“We have the same challenges, so we share and collaborate”, explained Øivind Høiem (UNINETT), talking about the motives behind creating an app for students and employees of all Norwegian universities, providing information on what to do in emergencies. The app contains common and institution-specific details on physical and information security, aiming at creating a common security culture in higher education.
Øivind’s statement also accurately describes the main reason why information security experts from many European NRENs get together twice a year at the SIG-ISM (Information Security Management) workshops to discuss their issues and share solutions – they have the same challenges and the best way to overcome them is through collaboration. The most recent workshop took place on 5-6 October in Brussels, kindly hosted by BELNET. And it was all about collaboration – a very busy two-day programme entailed sharing experiences, working all together and in smaller groups.
First of all, the members of the regional groups (Nordic, Benelux and UK-Ireland) gave updates on their work and plans. One more regional group (German speaking countries) is being formed as a result of the workshop in Brussels.
Secondly, there was a discussion on what seems to be one of the most important questions for many Task Forces and Special Interest Groups right now – GDPR (General Data Protection Regulation). Although its implementation is getting close, some parts of the regulation related to information security are still unclear. A very lively discussion was a good platform to raise questions and share knowledge not only on how to meet the requirements of the regulation, but also at creative ways, such as story-telling to inform colleagues and constituents on what we all need to pay more attention to. At the end of the first day, the participants were invited to combine work and play by participating in a post-it brainstorm session to collect ideas for the GN4-3 security white paper, which were later rated based on their relevance and urgency.
The second day of the workshop was dedicated to working in groups, as established at the previous meeting at the beginning of the year. The Inventory for Security Officers group has made significant progress with 12 NRENs’ inventory entries, listing the most important security contact details and other relevant information. The other working group, Guidance for Setting up and running ISMS for NRENs, has focused on 3 areas of work: risks analysis, controls, and annual planning. Both groups will continue working together until the next meeting in 2018 in order to produce more detailed lists of contacts, advisory documents and forms that can then be used as a guidance for all NRENs.
Everybody knows that productivity of a group grows tremendously at face-to-face meetings – what we can do in 5 minutes in one room, takes 5 days when working together online. This SIG-ISM meeting was a great example of this: constructive, productive and motivating to keep sharing and collaborating in order to overcome the challenges that we all face.
More information about SIG-ISM: https://wiki.geant.org/display/SIGISM/SIG-ISM+Home