Quality Assurance and Security (QAS) department under the Centre of Information and Communication Technologies (CICT) sets strategy to build secure Information and Information systems at the university. The QAS team proactively collaborates with all the other CICT departments and the campus community to secure system and network resources, and protect the confidentiality, integrity and availability of student, faculty, and staff information. To support this an appropriate governance and policy structure, robust and scalable security architecture and an expansive and continuous security awareness program are implemented.
Vision
To provide security services through a well-implemented security program to deliver optimised risk management whilst enabling pursuit of knowledge, innovation and social responsiveness
Mission Statement
The mission of the Quality Assurance and Security (QAS) department is to make information security programmatic and cultural on campus, enabling the University to succeed in its mission in teaching, research and excellence. The QAS posture increases security andreduces risk while securely enabling access to information for those who need it. To support this mission, the Information Security Office will Develop processes, procedures, and policies required for the protection of confidential information Identify risks to the security of information and systems. Mitigate these risks to levels acceptable to the campus Define security requirements, establish baselines and measure compliance, based on applicable laws, regulations, and best practices Consult with campus users and departments to investigate security issues and evaluate products and processes Collaborate with Information Resources administrators and technical staff to develop the campus information security strategy and architecture Ensure incident response and disaster recovery plans are developed and implemented Respond to and recover from disruptive and destructive information security events Increase campus awareness of information security through training and communication.
Core Purpose
- Effectively mitigate risk and protect the University information and information systems to levels acceptable to the University.
- Ensure access, availability, confidentiality and integrity of information to students, faculty and staff.
- Develop processes, procedures, and policies required for the protection of information system and infrastructure.
- Identify and continuously research security risks to information and information systems.
- Ensure incident response and disaster recovery plans are developed and implemented.
- Work in partnership with systems administrators and technical staff to develop and implement security strategy and infrastructure.
- Define security requirements, establish baselines and measure compliance, based on applicable laws, regulations, and best practices
- Increase cyber security campus awareness through training and communication
Services
- Preventing data breaches, monitoring and reacting to attacks - Critical thinking, curiosity, a passion for learning and research.
- Implementing Access Management Systems - set and implement user access controls.
- Monitoring - network and application performance to identify any irregular activity.
- Performing audits - to ensure security practices are compliant.
- Deploying endpoint Detection and Prevention tools to thwart malicious hacks
- Setting up patch management systems to update applications automatically
- Implementing comprehensive vulnerability management systems across all assets on-premises and in the cloud
- Formulating and implementing ICT Policies
- Backing up and Backup Testing.
- Conducting Awareness Training – internally or for external clients
- Providing Quality Assurance on both internal and external clients systems (ISO, CoBit)
- Conducting Forensic Investigations – Internally and externally.
