In an ongoing effort to protect the UCT network and its digital and physical information resources, an Information Security Management System (ISMS) is being established for the university.  

An ISMS provides the University with a systematic way of protecting its digital assets (i.e., information, data, software, hardware, etc.), which includes all information no matter what format it is in. This includes your data and that of the university that is stored on all UCT systems and services, online storage platforms, paper-based documentation, and even intellectual property. It also guarantees that a formal process is in place to continually govern information security, and manage UCT’s policies, procedures, guidelines, and associated resources.  

UCT has access to and is entrusted with a vast amount of information that is highly sought after. This information is subject to a range of threats which may exploit vulnerabilities and give to risk being realised. 

Potential threats

  • social engineering 
  • theft 
  • fraud 
  • various forms of cyberattacks 
    • phishing  
    • malware  
    • Ransomware 
    • denial of service attacks and more 
  • fire 
  • flood 
  • earthquakes 
  • landslides 

By identifying current and potential risks, appropriate controls such as multi-factor authentication, encryption, and regular security audits are put in place to protect information. The university can also better address identified risks that could impact its operations.  

 

Benefits of an ISMS 

  • This proactive approach prepares UCT for a wide range of scenarios that could affect its reputation, financial sustainability, and competitiveness.  
  • By complying with international standards (ISO 27001 security standard), UCT is seen as a digitally secure institution. 
  • UCT has a competitive advantage when it comes to applying for grants as the university is actively demonstrating information security. 
  • Defined controls are in place and implemented toward ensuring the confidentiality, integrity, availability, and authenticity of information. 

 

UCT to undergo ISO 27001 certification  

UCT is in the process of obtaining the International Organisation for Standardization (ISO) 27001 security standard. According to the BSI Group, UCT will set a leading trend by undergoing this process, proving that the university considers information security part of its daily operations.  

 

What is required from you? 

While the university ensures that all staff and students have access to the relevant systems, services, and information applicable to their roles, it is everyone’s responsibility to adhere to all ICT policies.  

These policies may be revised or updated over time. We will keep you informed as new changes or policies come into effect.  

UCT will also embark on a journey to raise awareness of applicable ICT policies and procedures over the next few months. Informational emails, and online and in-person information sessions will be scheduled to help you better understand your roles and responsibilities in safeguarding information at the university.  

The success of all security measures is dependent on the people that have access to UCT resources and their compliance to these measures. By working together, we can continue to proactively protect the university and its information so that its integrity remains intact.     

 

Report security-related incidents  

It is your responsibility to report any security-related incidents related to your UCT account, such as unauthorised access, phishing attempts, or suspicious activity to the UCT CSIRT at csirt@uct.ac.za.