Managing Information Security in Education    Power of Enforcement  or  Culture of Security  Ljubomir Trajkovski ,  M.Sc. ...
A Retorical Question  <ul><li>Today : </li></ul><ul><ul><li>There are cca. 100.000 smart children in basic and high school...
What we could do ? <ul><ul><li>Systematic and holistic approach (attitude) to Option 3 </li></ul></ul><ul><ul><li>1. State...
Regulatory approach  (compulsory measures)- GoM <ul><li>We have to have : </li></ul><ul><li>Law for Information Security M...
International Initiatives  <ul><li>UN </li></ul><ul><li>UN Resolution 57/239(2002) on the  “Creation of a global culture o...
Self-Regulatory approach  (semi voluntary  measures) (Assoc. of Schools) <ul><li>Implementation of ISO 27001 ISMS in educa...
ISO 27001 ISMS  domains  <ul><li>Security Policy </li></ul><ul><li>Organization of Information Security </li></ul><ul><li>...
Community/Society  approach  (voluntary measures)  (NGO and each of us) <ul><li>Nationwide  Information Security  Awarenes...
www.e-society.mk
What is next ? <ul><li>Let’s start  first! </li></ul><ul><li>NGO  </li></ul><ul><ul><li>–  Information Security  Awareness...
At the end of THIS session … <ul><li>1. I would like to be part of the “Culture of security” Initiative ! </li></ul><ul><l...
Upcoming SlideShare
Loading in …5
×

Managing Information Security in Education: Power of Enforcement or Culture of Security

852 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
852
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Managing Information Security in Education: Power of Enforcement or Culture of Security

  1. 1. Managing Information Security in Education Power of Enforcement or Culture of Security Ljubomir Trajkovski , M.Sc. CMC Information Security Management Consultant [email_address] Trajkovski & Partners Consulting Skopje, Macedonia www.e-society.mk
  2. 2. A Retorical Question <ul><li>Today : </li></ul><ul><ul><li>There are cca. 100.000 smart children in basic and high schools allover Macedonia today ! </li></ul></ul><ul><ul><li>What we will have tomorrow ? </li></ul></ul><ul><li>Tomorrow we would like to have : </li></ul><ul><ul><li>Option 1: </li></ul></ul><ul><ul><ul><li>100.000 Bill Gates (“World ICT Champions”) or </li></ul></ul></ul><ul><ul><li>Option 2: </li></ul></ul><ul><ul><ul><li>100.000 Hackers ( in State prison “Idrizovo”) or </li></ul></ul></ul><ul><ul><li>Option 3: </li></ul></ul><ul><ul><ul><li>reasonable ( acceptable ) number of Bill Gates and hackers ( IDEALLY AS MANY Bills Gates and AS LESS cyber-prisoners in Idrizovo) </li></ul></ul></ul>www.e-society.mk
  3. 3. What we could do ? <ul><ul><li>Systematic and holistic approach (attitude) to Option 3 </li></ul></ul><ul><ul><li>1. State intervention (GoM) </li></ul></ul><ul><ul><ul><li>regulatory approach ( compulsory measures) </li></ul></ul></ul><ul><ul><li>2. Stakeholders’ intervention(Association of Schools) </li></ul></ul><ul><ul><ul><li>Self-regulatory approach ( semi - voluntary measures) </li></ul></ul></ul><ul><ul><li>3. Community/Society approach(NGO, parents) </li></ul></ul><ul><ul><ul><li>Awareness and education ( voluntary measures) </li></ul></ul></ul><ul><ul><li>IMPORTANT : NOT 1. or 2. or 3. BUT 1.+2.+3 . </li></ul></ul><ul><ul><li>4. ALL KEY ACTORS MUST BE PERSISTENT !!! </li></ul></ul>www.e-society.mk
  4. 4. Regulatory approach (compulsory measures)- GoM <ul><li>We have to have : </li></ul><ul><li>Law for Information Security Management Systems in Public sector ( including Education sector) in RoM </li></ul><ul><li>Worldwide experience (ISO) </li></ul><ul><li>ISO 27001 Information Security Management System Standard – ISMS </li></ul><ul><li>Current experience (RoM): </li></ul><ul><li>Law on Classified Data </li></ul>www.e-society.mk
  5. 5. International Initiatives <ul><li>UN </li></ul><ul><li>UN Resolution 57/239(2002) on the “Creation of a global culture of cyber security” </li></ul><ul><li>OECD </li></ul><ul><li>OECD Guidelines for the Security of </li></ul><ul><li>Information Systems and Networks </li></ul><ul><li>TOWARDS A CULTURE OF SECURITY ( 2002 ) </li></ul><ul><li>EU </li></ul><ul><li>Council Resolution on a European approach towards a culture of network and information security (2002) </li></ul>www.e-society.mk
  6. 6. Self-Regulatory approach (semi voluntary measures) (Assoc. of Schools) <ul><li>Implementation of ISO 27001 ISMS in education community in Macedonia </li></ul><ul><ul><li>InfoSec Awareness for school management, teachers, pupils, school IT administrators </li></ul></ul><ul><ul><li>School InfoSec Policy & Procedures </li></ul></ul><ul><ul><li>Infosec education and training </li></ul></ul><ul><ul><li>Regular InfoSec “internal audit” (monitoring and corrective measures) </li></ul></ul>www.e-society.mk
  7. 7. ISO 27001 ISMS domains <ul><li>Security Policy </li></ul><ul><li>Organization of Information Security </li></ul><ul><li>Asset Management </li></ul><ul><li>Human Resources Security </li></ul><ul><li>Physical & Environmental Security </li></ul><ul><li>Communications & Operations Management </li></ul><ul><li>Access Control </li></ul><ul><li>Information Systems Acquisition, Development & Maintenance </li></ul><ul><li>Information Security Incident Management </li></ul><ul><li>Business Continuity Management </li></ul><ul><li>Compliance </li></ul><ul><li>IMPORTANT : ISO 27001 ISMS COVER ALL REQUIREMENTS FROM BEFORE MENTIONED RESOLUTIONS AND DECLARATIONS </li></ul>www.e-society.mk
  8. 8. Community/Society approach (voluntary measures) (NGO and each of us) <ul><li>Nationwide Information Security Awareness Campaigns </li></ul><ul><li>for : </li></ul><ul><ul><li>Children </li></ul></ul><ul><ul><li>Their parents and families </li></ul></ul><ul><ul><li>Schools </li></ul></ul><ul><ul><li>Association and NGOs working with children issues </li></ul></ul><ul><ul><li>Local communities/Society at large </li></ul></ul>www.e-society.mk
  9. 9. www.e-society.mk
  10. 10. What is next ? <ul><li>Let’s start first! </li></ul><ul><li>NGO </li></ul><ul><ul><li>– Information Security Awareness & Social marketing </li></ul></ul><ul><li>Schools Association ( MoE ?) </li></ul><ul><ul><li>-Implementing & Maintaining ISMS based on ISO 27001 </li></ul></ul><ul><li>3. GoM </li></ul><ul><li>- National Information Security Policy & Strategy </li></ul><ul><li>- Law for Information Security Management </li></ul>www.e-society.mk
  11. 11. At the end of THIS session … <ul><li>1. I would like to be part of the “Culture of security” Initiative ! </li></ul><ul><li>2. What about YOU ! Join us ! </li></ul><ul><li>3. Information Security is EVERYONE responsibility ! </li></ul><ul><li>Thanks for your understanding and your attention ! </li></ul><ul><li>Ljubomir Trajkovski </li></ul><ul><li>[email_address] </li></ul>www.e-society.mk

×