Universities need to plug into threat of cyber-attacks

An interesting article that states, "Desirable research plus students’ personal and financial details make universities a juicy target for cyber-criminals. But are they doing anything about it?"

In my opinion the following quote is the best part of the article, "Like so many challenges raised by the internet, cybersecurity is less a finite goal than a process – and one of risk management rather than risk removal."

UCISA Information Security Management Toolkit

A UCISA Information Security Management Toolkit, that some of us developed, has just been published.

The Toolkit will:

• assist those who have responsibility for implementing information security across the organisation by providing advice and guidance to them;
• help them to provide senior university management with an understanding of why information security is an important, organisation-wide issue. 

It is intended as a practical resource, providing an overview of the key aspects of a successful ISMS and guidance on how to implement them. It also includes case studies, as well as templates and example resources which organisations can tailor to suit their needs.

Cyberweapons Have No Allegiance

An interesting article from Bruce Schneier.   Here is an extract:

"But here's the problem: technological capabilities cannot distinguish based on morality, nationality, or legality; if the US government is able to use a backdoor in a communications system to spy on its enemies, the Chinese government can use the same backdoor to spy on its dissidents.

Even worse, modern computer technology is inherently democratizing. Today's NSA secrets become tomorrow's PhD theses and the next day's hacker tools. As long as we're all using the same computers, phones, social networking platforms, and computer networks, a vulnerability that allows us to spy also allows us to be spied upon.

We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance."

It relates to many press articles on surveillance over the last week.

Defining the Strategic Leader

EDUCAUSE and Jisc formed a Task Force to address the issue -  Technology in Higher Education: Defining the Strategic Leader. 

The Task Force found a number of recurring themes including: 'The CIO Position is Fragmenting" and "Transitioning from an Operational Focus to a Strategic One".   It goes on to articulate a Model for IT Leadership with three primary roles: 'Trusted Advisor', 'Visionary' and 'Relationship Builder'.

It states that there are three key aspects to the role: 'Understand the Organisation', 'Provide Information Systems and Technology Leadership', and 'Bringing Transformation to Life'.

Interestingly,  the conclusions reached were relevant to both the United States and the United Kingdon.