Cyber crime represents an increasing threat to the University, its people and its data. To improve the University’s defences, a set of policies has been established to increase and maintain the security of IT systems and information at all levels. These policies apply to all University-owned computers and must be followed by everyone, including individual users and IT staff. The compliance date for the policies is 1 April 2026. Details are available on the UIS web site at https://help.uis.cam.ac.uk/policies.

ICS staff have been working hard for some time to implement the policies within the Department. To support that work, the Department’s IT Committee has agreed the following requirements for all users and for all University-owned computers (i.e. purchased using funds held in the Department, whether in a GL account or a grant).

Current and patched operating system

All computers on the Department’s network ought to be running a current operating system that is receiving patches. For all University-owned computers, including servers, this is a requirement.

Tanium

Tanium monitors a computer’s operating system and software, checking that updates are installed, and alerting IT staff to security issues. Tanium must be installed on all University-owned computers, including Windows PCs, Macs and Linux systems. You can find more details about Tanium on the Department’s Computing Help and Support site: https://help.eng.cam.ac.uk/cyber-security/tanium/ .

Trellix Endpoint Security (ENS)

Trellix ENS (formerly known as McAfee) protects systems against malware, ransomware and other threats. All University-owned Windows PCs and Macs must have Trellix ENS installed by ICS staff. They will link the software to the Department’s Trellix ePO console, so that any malware or other threats identified on computers will trigger an alert for ICS  staff to investigate. Trellix ENS is not recommended for Linux systems; a separate solution will be provided for them in due course.

Trellix Endpoint Detection and Response (EDR)

Trellix EDR is an add-on to Trellix ENS that detects unusual activity or unrecognised files and triggers a central alert when needed. Trellix EDR is not recommended for Linux systems; a separate solution will be provided for them in due course.

Cyber security awareness training

All University and College staff, students and others who use University information services must complete the University’s cyber security awareness training every year. The training course runs on the MyCompliance platform, and reminders to complete the training are sent by e-mail.

Acceptable Use Policy

Users should familiarise themselves with the University’s Acceptable Use Policy. The policy applies to all users of University information services, and compliance has been required since April 2025.

Privacy

All of the additional security software mentioned is installed and configured in accordance with the University IT Privacy Notice. None of it will be used to collect information about individual usage patterns, activity or browser history, and none of it will collect information about your documents.

Installing the software

If your computer is owned by the University, you must allow ICS staff to install the software on your computer, as described above. Where software has not already been installed, ICS staff will carry out the installation between now and the compliance deadline of 1 April. In some cases, they may need physical access to your computer; in others, the installation may be done using remote deployment tools on Windows and Linux. You do not need to do anything to arrange this.

Exceptions

It may not always be possible to comply with all these requirements. For example, a computer may be connected to lab equipment that requires an old version of Windows. Where this is the case, please talk to ICS staff. There is a formal process for approving exceptions to the policies, and any non-compliant computers or systems must go through it. ICS staff will assist you in making systems compliant where possible and in working through the exceptions process if necessary. Exceptions will require justification, and approval may require mitigations to reduce the risks that the exception will create. For example, this might involve restricting a computer’s network access.

If you would like to request an exception to the policies, or if you have any other questions or concerns, please contact helpdesk@eng.cam.ac.uk in the first instance, and the ICS Support Team will direct your query appropriately.