The Information Security Division, led by the University Chief Information Security Officer (CISO), is responsible for leading and owning the University information security risk management strategy.
Based within Information Services for the purpose of administration, the team covers and works with the entire University.
Chief Information Security Officer (CISO)
- Alistair Fenemore
Head of Cyber Security Operations and Consulting Teams
- Iain Pryde
3x Senior Analysts, Cyber Security Operations
2x Senior Information Security Consultants
The Information Security Directorate, led by the University Chief Information Security Officer (CISO), is responsible for leading and owning the University information security risk strategy. We encourage all areas across the University to take a risk based approach to managing information security risks, providing advise and guidance about the suitability of controls. Within the Directorate, there are two main sections, Cyber Security Operations and Information Security Consulting.
The Cyber Security Operations Team works with key partners to provide proactive and reactive response to cyber security threats and incidents across the University using specialised tools and experience to help keep University colleagues and data safe.
The Information Security Consultancy Team provides advice on existing and emerging information security threats, delivering security awareness training to help counter them and better equip our community to manage these risks. They also provide advice and guidance for projects and local business teams, including those developing or considering new services and for those conducting research. A key element for this work is helping to assess information security arrangements at third parties who have access to University systems or data.
When required, the Directorate provide specialist support to the management and resolution of cyber/information security incidents.
If you are the victim of an information security attack: phishing, a computer virus infection, or even receive an email message that you think may leave other University members particularly vulnerable, report it to the IS Helpline:
If you are a staff member you can send the suspicious email as an attachment to is.helpline@ed.ac.uk where it will be collated with other reports of the same attack (Sending the email as an attachment preserves the email headers and gives us a better chance of stopping any further attempts to propagate the email). If you are a student please contact AskEdHelp.
*Please do not send screenshots or forwarded copies of the email, as it will not give us this data.
If you want to report a data protection breach, or have a data protection query, please visit the Data Protection Officer Contact page:
Data Protection Officer Contact
If you have a more general Security Query, want to get in touch about some work you are doing for the University or have any feedback regarding the Information Security Webpages the email address for the team is:
If you are looking for some general advice so that you can be more proactive, we have a library of guidance available here:
The Information Security Team are starting a program for Information Security Champions, individuals within the university who are willing and able to lend their expertise to helping others with good advice, helping them follow the right processes when requesting resource from the central team and raising concerns when they see bad processes or behaviours in their area.
For more information on the program, go to: