Every month the CiCS IT Security Group meets to consider and make decisions and recommendations on issues, risks and potential developments that may have an impact on the University’s IT security. This includes, but is not limited to, IT systems, system development, access to systems, system administration practices and IT security policies and processes.
The group’s terms of reference for the group can be found at http://cics.dept.shef.ac.uk/security/IT_Sec_Terms.pdf
A recent review of the group highlighted a lack of visibility of the group and it’s activities. This blog post is the start of what will become a monthly summary of the groups activities.
Members of the University are invited to submit non-urgent IT security concerns and issues to the group. To submit an IT security concern please contact the group secretary (Chris Willis, firstname.lastname@example.org) who will then pass your concern on to the Chair for further consideration.
This leads on to reporting urgent IT Security concerns. Prompt reports by members of the University help us to mitigate the impact of incidents and gives us the opportunity to quickly get on top of vulnerabilities before they became actual security incidents.
If you discover a security incident (actual or potential) then talk to someone, by phone or face to face, immediately. There's more information on how to report an incident in the Security Incident Policy: http://www.shef.ac.uk/cics/policies/securityincident
If you have any questions about anything covered in this post then feel free to ask them in the comments below or contact Chris Willis, email@example.com