UUK's recent policy document: Cyber Security: Protecting Universities from the Cyber Threat

Makes the following statement:

"Apply the 20 controls for effective cyber defence as set out on the Centre for the Protection of National Infrastructure website. Information on the 20 controls can be found here: http://www.cpni.gov.uk/advice/cyber/Critical-controls/. The website is dynamic so that it can deal with changes in technology and methodology, so it may be useful to revisit the controls on regular basis."

The top 20 critical security controls for cyber defence are a baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence. 

 Some of these are very challenging for universities, for example: 'Controlled use of administrative privileges'.   Does anyone have views on this?

UCL Institute for Security and Resilience Studies

The UCL  Institute for Security and Resilience Studies is an interesting centre that was formed in April 2010. 

Their  FAQ states:

ISRS was established for three reasons.

• First, our growing interdependence in terms of financial and economic stability, health, trade, energy and electronic networks (to name but a few areas) leaves us potentially more at risk than ever before.
• Second,  the sheer rate at which risks appear and have to be confronted require a far greater degree of resilience than ever before – resilience within our organisations, structures, systems, business and social culture, both public and private.
• Third, because the innovative approach required to respond to this challenge - to analyse the vulnerabilities, measure the resilience,  identify the deficiencies and propose the practical solutions – can only be achieved by harnessing together the energies and application of public, private, voluntary and academic participants.

The name of the Institute is revealing.  Resilience is not about bouncing back from an incident, but "bouncing forward".

The Rt. Hon. Lord Reid is the ISRS Chair, and formed the Institute when he stood down from the last Labour Government. Moving forward and learning how to operate and prosper in an interdependent world requires private, public and academic partnership.

University of Oxford Information Security Policy has been published.

As information security must be implemented at local level, the Policy requires that each department and faculty implements a local information security policy, applicable to that department’s or faculty’s circumstances. An Information Security Toolkit, which accompanies the Policy, provides template policies which should be adopted, or adapted, as appropriate, to fit departments and faculties across the University.

NUS Charter on Technology in Higher Education makes interesting reading:

• Ninety-one per cent of students agreed that the internet has benefited their studies  
• Forty-three per cent of prospective HE students preferred to use a combination of both printed and electronic resources for their studies In further education eighty- one per cent agreed that their ICT skills were self-taught  
• Students feel that the type of technology used in higher education is increasingly outdated
• Many students feel that they are offered insufficient training
• Many felt that Virtual Learning Environments are only intermittently updated and do not contain useful and effective content 

Interestingly, I can find no mention of anything related to information security...

The cost of protecting ourselves against cybercrime can far exceed the cost of the threat itself.

The cost of protecting ourselves against cybercrime can far exceed the cost of the threat itself. This is the conclusion of a recent report ‘Measuring the cost of cybercrime’ by an international team of scientists led by the University of Cambridge.

Do you agree with their conclusions?

Office 365 free for university staff and students

At UCISA 2012 we heard that Microsoft announced Office 365 for staff as well as students on a no fee basis, including Sharepoint and Lync as well as Exchange. This is in direct competition with Google Apps.

DaMaRO project

The Data Management Rollout at Oxford (DaMaRO) Project is creating a research data management policy for the University and the infrastructure to enable researchers to comply with it. We will be taking the outputs of the various research data management projects that the University has been engaged in over the last few years and combining them into a better-integrated suite of tools and discovery mechanisms that will support researchers throughout the data life-cycle, from planning to re-use.

Of particular note is the ‘DataFinder’ tool that DaMaRO will be developing. This will enable the discovery of data hosted in various places around the University and beyond, including the Bodleian Libraries' 'DataBank' (developed through the Admiral and DataFlow projects), the Database as a Service (DaaS) system (created during the Sudamih and VIDaaS Projects), departmental and other local data stores, the Web 2 research management network 'Colwiz', and hopefully the 'LabTrove' system developed by the University of Southampton. It will also connect this data with research papers and publications held in the Oxford University Research Archive (ORA).

Information Security Project Started

The InfoSec project will move the University to a new degree of information assurance, make it more secure, mitigate information risk, and undertake the work necessary to create a permanent enterprise-wide activity that will deliver she best possible Information Security (IS) for Oxford. The project has established a team which is responsible for helping the Collegiate University to be compliant with a set of IS policies which have been developed and will be endorsed by Council in TT 2012.

VIDaaS/Dataflow Workshop, 2 March 2012

On Friday 2nd March the VIDaaS Project will be staging a joint workshop with our colleagues from the DataFlow Project at the Saïd Business School in Oxford. The day will run from 10:30 am until 5pm, and feature demonstrations of the database-as-as-service software developed by the VIDaaS Project and the DataStage software that forms the centrepiece of the DataFlow Project. Delegates will also get to look at the DataBank data repository system that Oxford is introducing, and hear about the cloud infrastructure that the University has built – partly in order to host the outputs of VIDaaS. There will also be plenty of time to ask question, discuss developments, and get to know the other delegates.