Session abstracts

Phishing Simulations: can the data be used to help incident response?
Sam Foster, IT Security Specialist, University of St. Andrews

An overview of the University of St. Andrews phishing simulation programme, our experiences selling the idea to our staff and how we believe the data gathered can be used in incident response to measure current processes and countermeasures.


QMUL Cyber Maturity Journey: Maximising the Value of Trusted Partnerships
Rachel Bence, CIO, Queen Mary University of London and Stewart Hogg, Associate Director of Cyber, Waterstons

Over the past 18 months, Queen Mary University of London (QMUL) have responded proactively to the evolving threat landscape and implemented a number of cyber improvement and initiatives in partnership with Waterstons. This has involved defining a 3-year cyber strategy with the aim of achieving ISO 27001, implementing a 24x7 Security Operating Centre and establishing a virtual security function compromised of QMUL and Waterstons specialists to drive forward the cyber programme.

In this session QMUL CIO Rachel Bence will provide an overview of the cyber transformation journey the University has been on including, challenges, successes and the lessons learned along the way. Stew Hogg, Associate Director of Cyber from Waterstons, will provide insights on the values trusted cyber partnerships can bring in addition to key insights from across the HE sector.


Evolving a people-centric cyber security awareness programme
Madeleine Taylor, Information Security Risk and Governance Manager, University of Cambridge

How we are evolving our Cyber Security Training programme from increasing awareness to including the development of people-centric learning programmes for different groups. For our students, researchers and administrators, we have created a set of resources to help them gain skills in assessing risks, developing an understanding of threats exploiting vulnerabilities in controls, and risk mitigation using control selection. For our IT staff and security teams, we are creating technical, organisational and procedural programmes alongside the risk awareness programmes. With this continuing evolution, we are endeavouring to help nurture a holistic and effective security culture across the whole university.