated with the University’s internal project team – was responsible for all aspects of the certification preparation process.
In both culture and technology, universities are one of the most open and outward facing sectors. This enables collaboration across borders but also eases the task of an attacker.“The Cyber Threat to Universities” – National Cyber Security Center
Following a work programme lasting almost a year, the new research environment was securely designed and implemented.
The environment was immediately subject to strict ISO 27001 certification – and was achieved at the first attempt!
As a result of successful certification, research data stakeholders immediately authorized release of their data into the environment.
Tectrade’s cyber security advisory team is engaged in an ongoing managed security service to ensure compliance and continued certification to ISO27001 standards is maintained.
About our client
Our client is a world-renowned UK top-10 ranked university and is home to more than 40,000 students.
It is one of the world’s leading research intensive universities undertaking studies across medicine, science, engineering, the arts and humanities.