Agenda - 12th of February (Monday)

12:30 - 13:30

Light lunch upon arrival

13:30 - 14:00

Welcome, introductions, update on other related activities (WISE, Global CEO Forum Security group, FIRST Academic SIG) - Alf Moens (SURFnet)

14:00 - 14:30

Updates on regional collaborations

  • BENELUX group met F2F in Luxembourg.
  • UK-Ireland regional group had one meeting, which was their first. They mainly focused on GDPR issues.
  • NORDIC group is working on their charter, documenting what processes NRENs have and GDPR. The group would like to set up a mailing list and a wiki page. They are planning to meet virtually or F2F around 4 times a year. The plan to invite the Baltics to join remains

SANREN team introduction + IORA (the Indian Ocean Rim Association) 

Roderick (SANREN) has joined SIG-ISM workshop in person for the first time, so the group spent some time getting to know their team and learning about the IORA collaboration which unites around 40 insitutions in the Indian Ocean region.

14:30 - 15:00

GÉANT GN4-3 Security white paper - Alf Moens (SURFnet) & Sigita Jurkynaitė (GÉANT)

Alf presented the Security and Privacy white paper that was submitted for reviews at the end of last year and has now been sent out to NRENs for their comments and scores. SIG-ISM group has been involved in the process from early on by helping to identify the areas of work that needed most attention in the coming years and sub-themes that should be included in the white paper and work plan eventually. The group discussed on which work areas of SIG-ISM and the future project activity overlap, what would be the role of this SIG and other security collaborations in (or parallel) of the project.

The white paper, all annexes and information on the process can be found here.

15:00 - 15:30Coffee break
15:30 - 17:00

Community presentations:

Cybersave Yourself - Albert Hankel (SURFnet) + discussion on developing joint awareness materials

In his presentation, Albert explained that the conventional lecture style trainings on cyber threats do not work. Most of them are focused on phishing and are proven to not be effective. According to Albert, it is important to make the people in our organisations know that they have an important role to play in the overal organisation's security and instead of repeating to them that they are the weakest link invite them to work together. Albert presented a couple of solutions that they developed: Cybersave Yourself (a toolkit for building your own awareness programme) and Privacy Auction game.

This topic was met with a lot of interest. It was decided to create a separate working group and continue discussing ideas for European collaboration the next day.

SANReN Cybersecurity Challenge - Roderick Mooi (SANREN)

Roderick presented in the Cybersecurity Challenge organised by SANREN for the students in their constituencies. A total of 29 teams from 12 South African universities participated.

SURFaudit Benchmark 2017: setup, results, trends - Bart Bosma (SURFnet)

Bart presented the process and the results of the SURFaudit that is being conducted every two years. It is losely based on ISOC standard. This benchmark took place for the 4th time since 2011. Overall scores are similar to 2015, but there are still areas that need to be worked on: awareness and audit/logging.

CLAW exercise - 2017 & 2018 - Charlie van Genuchten (GÉANT)

17:00 - 17:15Closing remarks
20:30Group dinner at El Anciano Rey de los Vinos

Agenda - 13th of February (Tuesday)

08:45 - 09:00


Arrival and coffee

09:00 - 10:30

Working in groups:

WG 1: Inventory for Security Officers

WG 2: Guidance on setting up and running ISMS for NRENs

10:30 - 10:45

Wrap up - short presentations on the work done

WG1 wrap up slides

10:45 - 11:00Coffee break
11:00 - 13:00

Working in groups:

SIG-ISM Value proposition

WG3: Security Awareness

13:00 - 14:00Wrap up, lunch, departures
  • No labels