2nd talk of the conference is about Information Security.<\/p>\n
Information Security is starting to be taken a lot more seriously in HE. We have seen threats increase (e.g. Code Red, Blaster), and we are now seeing more pressure to manage the risks. The speakers (Mike Roch
\n, University of Reading and Andrew Cormack, UKERNA) suggest that there is a need for a ‘toolkit’ for Information security.<\/p>\n
One possible framework for this is BS7799. However, this standard has not been widely adopted for accrediation purposes, but it may still be useful as a toolkit. There is now an updated version of the standard (ISO\/IEC17799:2000), which is more descriptive and has more support from the governing bodies.<\/p>\n
So – what is in BS7799-2:2002?<\/p>\n
Information Security Policy
\nOrganisational Security
\nAsset classification and control
\nPersonnel security
\nPhysical and environmental Policy
\nCommunications and operations management
\nAccess control
\nSystem development and maintenance
\nBusiness continuity management
\nLegal compliance<\/p>\n
However, there are some things missing that perhaps is relevant to HE, which generally relate to the flexibility our users expect (attaching their own equipment to the institutional network, use of the network for social use, etc.)<\/p>\n
It took a while to get round to it, but these are the speakers recommendations as to what policy documents are required:<\/p>\n
There may also be a need for<\/p>\n
This all seem very well, and some of these policies we already have, but some suggestions seem completely impractical. It’s all very well having a policy saying ‘if you encrypt information, it must be retrievable’ but pretty much impossible to enforce.<\/p>\n
Overall I’m thinking – oh god, not more policies. I do see the point, but lets get this done as easily, and painlessly as possible.<\/p>\n","protected":false},"excerpt":{"rendered":"
2nd talk of the conference is about Information Security. Information Security is starting to be taken a lot more seriously in HE. We have seen threats increase (e.g. Code Red, Blaster), and we are now seeing more pressure to manage the risks. The speakers (Mike Roch , University of Reading and Andrew Cormack, UKERNA) suggest […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[28],"class_list":["post-454","post","type-post","status-publish","format-standard","hentry","tag-ucisa-2004"],"_links":{"self":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts\/454","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/comments?post=454"}],"version-history":[{"count":0,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/posts\/454\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/media?parent=454"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/categories?post=454"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.meanboyfriend.com\/overdue_ideas\/wp-json\/wp\/v2\/tags?post=454"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}