Agenda - 5th of October (Thursday)

12:30 - 13:30

Light lunch upon arrival

13:30 - 14:00

Welcome, introductions, update on other related activities (WISE, Global CEO Forum Security group, FIRST Academic SIG, CLAW exercise)

Welcome by Alf, apologies, changes of staff followed by an introduction of the participants of the meeting.
Presentation by Alf on international collaboration regarding Information Security.

Agreed to send follow up information on CLAW - Sigita will send an interactive poster to everyone that can then be shared internally.

Alf proposed to create an overview of various security collaborations - an online page with basic information and links to the websites.

14:00 - 14:30

"On the safe side" - information on safety and security for the Norwegian higher education sector Øivind Høiem, UNINETT AS

Presentation on UniNETT project sikresiden.no. After the presentation, Oivind demonstrated the website of the project. Questions asked if other institutions could use the content of the program. Materials can be used by other institutions, but alterations should be discussed with UNINETT.

14:30 - 15:00

Updates on regional collaborations

Nordic ISM Network meeting slides - Urpo Kaila, Rolf Sture Normann

Nordic region: The goal for now is to find the best practises for sharing. Institutions can only join the collaboration by invitation. Looking at the possibility to invite the Baltic states to join the collaboration. Rolf was appointed as Chair of the Steering Committee. There is no Charter yet, but it will discussed during the next meeting this autumn. Explore the possibilities to invite other E-infrastructures too.

UK/Ireland region: Due to staff/other issues the collaboration had not have the best start, but progress is being made. So far, they had one meeting. More to follow.

Benelux region: Had one meeting so far in Brussels. BELNET and SURFnet shared information on ISMS they use.

After the updates the group discussed if there can be more regional collaborations, e.g. German speaking region (Germany, Austria, Switzerland).

It was suggested to have a slot for Regional Collaboration at the future SIG-ISM meetings, so that the regions can have their own F2F meetings.

15:00 - 15:30Coffee break
15:30 - 16:15

GDPR discussion with introductions by Alf Moens (SURFnet), Rolf Normann (UNINETT) and Urpo Kaila (CSC) 

Main focus is to create awareness.

Urpo’s presentation “GDPR Roadmap for NRENs and their Constituents”.

Action list:
- Appoint DPR-officer and register to Supervisory Authority
- Internal review
- Update your services and people to conform with the GDPR requirements
- Ensure your providers are GDPR compliant
- Identify and define Data Controllers and Processors
- Define/update privacy policies
- Be ready for GDPR on May 25th 2018!

Then, Urpo presented a training method for all staff by telling a story.
Rolf shared his experience with staff training in Norway. They had a meeting where the implementation of GDPR in ISMS was discussed with higher education institutions. The goal is set to provide a Guideline on how to read GDPR, with a focus on privacy and confidentiality. The affiliated institutions are setting up an overview and checklist to collaborate GDPR with ISMS. They are also trying to discuss the implementation of GDPR with Incident Response Teams.
After Rolf’s update on GDPR implementation in ISMS, the group discussed how they could help each other and share their experiences with the implementation of GDPR. Also, the way to approach the authorities with GDPR related questions was discussed. The group came to the conclusion that it is better to come up with a hypothetical situation and ask how to proceed instead of asking for solutions for specific situations.

16:15 - 17:00

GN4-3 Security white paper discussion with introduction by Alf Moens (SURFnet)
Security white paper outline
Security white paper slide - Alf Moens

Alf and Sigita explained the need of the GN4-3 White paper and invited the participants to come up with ideas for the White paper. That led to a lot of input by the participants and a lively and open discussion on GÉANT’s role in the community.

(The GÉANT White Papers are the vehicle used by experts to propose to the GÉANT community, activities that could be pursued over the next 4-5 years. Some of the ideas will be included in forthcoming EC and other funding proposals.)

You can find the initial ideas of the group here.


17:00 - 17:15Closing remarks
18:30Dinner kindly hosted by BELNET at Rouge Tomate

Agenda - 6th of October (Friday)

08:45 - 09:00


Arrival and coffee

After arrival and coffee the split up in two Work Groups

09:00 - 10:30

Working groups:

WG 1: Inventory for Security Officers

Led by Linda, the Working group discussed the progression made since the last meeting and how to proceed further. On Level I the next step is to restructure the table for the Inventory. On Level II the level of information clearance and access to information on the wiki page for non-participants of SIG-ISM was discussed. Most important agreement is that the information on the Level II page should be treated as TLP Amber. For more information, see the wiki page or contact Linda Cornwall.

WG 2: Guidance on setting up and running ISMS for NRENs

The Working group split up in three groups. The first group, led by Oivind, focussed on Risk Analysis. A couple of points of attention were broad up. First, the Risk Analysis group needs to create a list of possible participants of this group. Second, the group needs to create a list of tools that can be used for Risk Analysis. Third, the group needs definitions of ISO.
The second group, led by James, focussed on Controls. Discussed were which control sets should be used. Also, the group needs to come up with a plan for prioritisation, presentation, training and awareness, and effectiveness.
The third group, led by Sandy, focused on Annual Planning. They tried to set up a structure for the wiki page. This structure will include an explanation of the process, how to evaluate the process and a method to collect CISO annual reports.

For more information on any of these subjects, please contact group leaders (Øivind Høiem, James Davis, Sandy Janssen).

After working in separate groups, the results were discussed in an open discussion. During the discussion it was suggested to not only collect annual CISO reports, but also quarterly reports.

Business Continuity Framework slides - Alf Moens

10:30 - 11:00Coffee break
11:00 - 12:30

Working groups and open discussion with all participants

Second round of Working groups' discussions.
WG 1: The Working group will make adjustments on the Level I wiki page to get a better overview. They will also work out the process for access to Level II information. The WG1 invited the members to give their input on how this process should look like.
WG 2: The Risk Analysis group will align their process with the Control group. The Control group will have a follow up discussion on Input and Output. The Annual Planning group will produce a table on the wiki page where members can find any information on the subject and give their input. 

Follow up on GN4-3 White paper brainstorm session

The collected ideas were rated in a live poll based on their relevance and urgency and will be processed in the next version of the White paper. The results of the poll can be found here (pdf) and here (xlsx).

12:30 - 13:30Wrap up, lunch, departures



  • No labels