Towards Protecting Critical Infrastructure
-
Upload
aquila-sanford -
Category
Documents
-
view
21 -
download
1
description
Transcript of Towards Protecting Critical Infrastructure
Lauren May Information Security Institute, QUT1 of 18
Towards Protecting Critical Infrastructure
Lauren May, Tim Lane
The Role of Information Security Management in Australian Universities
Lauren May Information Security Institute, QUT2 of 18
Outline
• Goals
• IS Threats/Issues in the Tertiary Sector
• The Need for a Systemic Approach
• The Survey
• Practitioner’s Management Model
• The Trial
• Conclusion
Lauren May Information Security Institute, QUT3 of 18
Goal of this research
To improve the culture of compliance towards information security in the Australian university sector.
Lauren May Information Security Institute, QUT4 of 18
IS Threats in the Tertiary Sector
Universities:
• host a large number of diverse systems
• IT exploration and research
• reflect community standards
Lauren May Information Security Institute, QUT5 of 18
Issues in Tertiary Environment
• Challenge of cultures and technologies–academia needs
–corporate and business requirements
–transient and explorative student base
Lauren May Information Security Institute, QUT6 of 18
• Balance of requirements–conflicts of priorities
–coordinated security approach
–acceptance in environment
IS Issues in Tertiary Environment
Lauren May Information Security Institute, QUT7 of 18
The Need for a Systemic Approach to Managing Security
• existing approaches - standards–no single point of understanding
• analysis of factors and issues
• need systemic approach to ISM which will progress appropriate good practice
Lauren May Information Security Institute, QUT8 of 18
The Survey ...
• Participants: all 38 Australian universities – 100% response
– current status of ISM ?– key issues surrounding ISM ?– how to improve ISM ?
Lauren May Information Security Institute, QUT9 of 18
... The Survey – key findings
• existing approaches• awareness, understanding• structured coordinated model• management support• resources
Lauren May Information Security Institute, QUT10 of 18
Security Practitioner’s Management Model
Lauren May Information Security Institute, QUT11 of 18
Security Practitioner’s Management Model
Lauren May Information Security Institute, QUT12 of 18
Security Practitioner’s Management Model
Lauren May Information Security Institute, QUT13 of 18
Security Practitioner’s Management Model
Lauren May Information Security Institute, QUT14 of 18
Security Practitioner’s Management Model
Lauren May Information Security Institute, QUT15 of 18
Security Practitioner’s Management Model
Lauren May Information Security Institute, QUT16 of 18
Security Practitioner’s Management Model
Lauren May Information Security Institute, QUT17 of 18
In trial at Southern Cross University
• IS practitioner
• senior management
• IT staff
• non-IT staff (end users)
Lauren May Information Security Institute, QUT18 of 18
Conclusion
• IS - an important role in universities
• comprehensive survey supports concepts
• model focuses on how to transparently progress security knowledge to implementation
• in trial at Southern Cross University
• future research – benchmarking, measurement