A. The University has documented procedures for how it deals with security incidents.
E. http://sites.cardiff.ac.uk/isf/policies/information-security-incident-management-policy/
E. http://sites.cardiff.ac.uk/isf/policies/information-services-regulations-and-acceptable-use/
E. In the near future the University will be able to provide metrics which demonstrate information security performance.