Page 28 - Data and Digital Technology Strategy 2024-2026
P. 28

STRATEGIC PRINCIPLES STRATEGIES AND ACTIONS






                             SECURITY
                             PRINCIPLES                                                                                     The RVC will proactively detect potential


                              Appropriate governance will be used           RVC data will be stored and transmitted        or actual malicious activity affecting the
                                                                              with effective controls to prevent
                                to secure the RVC’s networks and              unauthorised access, modifi cation, or          security of its networks and systems.
                                information systems.                          deletion.                                     The RVC will defi ne and test its incident

                              A risk-based approach will be used            The RVC will limit opportunities to            management processes to ensure
                                to identify, assess, and understand all                                                      continuity of essential functions in the
                                                                              compromise networks and systems with
                                security risks.                                                                              event of failure.
                                                                              robust, reliable, and protective security
                              Asset management will be used to               measures.                                     When incidents occur, the RVC takes
                                manage everything required to secure the                                                     steps to understand root causes and
                                                                             The RVC will build networks and systems
                                RVC’s essential operations and functions.                                                    learn lessons to ensure similar incidents
                                                                              resilient to cyber-attack and system
                              The RVC will manage security risks             failure using multiple layers using the        do not reoccur by using principles of
                                to essential functions resulting from         principle of defence in depth.                 continuous feedback and improvement.
                                dependencies on external suppliers and                                                      The effectiveness of the RVC’s cyber
                                                                             All staff and students will have
                                third-party services in its supply chain.                                                    security measures will be externally
                                                                              appropriate awareness and training to
                              The RVC will defi ne, implement,                be secure custodians of RVC’s data and         verifi ed and accredited.
                                communicate, and enforce policies and         information systems.
                                procedures to secure RVC systems and
                                                                             The RVC will continually monitor
                                data.                                         its networks and systems to detect
                              The RVC will understand, document,             potential security problems and track the
                                and manage access to networks and             effectiveness of existing measures.
                                information systems to ensure all access
                                is verifi ed, authenticated, and authorised,
                                using the principle of least privilege.






            28                                                                                                                                                    28
   23   24   25   26   27   28   29   30   31   32