This session deals with how NREN organizations and universities manage information security.
Alf Moens of Surfnet describes the work going on within the GÉANT SIG-ISM (Special Interest Group – Information Security Management). The group focuses on the security management process rather than operational or technical security. Alf Moens also covers the work of other organizations such as WISE and TF-CSIRT.
Rolf Sture Normann explains how UNINETT performed a survey among Norwegian universities in order to discover the status of information security management. It turned out that only three or four universities had begun establishing an ISMS (Information Security Management System). As a result, UNINETT developed a guide to help universities get started.
Henrik Larsen describes two information security management projects within the DeIC (Danish e-Infrastructure Cooperation). One covers a hosting platform, the other an HSM (Hardware Security Module) installation. Among the lessons learnt were that an information security management project entails a process of changing the behavior of the organization – and that is hard.