Your SlideShare is downloading. ×
Managing Information Security in Education: Power of Enforcement or Culture of Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Managing Information Security in Education: Power of Enforcement or Culture of Security

618
views

Published on

Published in: Education, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
618
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Managing Information Security in Education Power of Enforcement or Culture of Security Ljubomir Trajkovski , M.Sc. CMC Information Security Management Consultant [email_address] Trajkovski & Partners Consulting Skopje, Macedonia www.e-society.mk
  • 2. A Retorical Question
    • Today :
      • There are cca. 100.000 smart children in basic and high schools allover Macedonia today !
      • What we will have tomorrow ?
    • Tomorrow we would like to have :
      • Option 1:
        • 100.000 Bill Gates (“World ICT Champions”) or
      • Option 2:
        • 100.000 Hackers ( in State prison “Idrizovo”) or
      • Option 3:
        • reasonable ( acceptable ) number of Bill Gates and hackers ( IDEALLY AS MANY Bills Gates and AS LESS cyber-prisoners in Idrizovo)
    www.e-society.mk
  • 3. What we could do ?
      • Systematic and holistic approach (attitude) to Option 3
      • 1. State intervention (GoM)
        • regulatory approach ( compulsory measures)
      • 2. Stakeholders’ intervention(Association of Schools)
        • Self-regulatory approach ( semi - voluntary measures)
      • 3. Community/Society approach(NGO, parents)
        • Awareness and education ( voluntary measures)
      • IMPORTANT : NOT 1. or 2. or 3. BUT 1.+2.+3 .
      • 4. ALL KEY ACTORS MUST BE PERSISTENT !!!
    www.e-society.mk
  • 4. Regulatory approach (compulsory measures)- GoM
    • We have to have :
    • Law for Information Security Management Systems in Public sector ( including Education sector) in RoM
    • Worldwide experience (ISO)
    • ISO 27001 Information Security Management System Standard – ISMS
    • Current experience (RoM):
    • Law on Classified Data
    www.e-society.mk
  • 5. International Initiatives
    • UN
    • UN Resolution 57/239(2002) on the “Creation of a global culture of cyber security”
    • OECD
    • OECD Guidelines for the Security of
    • Information Systems and Networks
    • TOWARDS A CULTURE OF SECURITY ( 2002 )
    • EU
    • Council Resolution on a European approach towards a culture of network and information security (2002)
    www.e-society.mk
  • 6. Self-Regulatory approach (semi voluntary measures) (Assoc. of Schools)
    • Implementation of ISO 27001 ISMS in education community in Macedonia
      • InfoSec Awareness for school management, teachers, pupils, school IT administrators
      • School InfoSec Policy & Procedures
      • Infosec education and training
      • Regular InfoSec “internal audit” (monitoring and corrective measures)
    www.e-society.mk
  • 7. ISO 27001 ISMS domains
    • Security Policy
    • Organization of Information Security
    • Asset Management
    • Human Resources Security
    • Physical & Environmental Security
    • Communications & Operations Management
    • Access Control
    • Information Systems Acquisition, Development & Maintenance
    • Information Security Incident Management
    • Business Continuity Management
    • Compliance
    • IMPORTANT : ISO 27001 ISMS COVER ALL REQUIREMENTS FROM BEFORE MENTIONED RESOLUTIONS AND DECLARATIONS
    www.e-society.mk
  • 8. Community/Society approach (voluntary measures) (NGO and each of us)
    • Nationwide Information Security Awareness Campaigns
    • for :
      • Children
      • Their parents and families
      • Schools
      • Association and NGOs working with children issues
      • Local communities/Society at large
    www.e-society.mk
  • 9. www.e-society.mk
  • 10. What is next ?
    • Let’s start first!
    • NGO
      • – Information Security Awareness & Social marketing
    • Schools Association ( MoE ?)
      • -Implementing & Maintaining ISMS based on ISO 27001
    • 3. GoM
    • - National Information Security Policy & Strategy
    • - Law for Information Security Management
    www.e-society.mk
  • 11. At the end of THIS session …
    • 1. I would like to be part of the “Culture of security” Initiative !
    • 2. What about YOU ! Join us !
    • 3. Information Security is EVERYONE responsibility !
    • Thanks for your understanding and your attention !
    • Ljubomir Trajkovski
    • [email_address]
    www.e-society.mk