UUK's recent policy document: Cyber Security: Protecting Universities from the Cyber Threat
Makes the following statement:
"Apply the 20 controls for effective cyber defence as set out on the Centre for the
Protection of National Infrastructure website. Information on the 20 controls can be
found here: http://www.cpni.gov.uk/advice/cyber/Critical-controls/. The website is
dynamic so that it can deal with changes in technology and methodology, so it may
be useful to revisit the controls on regular basis."
The top 20 critical security controls for cyber defence are a baseline
of high-priority information security measures and controls that can be
applied across an organisation in order to improve its cyber defence.
Some of these are very challenging for universities, for example: 'Controlled use of administrative privileges'. Does anyone have views on this?