Versions Compared

Old Version 24

changes.mady.by.user Peter Szegedi

Saved on

compared with

New Version 25

changes.mady.by.user Peter Szegedi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Invitation for NREN Security Strategy Workshop

SURFnet is in the process of renewing its strategy with respect to security, privacy and trust. We recognize that other NRENs may also be rethinking their Security Strategy and that it is important to collaborate on an international scale. This is an invitation to join us in a workshop to discuss these issues and look for potential collaborations.

Digital infrastructures have become mission critical for the day-to-day operations of our constituencies. As a consequence, people are starting to take security and privacy in their digital lives more seriously. Ignorance and misuse (such as cyber criminality but also espionage) can lead to profound impacts and losses for individuals and organizations. They need to be able to rely on experts for protection and guidance.

NRENs stimulate optimal use of ICT in Higher Education, be it in new or in proven activities. To enable such use, the HE community needs to feel safe and secure; they need to trust their digital environment. NRENs have a proven track record in this area with trust and collaboration as their core values – the HE community looks to NRENs for protection and guidance. As ICT infrastructures continue to evolve, more and more is required to maintain this position.

In the Netherlands SURF is currently restructuring all the security, privacy and trust (SP&T) activities in such a way that SURFnet will play a leading and guiding role for Dutch HE in the years to come. SURFnet is looking to develop new services, intensify collaborations with academic SP&T research groups and increase dissemination of knowledge and best practices in the HE community. In order to do so, it is in our view very important to collaborate with other NRENs on an international scale. This is already happening on an operational level in TF-CSIRT for example, but not yet at a strategic level.

In addition, for some time now a couple of NREN Chief Information Security Officers (CISOs) have been talking about setting up a CISO-working party. Currently it is unknown how many NRENs have a CISO or someone acting as a CISO. A couple of CISOs think it is useful for NREN CISOs to know each other and to start working together in addressing the many issues the NRENs and their constituents are facing now and in coming years.

The NREN’s have been working together for more than twenty years, based on mutual trust. We are moving from networking to application services, we therefore need to define what the trust is based upon and how we can ensure future cooperation can be achieved with the same of higher level of trust.

Workshop

To foster international collaboration at a strategic level, we would like to organize a security strategy workshop with a number of selected NRENs leading in SP&T in the NREN community. Our goal is to share views on SP&T, discuss issues and look for potential collaborations. If successful, the result will be a shared view on how NRENs can collaborate internationally on SP&T and a list of follow-up actions. Themes we already identified are:

-          How can NRENs exchange strategic views on SP&T and work towards a shared view?

-          How can NRENs develop a trust framework between NRENs and for their products and services?

-          How can NRENs exchange knowledge on and approaches to important SP&T issues (such as the upcoming European privacy laws)?

-          How can NRENs learn from other SP&T NREN services? (e.g. copy them or procure them from another NREN)

-          Are there any SP&T issues that can only be solved in international collaborations?

-          How can NRENs organize this? Is there interest in forming a dedicated community of CISOs and other security managers?

Preliminary programme proposal

Day 1

13.30               Plenary

                        - welcome & purpose of workshop

                        - introduce flip charts with major questions (people can sticker ideas throughout the workshop)

                        - provocative (?) speaker to kick off discussions

14.30               Break

15.00               Parallel sessions

                        CISO

                        - How can NRENs develop a trust framework between NRENs?

                        Services

                        - How can NRENs develop a trust framework for their products and services?

16.30               Report back on parallel sessions

17.00               Drinks & check-in hotel

19.00               Dinner

 

Day 2

09.00               Plenary

09.30               Parallel sessions

                        CISO

                        - How can NRENs exchange knowledge on and approaches to important SP&T issues (such as the upcoming European privacy laws)?

                        Services

                        - How can NRENs learn from other SP&T NREN services? (e.g. copy them or procure them from another NREN)

10.30               Break

11.00               Report back on parallel sessions

11.30               Plenary & wrap up

                        - come back to flip charts and try to answer major questions

                        - conclusions & future outlook

                        - thank you

12.30               Lunch

 

Major questions for flip charts

-          How can NRENs exchange strategic views on SP&T and work towards a shared view?

-          Are there any SP&T issues that can only be solved in international collaborations?

-          How can NRENs organize this? Is there interest in forming a dedicated community of CISOs and other security managers?-          …