Delivering Security Visibility in Higher Education and Research Environments
Adam Lorimer, Head of Security Operations and Lucila Canas-Bottos
Senior Information Security Officer, UCL
Higher education and research institutions typically have highly fragmented network environments, with many IT assets and network segments being managed locally. It is very challenging for a centralised security team to establish and maintain the visibility needed to detect and respond to security incidents under these conditions. UCL is working to establish a consistent incident response service across our entire network and has leveraged existing tools in creative ways to achieve this while also democratising access to security tools, enhancing the ability of local IT to manage their assets and mitigate risks without needing to rely on our security team
UCISA Major Cyber Incident - Toolkit for CIOs
Paul Harness, Consultant
The impact of a cyber-attack on an educational institution can be highly disruptive. As a result, there are various resources available from UCISA, Jisc, the NCSC and others to help institutions avoid a cyber incident and to prepare detailed response plans should one take place. This presentation launches a different kind of toolkit – one that is intended as a guide for CIOs and senior IT leaders during a major cyber incident. It is based on learnings and experiences of CIOs who have been through such situations, and provides real time help and advice during a crisis.
The British Library Cyber Attack; Learning Lessons for the Future
Ben Barry, Director of Digital, British Library
The British Library suffered a catastrophic cyber attack in October 2023. These are the key lessons of the organisation in dealing with the attack, responding to it, and rebuilding its digital environment following the attack.
Incident Response Fundamentals
Paul Knee, Head of Security Operations, Jisc
This session covers the fundamentals of incident response, focusing on the six key phases: preparation, identification, containment, eradication, recovery, and lessons learned. Participants will gain insights into building effective response strategies to minimise impact, ensure swift recovery, and enhance organisation resilience against cybersecurity incidents.
Lessons learnt after a significant cyber event
Nici Cooper, Deputy Director, Digital Transformation, Mat Flower, (Interim) Deputy Director & Head of Digital Infrastructure/Information Security and Emma Barwell, Head of User Experience and Engagement, University of Wolverhampton
Lessons Learnt after a significant cyber event: please join Nici Cooper, Mat Flower and Emma Barwell as they share their lessons learnt process and findings, as well as their incident communications audit.
Mastering Incident Management: Lessons Learned for Efficient Response and Recovery
David Robertson
Regional CISO for Fife College, North East Scotland College, UHI, University of Aberdeen, University of Dundee and APUC, HEFESTIS
Best practices for efficient incident response and recovery focus on quick detection, clear communication, learning from previous activity and effective coordination. We look at developing a robust incident response plan with defined roles and responsibilities. Engagement in regular tabletop exercises to simulate scenarios, ensuring teams are well-prepared. Implementing a reliable notification and communications to alert key stakeholders swiftly. Prioritising containment, eradication, and recovery efforts, while documenting all actions for future review. Conducting a thorough review to continuously identify lessons learned and update protocols accordingly. We look to ensure faster recovery, limit damage and strengthen resilience against future incidents.
