Rolf: Introductions and welcoming

 

13:00-13:30

Welcome and round of Introduction

Alf Moens - SURF

-----------------------------

Welcoming and thank you for hosting

Potentially workshop tomorrow at security management

Introduction on first London workshop and some background information. Copenhagen also background on our workshop

Introductions of people in the room and what are the worries in their environments

·         Aleksander - management problems since traditional approach on security is not working for them

·         Prague NREN - establish an ISMS and at the moment finalising the current processes

·         Travic - security is taking the wrong direction. EC regulations

·         Claudio - too many experts coming from outside the environments and sometimes opinions do not fit the environment

·         Uninet - we have so much data and little time to effectively manage data

·         Bart - users and especially students

·         Cynthia - users informed on what is happenning at world of information security. Organization on security, policies and user awareness

·         Fernard - eager to share information at beginning, BUT very little for him on wiki to kick start his security. About a common risk framework for smaller organizations and SIG-ISM is behind schedule on helping and disseminating information and add value

·         Linda - proliferation of technology. Cloud incidents. Manpower issue

·         DAIC - legal considerations and demands in the coming years with national and local regulations and they have an old fashioned way to work. So things should change to live up to the expectations

·         Oivind - lack of management on information security. Asset classification and right level of information security.

·         Urpo - NREN's compliance. Lack of operational security. Senior management not overlooking security very well and security going down to priorities. Advances on security and technology. Privacy regulations. Management commitment. What SIG can bring

·         Rolf - efforts we make on paperwork is it in-line with organization? Changes on the way they operating? Does those changes also apply to the environment? Motivate and get organizations to be better.

·         Roderick -  what happens when a major incident happens. Constituency. More prepared

·         Ingimar - manpower lack and whatever referred above e.g. legal issues. How to address security managerial issues - approach from above. Involvement of management.

·         Alf - targeted frauds. What happens and being seeing

·         James - ( had problems with connectivity - please kindly add here)

 

 

13:30-14:00

Information security governance in universities – status and challenges in the Norwegian HE sector 

Tommy Tranvik - University of Oslo

 

ISMS project financed by the secreteriat at UNINAT

3 part project

Study - the status of the ISMS and challenges

Implementation of ISMS

Test ISMS approach and if it works in practice

 

2 yr project frame

How ISMS is working in practice

 

It was not supposed to be a study

 

Whether governance levels can achieve governance

Design of the ISMS and how this study could be implemented. 20 state-woned HE intitutions participated to check what was on paper

Interview key people what actually done

Found that it was gaps on documentation to implemented controls

50 representatives from those 20 institutions participated in the study

13 out of 20 institutes had something like ISMS on paper

Lack of coherence from the documentation

How the system was related on other work processes

Security organization was scattered on various documents due to lack of direction from faculty and not being in one paper.

Heavy emphasis on technical security and data protection and security

No understanding from management on what was written on documentation

Only few institutions had implemented and established a good posture ISMS

However it had been found how ISMS was implemented was wrong

Focus on processing personal data for administrative purposes and not research data

It was identified that security became more of an urgent matter and more resources were provided. However management involvement was sporadic or non-existent

Organization of security was little

Risk assesments were rare and not routine

Intergation in daily activities was limited

And ad-hoc behaviour of security incidents and other events  (project than a process)

Gaps on ISMS design organizational features and institutional cultures

14:00-14:30

Setting the scope for your ISMS

James Davis - Jisc

14:30-15:00

Coffee break

15:00-15:30

Enterprise Security Architecture

Fotis Gagadis - GÉANT 

 

Action - Fotis to create a small presentation/paper on ESA due to problems with mic/voice etc by presenting remotely

15:30-16:00

WISE Report - Results from TNC and XSEDE

Alf Moens - SURF

 

Explaining WISE

Working on e-infrastructures security

Explaining the topics of WISE and activities

Prague meeting in 2-weeks time

 

16:00-17:00

Open discussion on the future direction of SIG-ISM:

How to strengthen trust among the NRENs. 

 

Discussing the future of SIG-ISM

  • No labels