Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Risk Assessment and Management
  • Security Baselining 
  • Training and Awareness 
  • Crisis Management
  • Information Exchange 
  • ...

Please contact Sigita Jurkynaite (sigita.jurkynaite@geant.org) to add your topic for the agenda - we are looking for presentations or discussion topics (either plenary or break out).

Venue:

Santaka Valley KTU Science,

...

K. Baršausko g. 59, Kaunas

Agenda:

Contributions are welcome!



Tuesday - 16 AprilWednesday - 17 AprilThursday - 18 April
09:
00
15







Arrival

, Coffee

Arrival
, Coffee
09:30The new Trusted CI Framework - (Bob Cowles, Trusted CI)

Data Breach Management. GDPR One Year On - where are we today?

Michel Gerdes (DFN-CERT)

MENTI SURVEY RESULTS

10:00
Interactive session on trust building

Security KPIs and Reporting - Christian Fötinger (University of Applied Sciences Augsburg)

Additional documents:

Metrics and Key Performance Indicators for Information Security Reports of Universities - Matthias Mödinger (Master Thesis)

Information Security Report template:

ENGLISH

GERMAN

A universal guideline for the implementation of a specific ISMS for all Bavarian universities and universities of applied sciences using the example of the University of Applied Sciences Augsburg - Sabine Schnitzler (Master Thesis)

Group work reports, Future Collaborations
10:30Coffee BreakCoffee Break
11:00

SIG-ISM meeting

  1. SURFnet Threat Assessment Report 2018 - Bart Bosma (SURFnet)
  2. DeiC updates: ISO 27001-certification project, DeiC/DKCERT GDPR service for Universities, hosting the new Decentral Cyber and Information Security Unit for the Danish telecom sector - Henrik Larsen (DeiC)
  3. RUS-CERT Universitaet Stuttgart introduction - Oliver Goebel (RUS-CERT)

Community updates

WISE meeting

  • High Throughput data transfers (security issues) - Ralph Niederberger (Juelich)
    1. SCI maturity assessment - Uros Stevanovic (KIT)
    2. Communication in Security Challenges - David Groep (NIKHEF)

    3. Sharing Threat Intelligence - David Crooks (STFC
    SCI maturity assessment - Uros Stevanovic (KIT
    1. )

    Group work reports, Future Collaborations

    11:30Meeting evaluation 
    12:00Closing, Light Lunch, Departures
    12:30Arrival, Registration, Light LunchLunch
    13:00
    13:30Welcome, Introductions

    Group 1:

    Information Exchange: Who you gonna call?

    1. Inventory-contact lists. What's next? Planning an exercise based on the Global CEO Forum Security group experience -
    Linda Cornwall, (STFC) &
    1. Alf Moens (SURFnet)
    2. Communication in Security
    Sharing information about incidents
    1. Challenges - David Groep (NIKHEF)
    2. Sharing Threat Intelligence - David Crooks (STFC)



    Group 2:

    Risk Assessment and Management

    Tabletop exercise to test existing Risk Assessment and Management documents. In groups. Led by Šarūnas Grigaliūnas (LITNET)

    The goal of Table top exercise is to test existing Risk Assessment and Management documents (https://wiki.geant.org/display/SIGISM/SIG+ISM+white+paper+risk+management) and ISO/IEC 27005:2018 (Information security risk management) standard.

    The LITNET CERT provides each group with 3 incident descriptions and details of the IS profile (Academic IS, ELABA, Vulnerable server). A completed document (Service-/Systemprofile) part and a description of the consequences of the incident provided as well.

    The task of the group is to fill in the risk assessment part of the document according to the incident. Discussion in groups: Aim to identify and possibly extend a document with social and human factors (ISO/IEC 27005:2018)











    14:00
    14:30

    WISE: activities, working groups, relevant topics

    Hannah Short (on behalf of Dave Kelsey

    (

    , WISE Chair)

    15:00Coffee BreakCoffee Break
    15:30

    Building trust through Interoperable Policies:

    SCI - Hannah Short (on behalf of Dave Kelsey

    (WISE Chair

    )

    AARC2 Policy Development Kit - Hannah Short (CERN)

    Baseline AUP - Ian Nelson (STFC)

    Group

    Topic 1:

    Training and Awareness

    European Cyber Security Month: planning an awareness campaign. Brainstorm session.

    Introduction to Risk Management: course materials created and tested by Alf Moens (SURFnet) - feedback session


    Group 2:

    Security Baselining

    Discussion led by Nicole Harris (GÉANT)





    16:00

    GN4-3 WP8 T2: Security Baseline - Nicole Harris (Task Leader, GÉANT)

    16:30CLAW: A Crisis Management Exercise that puts NRENs to the test - Charlie van Genuchten (SURFnet)

    Topic 2:

    Security Baselining

    Discussion led by Nicole Harris (GÉANT).

    Slides Mentimeter | Wiki Space

    17:00Closing remarksClosing remarks
    EVENING
    18:30Dinner at Restaurant Vista Puode19:00 Dinner (Restaurant 'Uoksas')