Monday 25th January
Timing: 1.30 - 3.00pm
Time to Talk about network security and its costs
Do you want to be the Finance Director who admits that s/he should have paid more attention to IT security? The most successful investor, Warren Buffett, is often quoted saying, “In the business world, the rear-view mirror is always clearer than the windshield.” Buffett is also famous for saying that you should only invest in things/organisations that you understand, which is a potential problem for FDs faced with requests for more investment in IT. This session is for CFOs and FDs who need to be able to speak the language of CIOs and Security Specialists and understand the "investment proposition".
As technology becomes more complex and threats more sophisticated, it’s a challenge to keep your online environment and physical infrastructure secure.
The National Cyber Security Centre’s (NCSC) ten steps to cyber security breaks down the task of defending networks, systems and information into its essential components and JISC has matched their key member services to those ten steps, shown in a graphic on the NCSC website. They are listed as:
1 Risk Management Regime
Define and communicate your Board’s Information Risk Management Regime.
2 Secure Configuration
Make sure your systems' configuration is secure and have a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities, usually via patching.
3 Home and mobile working
The current environment brings this to the fore - are your risk based policies and procedures applicable to users, as well as service providers?
4 Incident management
All organisations will experience security incidents at some point, but how should you deal with them?
5 Malware prevention
Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems and often have direct financial costs. The risks may be reduced by implementing appropriate security controls as part of an overall 'defence in depth' approach.
6 Managing user privileges
Giving users unnecessary system privileges or data access rights means that if the account is misused or compromised the impact will be more severe than it needs to be. Who has access to systems, "just because"?
7 Monitoring
System monitoring that aims to detect actual or attempted attacks on systems and business services is essential in order to effectively respond to attacks. Who does this and how do you know it's optimal?
8 Network security
The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. Have you locked all the doors and windows or are your relying on someone else to have done this?
9 Removable media controls
Would you use someone else's handkerchief? Most likely not so why would you use a flash drive that could introduce malware and the accidental or deliberate export of sensitive data.
10 User education and awareness
Users have a critical role to play in their organisation’s security and so it's important that security rules and the technology provided are understood by and enable users to do their job as well as help keep the organisation secure.
The costs of ignoring even one of these 10 steps could be even higher than putting them all in place, but there is a balance to be struck. As the main supplier of network services to the Higher Education sector, JISC has a range of services and in-house expertise that make sure the teaching and research environment is as secure as possible. This Time to Talk session, led by Steve Kennett, will explain how network security is not just about JISC and that university budgets to ensure your security need to be set carefully against the risks you face. Steve will use some anonymous examples from across the HE sector as well as some well-known examples from across the wider economy.
Tagged :
Type : Meeting
Please contact info@bufdg.ac.uk for more information