The Information Security Division, led by the University Chief Information Security Officer (CISO), is responsible for leading and owning the University information security risk management strategy.
Based within Information Services for the purpose of administration, the team covers and works with the entire University.
-
Chief Information Security Officer (CISO)
- Alistair Fenemore
-
Deputy CISO
- Garry Scobie
-
Senior Information Security Consultants
- Gareth Poxon
- Angus Rae
-
Head of Cyber Security Operations
- Iain Pryde
-
Senior Analysts, Cyber Security Operations
- Michele Clarkson
- Richard Goodall
- Martin Shaw
The CISO Division, led by the University Chief Information Security Officer (CISO), is responsible for leading and owning the University information security risk strategy. We encourage a risk based approach to provide holistic responses to information security risks.
The team leads University wide information security initiatives, provides strategic advice on existing and emerging information security threats and delivers security awareness training to support this. Training is delivered through a multi-media blend of podcasts, live sessions and online short courses via the Learn platform.
The team also provides advice and guidance for projects, including those developing new services and for those conducting research. We are also available to assess vendor responses to procurements that require a security input and contribute to the management and resolution of security incidents when they arise.
Our updates can be seen on our web homepage, and twitter account.
If you are the victim of an information security attack: phishing, a computer virus infection, or even receive an email message that you think may leave other University members particularly vulnerable, report it to the IS Helpline:
You can send the suspicious email as an attachment to is.helpline@ed.ac.uk where it will be collated with other reports of the same attack (Sending the email as an attachment preserves the email headers and gives us a better chance of stopping any further attempts to propagate the email).
*Please do not send screenshots or forwarded copies of the email, as it will not give us this data.
If you want to report a data protection breach, or have a data protection query, please visit the Data Protection Officer Contact page:
Data Protection Officer Contact
If you have a more general Security Query, want to get in touch about some work you are doing for the University or have any feedback regarding the Information Security Webpages the email address for the team is:
If you are looking for some general advice so that you can be more proactive, we have a library of guidance available here:
The Information Security Team are starting a program for Information Security Champions, individuals within the university who are willing and able to lend their expertise to helping others with good advice, helping them follow the right processes when requesting resource from the central team and raising concerns when they see bad processes or behaviours in their area.
For more information on the program, go to: