Events > Event Details

Feedback

Time to Talk about network security and its costs

Date: 25th January 2021

Location: Online: MS Teams - 1.30-3.00pm

Price: Free

Bookings have now closed - please contact bookings@bufdg.ac.uk for more information

Monday 25th January

Timing: 1.30 - 3.00pm

Time to Talk about network security and its costs

Do you want to be the Finance Director who admits that s/he should have paid more attention to IT security? The most successful investor, Warren Buffett, is often quoted saying, “In the business world, the rear-view mirror is always clearer than the windshield.” Buffett is also famous for saying that you should only invest in things/organisations that you understand, which is a potential problem for FDs faced with requests for more investment in IT. This session is for CFOs and FDs who need to be able to speak the language of CIOs and Security Specialists and understand the "investment proposition".

As technology becomes more complex and threats more sophisticated, it’s a challenge to keep your online environment and physical infrastructure secure.

The National Cyber Security Centre’s (NCSC) ten steps to cyber security breaks down the task of defending networks, systems and information into its essential components and JISC has matched their key member services to those ten steps, shown in a graphic on the NCSC website. They are listed as: 

1  Risk Management Regime

Define and communicate your Board’s Information Risk Management Regime.

2  Secure Configuration

Make sure your systems' configuration is secure and have a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities, usually via patching. 

3  Home and mobile working

The current environment brings this to the fore - are your risk based policies and procedures applicable to users, as well as service providers?

4  Incident management

All organisations will experience security incidents at some point, but how should you deal with them?

5  Malware prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems and often have direct financial costs. The risks may be reduced by implementing appropriate security controls as part of an overall 'defence in depth' approach.

6  Managing user privileges

Giving users unnecessary system privileges or data access rights means that if the account is misused or compromised the impact will be more severe than it needs to be. Who has access to systems, "just because"?

7  Monitoring

System monitoring that aims to detect actual or attempted attacks on systems and business services is essential in order to effectively respond to attacks. Who does this and how do you know it's optimal?

8  Network security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. Have you locked all the doors and windows or are your relying on someone else to have done this?

9  Removable media controls

Would you use someone else's handkerchief? Most likely not so why would you use a flash drive that could introduce malware and the accidental or deliberate export of sensitive data. 

10 User education and awareness

Users have a critical role to play in their organisation’s security and so it's important that security rules and the technology provided are understood by and enable users to do their job as well as help keep the organisation secure.

The costs of ignoring even one of these 10 steps could be even higher than putting them all in place, but there is a balance to be struck. As the main supplier of network services to the Higher Education sector, JISC has a range of services and in-house expertise that make sure the teaching and research environment is as secure as possible. This Time to Talk session, led by Steve Kennett, will explain how network security is not just about JISC and that university budgets to ensure your security need to be set carefully against the risks you face. Steve will use some anonymous examples from across the HE sector as well as some well-known examples from across the wider economy.


Bookings have now closed - please contact bookings@bufdg.ac.uk for more information

 

 

This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of the site and services and assist with our member communication efforts. Privacy Policy. Accept cookies Cookie Settings