What We Do
The wealth of valuable research data and masses of personal information that the University holds makes it a prime target for external attacks, online fraud and information theft. In recent years, there has been a huge expansion in the number of systems on the University network and the sophistication and number of threats has increased significantly. That is why effective information security is absolutely vital.
The Information Security Team is made up of the Governance, Risk and Compliance Team (GRC) and the Oxford Computer Emergency Response Team (OxCERT). We provide the tools, guidance and support for divisions, departments and colleges to implement effective local arrangements and adequately manage information security risk. We also monitor networks and systems to prevent and respond to external attacks.
The Governance, Risk and Compliance Team
GRC helps divisions, departments and faculties to understand and manage their own information security risks in line with University policy. Our mission statement goes like this:
- We define and keep the University information security policy framework up to date and fit for purpose, and support divisions, departments and colleges to implement it.
- We run the online information security awareness module and other tailored training activities upon request.
- We're responsible for the University’s information security risk management process, supporting departments and faculties with tools, templates and consultancy to manage information security risks associated with their IT, projects and third-party agreements.
- We work with IT support officers across the University to ensure their IT security control environments are robust.
- We work with colleagues to identify regulatory and legislative requirements, and ensure their policy and control arrangements adequately meet them.
- We operate the information security compliance programme to meet University and external requirements, and provide assurance to stakeholders.
Oxford Computer Emergency Response Team
OxCERT is responsible for monitoring network activity and essentially stopping the bad guys getting at our data:
- We monitor networks across the University to identify risks and issues, and support effective network management.
- We respond to and manage technical threats ('vulnerability management', in the jargon), working with IT support officers where appropriate.
- We're in charge of the process for managing information security incidents, liaising with local officers and central functions (e.g. Data Protection and Legal Services) where appropriate.
- We investigate suspicious activity and compromised systems to solve issues promptly and make sure lessons are learned.
Please report any IT security-related incidents at the University via OxCERT's online incident form. To get in touch with OxCERT directly:
- Email: firstname.lastname@example.org
- Phone: +44 1865 2 82222. (Our office hours are 9am–5.30pm GMT/BST, Monday–Friday. You can leave a voicemail outside of hours).
- Public Key: https://help.it.ox.ac.uk/sites/ithelp/files/resources/pgp-oxcert-2017-pubkey.asc
- KeyID: E4565BE0
- Key fingerprint: CB49 4A5C 4D46 B9AF DC05 C9D9 3E01 7803 440A 9397
- To report phishing scams targeting University credentials, email: email@example.com. Full details of how to report a phishing scam.