What does the Information Security team do?
The Information Security (InfoSec) team supports the mission of the University of Oxford, which is "the advancement of learning by teaching and research and its dissemination by every means", through safeguarding the integrity, availability, and confidentiality of information assets within the University. Thereby helping to empower research and teaching objectives in a secure digital environment.
We are responsible for maintaining the University of Oxford’s information security policy framework. This includes upholding a standard (baseline) for information security, as well as monitoring how compliant members of the University are, through assessments and internal audits. We also maintain important capabilities to manage an effective cyber incident response, when necessary.
We provide support and guidance to University of Oxford staff, academics and students about cyber security and data governance. This helps to make teaching, research, and administration as secure as possible within the University of Oxford. In addition, it helps to protect our collaborations with people both inside and outside of the University.
We offer departments and colleges a range of specialist services. For example, vulnerability scanning, cyber threat and risk assessments, advice on security architecture and controls, as well as formal audits against standards, such as the Payment Card Industry Data Security Standard (PCI DSS).
Who are the Information Security team?
The InfoSec team comprises a group of highly-qualified security specialists, with a wide range of specialised skills, focused on supporting the collegiate University in achieving good security.
Michael Pinhorn, Head of Information Security GRC, University of Oxford, said:
We aim to create a culture of security awareness within the university community. Through education, training, and regular communication, we empower all staff to make informed security decisions, thereby fostering a secure digital environment that encourages collaboration and growth. By ensuring the University's information assets remain protected, researchers and educators can focus on their core objectives with confidence, safe in the knowledge of our commitment to privacy, confidentiality, and regulatory compliance.
What are the goals of the Information Security team?
Our information security goals:
- Protect the confidentiality, integrity and availability of critical information through the effective management of risk. By implementing robust security controls, encryption, and other data protection mechanisms, we can all ensure that research data, academic materials and administrative information remain accurate, unaltered, confidential (when applicable), and free from unauthorised modification
- Through proactive measures and resilient infrastructure, we strive to minimise disruptions, ensuring the availability of critical systems, networks, and applications
- All staff, academics and students are informed about the latest cyber security information and know how they can safeguard themselves and their community against cyber security threats
- Effective teaching and learning experiences are supported by enabling academics and students to leverage digital resources, collaborate securely, and engage in online teaching (when applicable) without compromising the privacy and integrity of educational materials
- All staff, academics and students are up-to-date with their yearly Information Security training
- Support a University wide culture of best practice for cyber security and data governance, which promotes Oxford University as a "trusted" partner
- Working together we can better secure our IT systems, protect our academic research and personal data and make Oxford secure
What is information security training and why is it important?
You may not realise, but most attacks exploit human behaviour. Our staff are one of our most important lines of defence against cyber-attacks. The aim of this training is to help make you aware of your responsibilities in relation to information security and data privacy. The training will help you to safely use personal devices for work purposes, support you to stay secure when working remotely, help you access and share information safely and help you to know how to report phishing attacks and data breaches.