Wednesday, 21 January 2015

Top Ten IT Issues for 2015

Each year EDUCAUSE / ECAR produces a set of Top 10 IT Issues. A preview was seen at the EDUCAUSE conference in October 2014 (see earlier blog entry).
The latest EDUCAUSE Review (the 50th) is devoted to the issue, and certainly worth reading.
The item titled, "Ten Reasons to Tackle the Top 10 IT Issues" is particular interesting. For example:
  • Administrative systems can improve not just operations but also institutional competitiveness
  • We are building tomorrow's infrastructure today
  • Information technology is about people
"An Administrative IT Perspective on the Top 10 IT Issues"  gives another angle on the results. It selects three of the EDUCAUSE Top 10 IT Issues for 2015 as a useful lens for viewing administrative IT programs at higher education institutions. Taken together, these three issues can serve as a roadmap for administrative IT strategy:
  • Issue #3: Developing IT Funding Models That Sustain Core Service, Support Innovation, and Facilitate Growth
  • Issue #9: Developing an Enterprise IT Architecture That Can Respond to Changing Conditions and New Opportunities
  • Issue #5: Demonstrating the Business Value of Information Technology and How the IT Organization Can Help the Institution Achieve Its Goals

Friday, 19 December 2014

Cryptoy from GCHQ

The Cryptoy app was designed by Science, Technology, Engineering and Maths (STEM) students on an industrial placement at GCHQ. It was created as part of a project to demonstrate encryption techniques at the Cheltenham Science Festival, and has since been demonstrated at other educational events.

Download from: 

Monday, 24 November 2014

Cyber Essentials Scheme

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks.

The scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threat, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Cyber Essentials defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online. Risk management is the fundamental starting point for organisations to take action to protect their information. However, given the nature of the threat, Government believes that action should begin with a core set of security controls which all organisations – large and small - should implement. Cyber Essentials defines what these controls are.

This seems like an interesting development -  I read it as a minimal set of IT controls that should be put in place to deliver IT security (as opposed to _information_ security), before information risk analyses take place.

Friday, 10 October 2014

Top Ten Issues in Higher Education

Each year EDUCAUSE / ECAR produces a set of Top-Ten Issues.

A presentation at the EDUCAUSE conference this week gave a first glimpse of the 2015 Issues.  These will be published next January, but are available here:

 Points 7, 8 and 9 all refer to Information Security.

How to make your University Secure - Poster

Presented at EDUCAUSE poster session.

How to Make Your University CyberSecure

I ran a workshop at EDUCAUSE last week titled: 'Diamonds and Paper Clips: Steps Needed to Make Your University Cybersecure'. 

We conducted a survey, and there were really interesting results. The results show percentage of universities represented having specific achievements:

Percentage with IS primarily in IT department: 95% (but strong views that IS has to become separated from IT)
Percentage with recognised and agreed Incident Response Process: 20%
Percentage with signed-off university IS policy: 25%
Percentage with information asset register: 35%
Percentage attempting to classify assets: 25%
Percentage with IS risk register: 10%
Percentage where university can identify most valuable information assets: 15%
Percentage where university can identify most valuable assets and perform risk assessment: 3%

Friday, 22 August 2014

How do you identify crown-jewel information assets and protect them?

I have developed an 'Information Asset Register Tool' that is undergoing testing.   Take a look!     If you do, please let me have your comments.