Towards Protecting Critical Infrastructure The Role of Information Security Management in Australian Universities Lauren May, Tim Lane
Outline • Goals • IS Threats/Issues in the Tertiary Sector • The Need for a Systemic Approach • The Survey • Practitioner’s Management Model • The Trial • Conclusion
Goal of this research To improve the culture of compliance towards information security in the Australian university sector.
IS Threats in the Tertiary Sector Universities: • host a large number of diverse systems • IT exploration and research • reflect community standards
Issues in Tertiary Environment • Challenge of cultures and technologies • academia needs • corporate and business requirements • transient and explorative student base
IS Issues in Tertiary Environment • Balance of requirements • conflicts of priorities • coordinated security approach • acceptance in environment
The Need for a Systemic Approach to Managing Security • existing approaches - standards • no single point of understanding • analysis of factors and issues • need systemic approach to ISM which will progress appropriate good practice
The Survey ... • Participants: all 38 Australian universities – 100% response • current status of ISM ? • key issues surrounding ISM ? • how to improve ISM ?
... The Survey – key findings • existing approaches • awareness, understanding • structured coordinated model • management support • resources
In trial at Southern Cross University • IS practitioner • senior management • IT staff • non-IT staff (end users)
Conclusion • IS - an important role in universities • comprehensive survey supports concepts • model focuses on how to transparently progress security knowledge to implementation • in trial at Southern Cross University • future research – benchmarking, measurement