Cybersecurity Coordinators (CSC) are nominated and empowered by the management of their respective departments / offices / units for collaborating with ITSC to coordinate the implementation of cybersecurity measures at their units. (List of CSCs of each department can be found here.)
While the obvious goal is to attain and maintain a healthy level of cybersecurity for the entire University, the exact roles and responsibilities of Cybersecurity Coordinators can be evolving with the development of the current cybersecurity threats. Currently, the Roles and Responsibilities of Cybersecurity Coordinators include the following:
Maintenance of IT Resource Record
- Maintain an up-to-date record, with risk assessment, of the critical IT resources that are deployed at the unit, at the following different levels:
- End-points (e.g. desktop or notebook computer)
- Servers, if any
- Application systems, if any
- Maintain an up-to-date record of cloud applications, and ensure that the applications meet the privacy and minimum security standard requirements
The inventory system provided by ITSC should be used to keep track of these IT resources in a standardized manner so as to facilitate effective and timely resource hardening and incident handling.
- Deploy backup solution, including regular & timely backup, for data in the dept / office / unit.
- Ensure appropriate protection of restricted and confidential data to avoid possible leakage.
- Ensure compliance with the Personal Data Privacy Ordinance.
Compliance to Minimum Security Standard in IT Resource Hardening
- Work with ITSC to monitor if critical IT resources meet the Minimum Security Standard
- Work with ITSC to implement remedial measures in cases when Minimum Security Standard is not met
- Work with ITSC to assess possible risk in deploying new technologies, with due consideration of Risk Classification Examples of Common IT Resources
Incident Reporting and Handling
- Report any identified cybersecurity incident to ITSC as soon as possible
- Follow up on cybersecurity incident in a prompt manner to minimize impact, in accordance with the University’s Cybersecurity Incident Handling Policy
Promotion of Awareness and Compliance
- Work with ITSC to promote the awareness of current cybersecurity issues and good practices among users in the unit
- Work with ITSC to promote the compliance to Acceptable Use Policy and Cybersecurity Policy among users in the unit