Security Services
The development, set up and maintenance of Information Technology (IT) security policies and procedures, and provision of security services, to protect the integrity and security of all IT systems within the University from unauthorized access, alteration and attacks. Advice and assistance on IT security issues is also provided, including security of student and staff owned systems.
CITS will:
- Manage and develop anti-virus services for use within the University.
- Install anti-virus software on University machines and provide an automatic update service.
- Provide a University wide Firewall with appropriate policies to ensure all University IT services and systems are appropriately protected.
- Monitor various security sites for information on viruses and system security alerts and provide information to Faculties and Departments.
- Carry out system vulnerability scans.
- Advise and help with clean-up of compromised systems.
- Provide a Public Key Infrastructure (PKI). Every member of University is entitled to a personal certificate, which can be used for encrypting and signing emails. These certificates may also be used for encryption of files on Windows desktop pcs (EFS) carry out periodic scan of passwords to identify weak passwords.
- Develop and run a secure VPN and SSL VPN service, including a service for University contractors.
- Run a secure Guest Access service.
- Give guidance to the University IT Security committee and oversee implementation of its initiatives.
- Enforce the University IT Security Policy and provide guidance to customers explaining how it applies to them.
- In disciplinary cases, advise on the University IT Security Policy, as well as forensic analysis and evidence gathering.
- Give advice on IT security best practice.
- Prepare, rehearse and invoke when needed, disaster recovery procedures for CITS run University services.
- For personally owned systems, provide advice on anti-virus and IT security issues to staff and students of the University.
Customers will:
- Conform to the requirements of the University IT Security policy and University Terms and Conditions of use of IT equipment.
- Take appropriate measures to ensure their computers are adequately protected against viruses and intrusion, including automatic patches of operating system and anti-virus software.
- Report any suspected virus or intrusion to their system to the CITS Security group via the Service Desk.
- Report any suspected compromise of their username and password to the CITS Security group via the Service Desk.
- Change their password on a regular basis, at least once per year, or in some cases every 90 days.