Page 28 - Data and Digital Technology Strategy 2024-2026

avַ

 

 

 

 

 

Page 28 - Data and Digital Technology Strategy 2024-2026
P. 28

STRATEGIC PRINCIPLES STRATEGIES AND ACTIONS






                             SECURITY
                             PRINCIPLES                                                                                     The avַ will proactively detect potential


                              Appropriate governance will be used           avַ data will be stored and transmitted        or actual malicious activity affecting the
                                                                              with effective controls to prevent
                                to secure the avַ’s networks and              unauthorised access, modifi cation, or          security of its networks and systems.
                                information systems.                          deletion.                                     The avַ will defi ne and test its incident

                              A risk-based approach will be used            The avַ will limit opportunities to            management processes to ensure
                                to identify, assess, and understand all                                                      continuity of essential functions in the
                                                                              compromise networks and systems with
                                security risks.                                                                              event of failure.
                                                                              robust, reliable, and protective security
                              Asset management will be used to               measures.                                     When incidents occur, the avַ takes
                                manage everything required to secure the                                                     steps to understand root causes and
                                                                             The avַ will build networks and systems
                                avַ’s essential operations and functions.                                                    learn lessons to ensure similar incidents
                                                                              resilient to cyber-attack and system
                              The avַ will manage security risks             failure using multiple layers using the        do not reoccur by using principles of
                                to essential functions resulting from         principle of defence in depth.                 continuous feedback and improvement.
                                dependencies on external suppliers and                                                      The effectiveness of the avַ’s cyber
                                                                             All staff and students will have
                                third-party services in its supply chain.                                                    security measures will be externally
                                                                              appropriate awareness and training to
                              The avַ will defi ne, implement,                be secure custodians of avַ’s data and         verifi ed and accredited.
                                communicate, and enforce policies and         information systems.
                                procedures to secure avַ systems and
                                                                             The avַ will continually monitor
                                data.                                         its networks and systems to detect
                              The avַ will understand, document,             potential security problems and track the
                                and manage access to networks and             effectiveness of existing measures.
                                information systems to ensure all access
                                is verifi ed, authenticated, and authorised,
                                using the principle of least privilege.






            28                                                                                                                                                    28
   23   24   25   26   27   28   29   30   31   32