Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joint Information Systems Committee Supporting Higher and Further Education Information Security: Policy and Culture Introduction and Background Annette.

Similar presentations


Presentation on theme: "Joint Information Systems Committee Supporting Higher and Further Education Information Security: Policy and Culture Introduction and Background Annette."— Presentation transcript:

1 Joint Information Systems Committee Supporting Higher and Further Education Information Security: Policy and Culture Introduction and Background Annette Haworth ex-Chair of ex-JCAS Director of Information Services,The University of Reading

2 Joint Information Systems Committee Supporting Higher and Further Education Background – JCAS - Issues Security is about confidentiality authenticity integrity of information Is HE/FE special? – in general, no but – large number peripatetic users/shared PCs/ across public networks/home-working etc – possible odd deals eg ILL, JISC-services...

3 Joint Information Systems Committee Supporting Higher and Further Education Background – JCAS - What do we know? Many H/FEIs not got/afford enough technical/managerial expertise What definitely needs doing? – Longterm future of JISC-services and related authentication/authorisation service (aka - what do we do about Athens?) – broadening of concept to help sites

4 Joint Information Systems Committee Supporting Higher and Further Education Background What did we end up doing? Well, yes, we did have the JISC-service related problems to solve But the real problems institutions face are far broader they are Technical - solutions are not without their complexities, but if there is one & youve got the money/expertise, you can use it - QED But what solution do you need - institutional aims, cultural and legal environments. Definitely not QED

5 Joint Information Systems Committee Supporting Higher and Further Education Background JISC's Work on Security Policy and Planning 1999Pilot study of the BS7799 methodology 2000Evaluation of BS7799 project -Policy advice to HEIs and FECs -Senior Management Briefing Paper 2001Study of user attitudes to security

6 Joint Information Systems Committee Supporting Higher and Further Education An Anecdote or How the JISC helped me to survive (so far) Take this Contemplate it in your own environment Survive!

7 Joint Information Systems Committee Supporting Higher and Further Education …….but why Reading is still working on an information security policy? This is not a one-person job on the side and its not my survival that matters – its the institution What is it aiming to achieve, how can a security policy help/hinder? What is a policy? What is the policy? Who owns it? How is it updated? Is it embedded in the culture? Embedded in other policies? A separate tick-box get-you- through-the-audit item? Have we done the right risk analysis? e.g. perfect security cd. stop our academics doing something valuable

8 Joint Information Systems Committee Supporting Higher and Further Education Introduction Messages for the Day (1) Policy is vital -Needed to establish responsibilities -Needed as a guide when action is required -Needed as an indication of good practice [legal compliance, auditors, ecommerce etc]

9 Joint Information Systems Committee Supporting Higher and Further Education Introduction Messages for the Day (2) BS7799/ISO17799 is a feasible approach to use -but hard work to implement in full -there are alternatives which may suit you better [e.g. the German Federal Govt handbook] More important to get a workable policy in place than to get hung up on any one methodology!!

10 Joint Information Systems Committee Supporting Higher and Further Education Introduction - This session Information security policy: what should it aim to achieve? Towards an institution-wide security policy Security: a matter of user perception


Download ppt "Joint Information Systems Committee Supporting Higher and Further Education Information Security: Policy and Culture Introduction and Background Annette."

Similar presentations


Ads by Google