Page 28 - Data and Digital Technology Strategy 2024-2026
P. 28
STRATEGIC PRINCIPLES STRATEGIES AND ACTIONS
SECURITY
PRINCIPLES The RVC will proactively detect potential
Appropriate governance will be used RVC data will be stored and transmitted or actual malicious activity affecting the
with effective controls to prevent
to secure the RVC’s networks and unauthorised access, modifi cation, or security of its networks and systems.
information systems. deletion. The RVC will defi ne and test its incident
A risk-based approach will be used The RVC will limit opportunities to management processes to ensure
to identify, assess, and understand all continuity of essential functions in the
compromise networks and systems with
security risks. event of failure.
robust, reliable, and protective security
Asset management will be used to measures. When incidents occur, the RVC takes
manage everything required to secure the steps to understand root causes and
The RVC will build networks and systems
RVC’s essential operations and functions. learn lessons to ensure similar incidents
resilient to cyber-attack and system
The RVC will manage security risks failure using multiple layers using the do not reoccur by using principles of
to essential functions resulting from principle of defence in depth. continuous feedback and improvement.
dependencies on external suppliers and The effectiveness of the RVC’s cyber
All staff and students will have
third-party services in its supply chain. security measures will be externally
appropriate awareness and training to
The RVC will defi ne, implement, be secure custodians of RVC’s data and verifi ed and accredited.
communicate, and enforce policies and information systems.
procedures to secure RVC systems and
The RVC will continually monitor
data. its networks and systems to detect
The RVC will understand, document, potential security problems and track the
and manage access to networks and effectiveness of existing measures.
information systems to ensure all access
is verifi ed, authenticated, and authorised,
using the principle of least privilege.
28 28