Dear Anglia Ruskin University,
1. What is your policy for using personally owned devices accessing IT applications?
• We allow access to both student and staff with personal and corporate devices
• We allow access to staff with personal and corporate devices
• We only allow access to corporate devices

2. Do you have visibility into devices that are used to access University applications?
• Yes
• No

3. Do you use multi-factor authentication (such as a hardware token, software code generated by a mobile phone app, or an SMS code) to access IT applications? Please select one answer only.

• Yes, we use multi-factor authentication for all access by students, faculty and staff onto the devices, apps, intranet or IT network
• Yes, we only use it for access to all sensitive data such as financial payments, grades and personally identifiable data (PII) data held on the network
• No, we just use single factor authentication today
• We just use single factor authentication today but we are planning on implementing multi-factor authentication in the next 12 months.
4. What security risks in personal devices are you most worried about when accessing University applications?
• Out of date software. Ex: Operating systems, browsers
• Physical security of devices. Ex: passcode lock
• Jailbroken / Rooted devices
• Others (Please specify)

5. What is your policy regarding patching and updating digital devices, operating systems and apps which access your corporate network? Please select one answer only.

• We implement all patches/upgrades within 48 hours from notification
• We implement all patches/upgrades within 7 days of notification
• We implement all patches/upgrades within 30 days of notification
• It is impossible for us to maintain all devices, operating systems and apps at the latest version and patches/upgrades typically take longer than 30 days to implement.
• We outsource the patching and upgrade of all our devices and systems to a third party

6. Has your university ever been the victim of a phishing attack (where an individual is duped into disclosing their login, password or credit card details via an email purporting to be from a trusted source)? Please select one answer

• Yes
• No
• Don’t know

6a. If yes, how often have you experienced a phishing attack in the last 12 months? Please select one answer.

• 0-5 times
• 6-10 times
• 11-50 times
• 51+ times
• Don’t know

6b. If yes, which is the most common target of the phishing campaigns? (please select one)

• Students
• Lecturers/faculty staff
• Employees
• Other (please specify)

6c. What type of data was being targeted? (select all that apply)
• Student personally identifiable information (PII) e.g. date of birth. National Insurance Nos.
• Employee PII
• Financial/payroll data
• Research/patents
• Other (please specify)

6d. Did you identify the attackers and, if so, are they? (select all that apply).
• Organised cyber-criminals
• Opportunistic hackers (non-organised)
• Political hacktivists
• Disgruntled employees/former employees
• Disgruntled students/former students
• State sponsored hackers
• Other (please specify)

Yours faithfully,

Kelly Friend

foi, Anglia Ruskin University

Dear Ms Friend,

 

Thank you for your request for information under the Freedom of
Information Act 2000.

 

I have provided our responses below (in red type) next to your questions. 
I am sorry but I cannot provide information in relation to numbers 3, 4
and 5 as these relate to our information security systems and this
information is exempt in accordance with the s43 Commercial Interests
clause of the Freedom of Information Act 2000.  

 

If you are not satisfied with our response to your request for information
you can contact us to ask for our decision to be reviewed by our Secretary
& Clerk.

 

If you are still not satisfied following this, you can then make an appeal
to the Information Commissioner, who is the statutory regulator for
Freedom of Information.

 

The address is: Office of the Information Commissioner, Wycliffe

House, Water Lane, Wilmslow, Cheshire SK9 5AF.

 

Tel: 01625 545700.

 

Fax: 01625 524 510.

 

Website: http//[1]www.informationcommissioner.gov.uk

 

This completes your request. 

 

Yours sincerely,  

 

Jacqueline Barlow MBA, MA, ACIS, ACIB

University Records Manager

Secretary & Clerk's Office

3rd Floor, Tindal Building

Chelmsford Campus

Anglia Ruskin University

Bishop Hall Lane

Chelmsford

CM1 1SQ

 

Direct line:- 0845 196 4215

Email:- [2][email address]

Fax:- 01245 495419

 

 

show quoted sections

Dear Anglia Ruskin University,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Anglia Ruskin University's handling of my FOI request 'Phishing attacks'. Thank you for your partial response to the FOI; however, the red type you have mentioned using cannot be viewed via this system. Please can you resend your answers, clearly stating which answer is applicable to the university?

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/p...

Yours faithfully,

Kelly Friend

foi, Anglia Ruskin University

Dear Ms Friend,

Thank you for your email.

I am sorry that you cannot read the red type. I will re-send in a clearer manner.

Kind regards
Jackie

show quoted sections

Barlow, Jackie, Anglia Ruskin University

Dear Ms Friend,

 

Thank you for your request for information under the Freedom of
Information Act 2000.

 

I have provided our responses below (stated as ‘applicable option’ next to
each category that applies).  I am sorry but I cannot provide information
in relation to numbers 3, 4 and 5 as these relate to our information
security systems and this information is exempt in accordance with the s43
Commercial Interests clause of the Freedom of Information Act 2000.  The
public interest in maintaining the exemption outweighs the public interest
in disclosing this information. 

 

If you are not satisfied with our response to your request for information
you can contact us to ask for our decision to be reviewed by our Secretary
& Clerk.

 

If you are still not satisfied following this, you can then make an appeal
to the Information Commissioner, who is the statutory regulator for
Freedom of Information.

 

The address is: Office of the Information Commissioner, Wycliffe

House, Water Lane, Wilmslow, Cheshire SK9 5AF.

 

Tel: 01625 545700.

 

Fax: 01625 524 510.

 

Website: http//[1]www.informationcommissioner.gov.uk

 

This completes your request. 

 

Yours sincerely,  

 

Jacqueline Barlow MBA, MA, ACIS, ACIB

University Records Manager

Secretary & Clerk's Office

3rd Floor, Tindal Building

Chelmsford Campus

Anglia Ruskin University

Bishop Hall Lane

Chelmsford

CM1 1SQ

 

Direct line:- 0845 196 4215

Email:- [2][email address]

Fax:- 01245 495419

 

 

show quoted sections

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org