UUK's recent policy document: Cyber Security: Protecting Universities from the Cyber Threat

Makes the following statement:

"Apply the 20 controls for effective cyber defence as set out on the Centre for the Protection of National Infrastructure website. Information on the 20 controls can be found here: http://www.cpni.gov.uk/advice/cyber/Critical-controls/. The website is dynamic so that it can deal with changes in technology and methodology, so it may be useful to revisit the controls on regular basis."

The top 20 critical security controls for cyber defence are a baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence. 

 Some of these are very challenging for universities, for example: 'Controlled use of administrative privileges'.   Does anyone have views on this?

UCL Institute for Security and Resilience Studies

The UCL  Institute for Security and Resilience Studies is an interesting centre that was formed in April 2010. 

Their  FAQ states:

ISRS was established for three reasons.

• First, our growing interdependence in terms of financial and economic stability, health, trade, energy and electronic networks (to name but a few areas) leaves us potentially more at risk than ever before.
• Second,  the sheer rate at which risks appear and have to be confronted require a far greater degree of resilience than ever before – resilience within our organisations, structures, systems, business and social culture, both public and private.
• Third, because the innovative approach required to respond to this challenge - to analyse the vulnerabilities, measure the resilience,  identify the deficiencies and propose the practical solutions – can only be achieved by harnessing together the energies and application of public, private, voluntary and academic participants.

The name of the Institute is revealing.  Resilience is not about bouncing back from an incident, but "bouncing forward".

The Rt. Hon. Lord Reid is the ISRS Chair, and formed the Institute when he stood down from the last Labour Government. Moving forward and learning how to operate and prosper in an interdependent world requires private, public and academic partnership.