Monday, 18 April 2016

Cyber Essentials: IT security across the University

Matthew Badham explains why Cyber Essentials accreditation puts the University ahead in bids for research grants.

Maintaining good cyber security - and being able to demonstrate that we do so - is increasingly important. It protects your account and data, and it's a requirement of many funding organisations when they consider allocating research grants. Good news then that in December 2015 the University of York was awarded Cyber Essentials accreditation covering all managed desktops and laptops.

What is Cyber Essentials and why do we need it?

Cyber Essentials is a government supported scheme which is designed to help organisations protect themselves against security breaches. It considers everything from the infrastructure of our network to your desktop PC or laptop. Our compliance with the standard demonstrates that the University meets fundamental security standards for all supported IT provision. Gaining Cyber Essentials certification gave us the opportunity to review all the precautions we have in place, ensuring that we provide an optimum level of security.

Having worked through the checklist of standards required, we can now be confident that we meet all the key requirements, both for the certification, and for funding bodies.

How does this help me?

If you are a using a managed desktop you can be reassured that you are protected by the systems that the University has in place. Increasingly, funding bodies and organisations are seeking assurance that the IT systems of those applying for research grants are compliant with basic security standards. Quoting the University's accreditation is a useful way of providing this assurance and of enhancing your bid.

Who has Cyber Essentials?

Developed by the government and industry, the accreditation is held by an increasing number of organisations who want to demonstrate to customers and external companies that they are taking essential precautions with their IT security. We are one of the first Universities to gain it.

What does Cyber Essentials cover?

Any managed Windows desktop or laptop, and the infrastructure behind your connection. If you are using an IT Services managed desktop or laptop, and saving your files on central filestore, then you are covered by the certification and can specify this on grant applications for sensitive data. If you are using managed iMacs, managed Linux desktop, or unmanaged devices (eg OS X or unmanaged Windows laptops) you are not certified. Unmanaged devices can't claim this certification because we can't ensure that they meet the required standards in areas like updates, patching, and use of anti-virus software. However, we will look at including certification for managed Linux and Apple devices in a later phase of this work.

Image courtesy of

What comes next?

Having successfully achieved the first stage of accreditation, we are now working towards the next stage of accreditation called Cyber Essentials Plus which will require us to meet an even higher level of security standards.

Any questions…

If you'd like to find out more, please contact IT Support who will forward your query to Arthur Clune, the Assistant Director of IT Services (Infrastructure).

No comments:

Post a Comment

Anybody can comment on this blog, provided that your comment is constructive and relevant. Comments represent the view of the individual and do not represent those of The University of York Information Directorate. All comments are moderated and the Information Directorate reserves the right to decline, edit or remove any unsuitable comments.