Thursday 19 September 2013

Cyber Security Information Sharing Partnership

The Government has launched a new partnership between government and industry to share information and intelligence on cyber security threats. The Cyber Security Information Sharing Partnership (CISP) is part of the UK’s cyber security strategy, established to help make UK businesses more secure in cyberspace. The partnership is being supported by the Security Service, GCHQ and the National Crime Agency, who will work with industry analysts to produce and disseminate information on cyber threats facing the UK. It complements the work being carried out by the National Cyber Crime Unit, which tackles the most serious, organised and complex forms of cyber crime.

The Cyber Security Information Sharing Partnership (CISP) delivers a key component of the UK’s cyber security strategy in facilitating the sharing of information on cyber threats in order to make UK businesses more secure in cyberspace. This follows a successful pilot scheme launched by the Prime Minister which included over 160 companies across a range of UK sectors.

At a UUK Round Table meeting today universities were invited to apply to be members of CISP.

Wednesday 11 September 2013

Presentation to be given at EDUCAUSE annual conference on 'IT Risk Assessment'

Princeton and Oxford will be giving a presentation entitled: "IT Risk Assessment: Two Universities Share Their Methodologies" at the EDUCAUSE Conference on October 16th.  If anyone attends, either in-person or online, please submit comments.

Interesting quote from 2013 Information Security Breaches Survey

David Willetts introduced the Survey at the InfoSec Europe 2013 conference, which contains an interesting quote, “93% of companies where the security policy was poorly understood had staff-related breaches versus 47% where the policy was well understood”.

This statistic is widely used to support IS awareness campaigns, but it begs a question.   How do you ensure security policy is well understood?   Especially in a devolved organisation like the University of Oxford?

IT Risk Management Exercise

EDUCAUSE has published an article, "IT Risk Management: Try This Exercise at Your Institution" to help institutions manage IT risk threat and IT risk opportunity more effectively.   It is based on experiences at Princeton and Oxford.

I would be interested in comments...