Managing Information Security in Education: Power of Enforcement or Culture of Security
Upcoming SlideShare
Loading in...5
×
 

Managing Information Security in Education: Power of Enforcement or Culture of Security

on

  • 1,329 views

 

Statistics

Views

Total Views
1,329
Views on SlideShare
1,310
Embed Views
19

Actions

Likes
0
Downloads
32
Comments
0

3 Embeds 19

http://e-society.org.mk 13
http://old.e-society.org.mk 5
http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Managing Information Security in Education: Power of Enforcement or Culture of Security Managing Information Security in Education: Power of Enforcement or Culture of Security Presentation Transcript

  • Managing Information Security in Education Power of Enforcement or Culture of Security Ljubomir Trajkovski , M.Sc. CMC Information Security Management Consultant [email_address] Trajkovski & Partners Consulting Skopje, Macedonia www.e-society.mk
  • A Retorical Question
    • Today :
      • There are cca. 100.000 smart children in basic and high schools allover Macedonia today !
      • What we will have tomorrow ?
    • Tomorrow we would like to have :
      • Option 1:
        • 100.000 Bill Gates (“World ICT Champions”) or
      • Option 2:
        • 100.000 Hackers ( in State prison “Idrizovo”) or
      • Option 3:
        • reasonable ( acceptable ) number of Bill Gates and hackers ( IDEALLY AS MANY Bills Gates and AS LESS cyber-prisoners in Idrizovo)
    www.e-society.mk
  • What we could do ?
      • Systematic and holistic approach (attitude) to Option 3
      • 1. State intervention (GoM)
        • regulatory approach ( compulsory measures)
      • 2. Stakeholders’ intervention(Association of Schools)
        • Self-regulatory approach ( semi - voluntary measures)
      • 3. Community/Society approach(NGO, parents)
        • Awareness and education ( voluntary measures)
      • IMPORTANT : NOT 1. or 2. or 3. BUT 1.+2.+3 .
      • 4. ALL KEY ACTORS MUST BE PERSISTENT !!!
    www.e-society.mk
  • Regulatory approach (compulsory measures)- GoM
    • We have to have :
    • Law for Information Security Management Systems in Public sector ( including Education sector) in RoM
    • Worldwide experience (ISO)
    • ISO 27001 Information Security Management System Standard – ISMS
    • Current experience (RoM):
    • Law on Classified Data
    www.e-society.mk
  • International Initiatives
    • UN
    • UN Resolution 57/239(2002) on the “Creation of a global culture of cyber security”
    • OECD
    • OECD Guidelines for the Security of
    • Information Systems and Networks
    • TOWARDS A CULTURE OF SECURITY ( 2002 )
    • EU
    • Council Resolution on a European approach towards a culture of network and information security (2002)
    www.e-society.mk
  • Self-Regulatory approach (semi voluntary measures) (Assoc. of Schools)
    • Implementation of ISO 27001 ISMS in education community in Macedonia
      • InfoSec Awareness for school management, teachers, pupils, school IT administrators
      • School InfoSec Policy & Procedures
      • Infosec education and training
      • Regular InfoSec “internal audit” (monitoring and corrective measures)
    www.e-society.mk
  • ISO 27001 ISMS domains
    • Security Policy
    • Organization of Information Security
    • Asset Management
    • Human Resources Security
    • Physical & Environmental Security
    • Communications & Operations Management
    • Access Control
    • Information Systems Acquisition, Development & Maintenance
    • Information Security Incident Management
    • Business Continuity Management
    • Compliance
    • IMPORTANT : ISO 27001 ISMS COVER ALL REQUIREMENTS FROM BEFORE MENTIONED RESOLUTIONS AND DECLARATIONS
    www.e-society.mk
  • Community/Society approach (voluntary measures) (NGO and each of us)
    • Nationwide Information Security Awareness Campaigns
    • for :
      • Children
      • Their parents and families
      • Schools
      • Association and NGOs working with children issues
      • Local communities/Society at large
    www.e-society.mk
  • www.e-society.mk
  • What is next ?
    • Let’s start first!
    • NGO
      • – Information Security Awareness & Social marketing
    • Schools Association ( MoE ?)
      • -Implementing & Maintaining ISMS based on ISO 27001
    • 3. GoM
    • - National Information Security Policy & Strategy
    • - Law for Information Security Management
    www.e-society.mk
  • At the end of THIS session …
    • 1. I would like to be part of the “Culture of security” Initiative !
    • 2. What about YOU ! Join us !
    • 3. Information Security is EVERYONE responsibility !
    • Thanks for your understanding and your attention !
    • Ljubomir Trajkovski
    • [email_address]
    www.e-society.mk