Managing Information Security in Education: Power of Enforcement or Culture of Security

Managing Information Security in Education Power of Enforcement or Culture of Security Ljubomir Trajkovski , M.Sc. CMC Information Security Management Consultant [email_address] Trajkovski & Partners Consulting Skopje, Macedonia www.e-society.mk

A Retorical Question

Today :

There are cca. 100.000 smart children in basic and high schools allover Macedonia today !

What we will have tomorrow ?

Tomorrow we would like to have :

Option 1:

100.000 Bill Gates (“World ICT Champions”) or

Option 2:

100.000 Hackers ( in State prison “Idrizovo”) or

Option 3:

reasonable ( acceptable ) number of Bill Gates and hackers ( IDEALLY AS MANY Bills Gates and AS LESS cyber-prisoners in Idrizovo)

www.e-society.mk

What we could do ?

Systematic and holistic approach (attitude) to Option 3

1. State intervention (GoM)

regulatory approach ( compulsory measures)

2. Stakeholders’ intervention(Association of Schools)

Self-regulatory approach ( semi - voluntary measures)

3. Community/Society approach(NGO, parents)

Awareness and education ( voluntary measures)

IMPORTANT : NOT 1. or 2. or 3. BUT 1.+2.+3 .

4. ALL KEY ACTORS MUST BE PERSISTENT !!!

www.e-society.mk

Regulatory approach (compulsory measures)- GoM

We have to have :

Law for Information Security Management Systems in Public sector ( including Education sector) in RoM

Worldwide experience (ISO)

ISO 27001 Information Security Management System Standard – ISMS

Current experience (RoM):

Law on Classified Data

www.e-society.mk

International Initiatives

UN

UN Resolution 57/239(2002) on the “Creation of a global culture of cyber security”

OECD

OECD Guidelines for the Security of

Information Systems and Networks

TOWARDS A CULTURE OF SECURITY ( 2002 )

EU

Council Resolution on a European approach towards a culture of network and information security (2002)

www.e-society.mk

Self-Regulatory approach (semi voluntary measures) (Assoc. of Schools)

Implementation of ISO 27001 ISMS in education community in Macedonia

InfoSec Awareness for school management, teachers, pupils, school IT administrators

School InfoSec Policy & Procedures

Infosec education and training

Regular InfoSec “internal audit” (monitoring and corrective measures)

www.e-society.mk

ISO 27001 ISMS domains

Security Policy

Organization of Information Security

Asset Management

Human Resources Security

Physical & Environmental Security

Communications & Operations Management

Access Control

Information Systems Acquisition, Development & Maintenance

Information Security Incident Management

Business Continuity Management

Compliance

IMPORTANT : ISO 27001 ISMS COVER ALL REQUIREMENTS FROM BEFORE MENTIONED RESOLUTIONS AND DECLARATIONS

www.e-society.mk

Community/Society approach (voluntary measures) (NGO and each of us)

Nationwide Information Security Awareness Campaigns

for :

Children

Their parents and families

Schools

Association and NGOs working with children issues

Local communities/Society at large

www.e-society.mk

What is next ?

Let’s start first!

NGO

– Information Security Awareness & Social marketing

Schools Association ( MoE ?)

-Implementing & Maintaining ISMS based on ISO 27001

3. GoM

- National Information Security Policy & Strategy

- Law for Information Security Management

www.e-society.mk

At the end of THIS session …

1. I would like to be part of the “Culture of security” Initiative !

2. What about YOU ! Join us !

3. Information Security is EVERYONE responsibility !

Thanks for your understanding and your attention !

Ljubomir Trajkovski

[email_address]

www.e-society.mk

Managing Information Security in Education: Power of Enforcement or Culture of Security

0 comments

Notes on slide 1

Favorites, Groups & Events