3-Level Defence and Implementation

Table of Contents

The 3-Level Defence





  1. Set up a University-wide Committee overseeing information security and data management with enforcement authority to reflect its strategic oversight of information technology, and the need for enhancement and resource authority.
  2. Deploy Information Security and Data Management Policy.
  3. Embed information security and data management into Business-As-Usual.
  • Phase 1 – “Build Foundation”
  • Phase 2 – “Bridge Gaps”
  • Phase 3 – “Obtain Comfort”
  1. Empower ITS and ensure sufficient data and security capability and capacity in order to increase involvement in a number of areas, e.g.,
  • University data/ information architecture and security architecture
  • Data & data management standards and security & security management standards/tools
  • Risk/compliance assessments and monitoring at appropriate/ required points