managing information security in education: power of enforcement or culture of security
Post on 14-Jan-2015
1.347 Views
Preview:
DESCRIPTION
TRANSCRIPT
Managing Information Security in Education
Power of Enforcement or
Culture of Security
Ljubomir Trajkovski , M.Sc. CMCLjubomir Trajkovski , M.Sc. CMC
Information Security Management ConsultantInformation Security Management ConsultantLjubomir.Trajkovski@TPConsulting.com.mk
Trajkovski & Partners ConsultingTrajkovski & Partners Consulting
Skopje, MacedoniaSkopje, Macedonia
www.e-society.mk
A Retorical Question • Today :Today :
– There are cca. 100.000 smart children in basic and high schools allover Macedonia today !
– What we will have tomorrow ?
• Tomorrow we would like to have :Tomorrow we would like to have :– Option 1:
• 100.000 Bill Gates (“World ICT Champions”) or
– Option 2: • 100.000 Hackers ( in State prison “Idrizovo”) or
– Option 3: • reasonable ( acceptable ) number of Bill Gates and
hackers ( IDEALLY AS MANY Bills Gates and AS LESS cyber-prisoners in Idrizovo)
www.e-society.mk
What we could do ?Systematic and holistic approach (attitude) to Option 3
1. State intervention (GoM)regulatory approach ( compulsory measures)
2. Stakeholders’ intervention(Association of Schools)Self-regulatory approach ( semi - voluntary measures)
3. Community/Society approach(NGO, parents)• Awareness and education ( voluntary measures)
IMPORTANT : NOT 1. or 2. or 3. BUT 1.+2.+3.4. ALL KEY ACTORS MUST BE PERSISTENT !!!
www.e-society.mk
Regulatory approach (compulsory measures)- GoM
We have to have :We have to have :
Law for Information Security Law for Information Security Management Systems in Public Management Systems in Public sector ( including Education sector) sector ( including Education sector) in RoMin RoM
Worldwide experience (ISO) Worldwide experience (ISO)
ISO 27001 Information Security ISO 27001 Information Security Management System Standard – ISMS Management System Standard – ISMS
Current experience (RoM): Current experience (RoM):
Law on Classified DataLaw on Classified Data
www.e-society.mk
International Initiatives
UNUNUN Resolution 57/239(2002) on the UN Resolution 57/239(2002) on the “Creation of a global culture of cyber “Creation of a global culture of cyber
security”security”
OECDOECDOECD Guidelines for the Security of OECD Guidelines for the Security of
Information Systems and NetworksInformation Systems and Networks
TOWARDS A CULTURE OF SECURITY ( 2002 )TOWARDS A CULTURE OF SECURITY ( 2002 )
EU EU Council Resolution on a European approach towards a Council Resolution on a European approach towards a
culture of network and information security culture of network and information security (2002)(2002)
www.e-society.mk
Self-Regulatory approach (semi voluntary measures) (Assoc. of Schools)
Implementation of ISO 27001 ISMS in Implementation of ISO 27001 ISMS in education community in Macedonia education community in Macedonia
– InfoSec Awareness for school management, teachers, pupils, school IT administrators
– School InfoSec Policy & Procedures
– Infosec education and training
– Regular InfoSec “internal audit” (monitoring and corrective measures)
www.e-society.mk
ISO 27001 ISMS domains 1.1. Security PolicySecurity Policy
2.2. Organization of Information SecurityOrganization of Information Security
3.3. Asset ManagementAsset Management
4.4. Human Resources SecurityHuman Resources Security
5.5. Physical & Environmental SecurityPhysical & Environmental Security
6.6. Communications & Operations ManagementCommunications & Operations Management
7.7. Access ControlAccess Control
8.8. Information Systems Acquisition, Development & MaintenanceInformation Systems Acquisition, Development & Maintenance
9.9. Information Security Incident ManagementInformation Security Incident Management
10.10.Business Continuity ManagementBusiness Continuity Management
11.11.ComplianceCompliance
IMPORTANT : ISO 27001 ISMS COVER ALL REQUIREMENTS FROM IMPORTANT : ISO 27001 ISMS COVER ALL REQUIREMENTS FROM BEFORE MENTIONED RESOLUTIONS AND DECLARATIONSBEFORE MENTIONED RESOLUTIONS AND DECLARATIONS
www.e-society.mk
Community/Society approach (voluntary measures) (NGO and each of us)
Nationwide Nationwide Information Security Information Security Awareness CampaignsAwareness Campaigns
for :for :– Children– Their parents and families– Schools – Association and NGOs working with children
issues– Local communities/Society at large
www.e-society.mk
www.e-society.mk
What is next ?
Let’s start first!Let’s start first!1.1.NGO NGO
– Information Security Awareness & Social marketing
2.2.Schools Association ( MoE ?)Schools Association ( MoE ?)-Implementing & Maintaining ISMS based on ISO
27001
3. GoM3. GoM- National Information Security Policy & Strategy- National Information Security Policy & Strategy
- Law for Information Security Management - Law for Information Security Management www.e-society.mk
At the end of THIS session …
1. I would like to be part of the “Culture of 1. I would like to be part of the “Culture of security” Initiative !security” Initiative !
2. What about YOU ! Join us !2. What about YOU ! Join us !
3. Information Security is EVERYONE 3. Information Security is EVERYONE responsibility !responsibility !
Thanks for your understanding and your Thanks for your understanding and your attention !attention !
Ljubomir TrajkovskiLjubomir TrajkovskiLjubomir.Trajkovski@TPConsulting.com.mk
www.e-society.mk
top related