The Special Interest Group on Information Security Management (SIG-ISM) met on 8-9 October 2024 at the GÉANT office in Amsterdam.
The new Steering Committee was introduced, and some changes to internal working procedures and meeting frequency were discussed. The position of chair remains vacant.
Cynthia Wagner shared RESTENA’s approach towards BCM based on ISO 22301 and the new requirement of conducting Business Impact Analyses. David Heed provided insights into the Swedish Threat Landscape based on ORKL, and presented the ISO 27001 certification project, with a focus on automating security audits for GRC (governance, risk, compliance).
The Security Roadmap for GÉANT, NIS2, and GN5-2 were presented by Alf Moens, and open questions remain, whether national transposition of the NIS2 directive also applies to R&E. Ana Alves discussed GÉANT’s Security organisation and the various teams.
Further discussion focused on common engineering for Security tools, and a predefined risk register for the community, by the community. Roderick Mooi presented the CTI sharing activities and the upcoming Security Intelligence Hub for the R&E community. The requirement to engage more in CTI sharing was highlighted.
As the meeting came to a close, Klaas Wieranga presented the CoreAAI platform as a central service to trust reducing and controlling data sharing, tech strategy, and the upcoming four day CTO workshop. Finally, Leonardo Marino provided an insightful presentation regarding Cyber Security Month activities since 2019.
Subscribe to the mailing list to keep up to date with SIG-ISM activities.
Find out more about SIG-ISM: https://community.geant.org/sig-ism/