Friday, 19 December 2014

Cryptoy from GCHQ

The Cryptoy app was designed by Science, Technology, Engineering and Maths (STEM) students on an industrial placement at GCHQ. It was created as part of a project to demonstrate encryption techniques at the Cheltenham Science Festival, and has since been demonstrated at other educational events.

Download from: 
http://www.gchq.gov.uk/how_we_work/partnerships/supporting_education/Pages/Cryptoy-app.aspx 

Monday, 24 November 2014

Cyber Essentials Scheme

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.

The scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threat, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Cyber Essentials defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online. Risk management is the fundamental starting point for organisations to take action to protect their information. However, given the nature of the threat, Government believes that action should begin with a core set of security controls which all organisations – large and small - should implement. Cyber Essentials defines what these controls are.

This seems like an interesting development -  I read it as a minimal set of IT controls that should be put in place to deliver IT security (as opposed to _information_ security), before information risk analyses take place.

Friday, 10 October 2014

Top Ten Issues in Higher Education



Each year EDUCAUSE / ECAR produces a set of Top-Ten Issues.

A presentation at the EDUCAUSE conference this week gave a first glimpse of the 2015 Issues.  These will be published next January, but are available here:



 Points 7, 8 and 9 all refer to Information Security.

How to make your University Secure - Poster


Presented at EDUCAUSE poster session.

How to Make Your University CyberSecure

I ran a workshop at EDUCAUSE last week titled: 'Diamonds and Paper Clips: Steps Needed to Make Your University Cybersecure'. 

We conducted a survey, and there were really interesting results. The results show percentage of universities represented having specific achievements:


Percentage with IS primarily in IT department: 95% (but strong views that IS has to become separated from IT)
Percentage with recognised and agreed Incident Response Process: 20%
Percentage with signed-off university IS policy: 25%
Percentage with information asset register: 35%
Percentage attempting to classify assets: 25%
Percentage with IS risk register: 10%
Percentage where university can identify most valuable information assets: 15%
Percentage where university can identify most valuable assets and perform risk assessment: 3%




Friday, 22 August 2014

How do you identify crown-jewel information assets and protect them?

I have developed an 'Information Asset Register Tool' that is undergoing testing.   Take a look!     If you do, please let me have your comments.

Excellent Information Security Guide

Internet2 has an excellent Information Security Guide.   It is designed to support university Information Security managers and is a superb resource with an excellent front page interface.

Definitely worth a look.