Tuesday, 17 March 2015

UCISA Information Security Management Toolkit

A UCISA Information Security Management Toolkit, that some of us developed, has just been published.

The Toolkit will:
  • assist those who have responsibility for implementing information security across the organisation by providing advice and guidance to them;
  • help them to provide senior university management with an understanding of why information security is an important, organisation-wide issue. 
It is intended as a practical resource, providing an overview of the key aspects of a successful ISMS and guidance on how to implement them. It also includes case studies, as well as templates and example resources which organisations can tailor to suit their needs.

Cyberweapons Have No Allegiance

An interesting article from Bruce Schneier.   Here is an extract:

"But here's the problem: technological capabilities cannot distinguish based on morality, nationality, or legality; if the US government is able to use a backdoor in a communications system to spy on its enemies, the Chinese government can use the same backdoor to spy on its dissidents.

Even worse, modern computer technology is inherently democratizing. Today's NSA secrets become tomorrow's PhD theses and the next day's hacker tools. As long as we're all using the same computers, phones, social networking platforms, and computer networks, a vulnerability that allows us to spy also allows us to be spied upon.

We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance."

It relates to many press articles on surveillance over the last week.

Defining the Strategic Leader

EDUCAUSE and Jisc formed a Task Force to address the issue -  Technology in Higher Education: Defining the Strategic Leader

The Task Force found a number of recurring themes including: 'The CIO Position is Fragmenting" and "Transitioning from an Operational Focus to a Strategic One".   It goes on to articulate a Model for IT Leadership with three primary roles: 'Trusted Advisor', 'Visionary' and 'Relationship Builder'.

It states that there are three key aspects to the role: 'Understand the Organisation', 'Provide Information Systems and Technology Leadership', and 'Bringing Transformation to Life'.

Interestingly,  the conclusions reached were relevant to both the United States and the United Kingdon.

Wednesday, 21 January 2015

Top Ten IT Issues for 2015

Each year EDUCAUSE / ECAR produces a set of Top 10 IT Issues. A preview was seen at the EDUCAUSE conference in October 2014 (see earlier blog entry).
The latest EDUCAUSE Review (the 50th) is devoted to the issue, and certainly worth reading.
The item titled, "Ten Reasons to Tackle the Top 10 IT Issues" is particular interesting. For example:
  • Administrative systems can improve not just operations but also institutional competitiveness
  • We are building tomorrow's infrastructure today
  • Information technology is about people
"An Administrative IT Perspective on the Top 10 IT Issues"  gives another angle on the results. It selects three of the EDUCAUSE Top 10 IT Issues for 2015 as a useful lens for viewing administrative IT programs at higher education institutions. Taken together, these three issues can serve as a roadmap for administrative IT strategy:
  • Issue #3: Developing IT Funding Models That Sustain Core Service, Support Innovation, and Facilitate Growth
  • Issue #9: Developing an Enterprise IT Architecture That Can Respond to Changing Conditions and New Opportunities
  • Issue #5: Demonstrating the Business Value of Information Technology and How the IT Organization Can Help the Institution Achieve Its Goals

Friday, 19 December 2014

Cryptoy from GCHQ

The Cryptoy app was designed by Science, Technology, Engineering and Maths (STEM) students on an industrial placement at GCHQ. It was created as part of a project to demonstrate encryption techniques at the Cheltenham Science Festival, and has since been demonstrated at other educational events.

Download from: 

Monday, 24 November 2014

Cyber Essentials Scheme

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.

The scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threat, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Cyber Essentials defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online. Risk management is the fundamental starting point for organisations to take action to protect their information. However, given the nature of the threat, Government believes that action should begin with a core set of security controls which all organisations – large and small - should implement. Cyber Essentials defines what these controls are.

This seems like an interesting development -  I read it as a minimal set of IT controls that should be put in place to deliver IT security (as opposed to _information_ security), before information risk analyses take place.

Friday, 10 October 2014

Top Ten Issues in Higher Education

Each year EDUCAUSE / ECAR produces a set of Top-Ten Issues.

A presentation at the EDUCAUSE conference this week gave a first glimpse of the 2015 Issues.  These will be published next January, but are available here:

 Points 7, 8 and 9 all refer to Information Security.