Embed Size (px)
Citation preview
ISMS@SWITCH and ISMS-WG with the SWISS Universities
SWITCH 2015
Christa Falkensammer [email protected]
© 2015 SWITCH
• Christa Falkensammer • Mother of three • Since 2009 at SWITCH • Project leader ISMS and ISO27001 Certifcation • Information Security Officer since Januar 2014
About me
2
© 2015 SWITCH
• Short Indroduction SWITCH • ISMS@switch • ISMS Collaboration with the Swiss Universities
Agenda
3
© 2015 SWITCH 4
About
© 2015 SWITCH
About SWITCH Facts and Figures
5
• Foundation formed 1987 • Purpose: Neutral technology and service platform for Swiss Universities in different ICT Fields
• Mission: SWITCH is opening up the knowledge space
• Employees: Approx 100 • Based in Zurich
© 2015 SWITCH
About SWITCH Organizational structure
6
© 2015 SWITCH 7
1. SWITCH Community • Cantonal universities • Federal universities & research institutions • Universities of applied sciences • Universities of teacher education 2. Extended Community • Other organizations involved in research
or education • E.g. University hospitals, libraries,
research institutions, … 3. Commercial customers • Other organizations & commercial
customers (.ch / .li Registry, Hosting by switchplus, CERT)
Commercial customers
SWITCH Extended Community
About SWITCH Our Customers
SWITCH Community
© 2015 SWITCH
For university IT departments – SWITCHlan (University Network, fibre-optic, up to 100 Gbit/s) – SWITCHcert (Computer Emergencies) – SWITCHham (Spam Protection) – SWITCHaai (Authentication Autorization Infrastructur) – SWITCHprocure (efficient software procurement) – ect….
For the academic Community – SWITCHengines (storage and computing power on demand) – SWITCHdrive (online storing of files) – SWITCHfilesender (send files via SWITCH cloud) – ect….
For Commercial Customers – .ch/.li Registry – Domains and Hosting by switchplus – SWITCHcert (Computer Emergencies for banks)
About SWITCH Services
8
© 2015 SWITCH 9
ISMS @ SWITCH
© 2015 SWITCH 10
2012 2013 Okt Nov Dez Jan Feb März April Mai Juni Juli Aug Sep Okt Nov Dez Jan Feb März April
2014 Mai Juni Juli Aug Sept
Implementation Phase
Operation Phase
Preparation for audit
ISMS@SWITCH ISMS ISO27001 Certification
September 2014:
© 2015 SWITCH
ISMS@SWITCH Scope of ISO27001
11
© 2015 SWITCH 12 12
Development and Conception
(„Plan“)
Measurements of results, target
achievement („Check“)
Development and
Implementation („Do“)
Optimizing, Improvement
(„Act“)
ISMS@SWITCH PDCA Cycle
Input • System Analysis • Business Impact Analysis • Audit Reports • Security Incidents • General Security Information Output • Risk Assessment
Input • Risk Assesment
Output • Risk Treatment
Input • Risk Treatment
Output • ISMS Reports • Update of Documentation
Input • Audits • Measurement of ISMS efficiency
Output • Reports
© 2015 SWITCH
• Definition of the Scope • Establishing rules and policies in an environment which is
not used to it • Verification of policy compliance
ISMS@SWITCH Challenge at the ISMS Project
13
© 2015 SWITCH
• WISE-Workshop, Terena • Workgroup with the Swiss Universities • centr.org (Counsil of European National Top Level
Domain Registry) • Internal Audits with denic and nic.at
ISMS@SWITCH Collaboration and Experience Exchange
14
© 2015 SWITCH
ISMS@SWITCH CENTR Award
15
© 2015 SWITCH 16
ISMS Workgroup with the Swiss Universities
© 2015 SWITCH
An evaluation of the level of interest towards ISMS and the need of creating an ISMS Working group has been done in September 2013. The heads of IT of 26 Institution received a Questionnaire. 19 replied.
Question sections:
• Level of IT-Security at the Institution • Rights management • Incident management • Information Security Management Officer • Norms and Laws • Formal IT-Security analysis of new projects • Risk Management • Operations (Backup, Restore, BCM…) • Need for Coordination
Collaboration with the Universities Questionnaire
17
© 2015 SWITCH
One of the outcome of the Questionnaire was that, Coordination from SWITCH on the issue of ISMS desired. (16 answered with yes and 3 didn’t answer that question)
Collaboration with the Universities Foundation, Facts and Figures
18
• The ISMS Working Group was then foundet in March 2014
• The first workshop was in Mai 2014 • Purpose of the wg: an informally coordination of
the ISMS between Institution of the Swiss higher education sector and a promotion of an open information exchange between their CISO’s.
• An ISO27k is NOT the scope of this working group
© 2015 SWITCH
19 Participants out of 15 Institution • École polytechnique fédérale de Lausanne (EPFL) • Swiss Federal Institute of Technology in Zurich (ETHZ) • University of Applied Science Northwestern Switzerland (FHNW) • University of Applied Science and Arts Western Switzerland (HES-SO) • Lucerne University of Applied Sciences and Arts (HSLU) • University of Teacher Education (PHZH) • SWITCH • University of Basel (UNIBA) • University of Berne (UNIBE) • University of Fribourg (UNIFR) • University of Geneva (UNIGE) • University of Lausanne (UNIL) • University of St.Gallen (UNISG) • University of Zurich (UZH) • University Hospital Zurich (USZ)
Collaboration with the Universities Members
19
© 2015 SWITCH
1. WG 15.5.2014 • All Institution present the status of their ISMS activities
2. WG 19.9.2014 • Several Presentations about Risk Management and Risk Treatment followed by
discussion and experience from each institution. (the topics are selected with a poll)
3. WG 13.2.2015 • Several Presentations about Data classification and Business Continuity Management
followed by discussion and experience from each institution
4. WG 16.9.2015 • Several Presentation about Asset Classification and Inventory, Accesspolicy and Risk
Management followed by discussion and experience exchange.
Collaboration with the Universities Meetings
20
© 2015 SWITCH
• Variety of the Institution – Size – Security Organizations – Objectives regarding IT Security
• The Institutions estimates the exchange • The workgroup is growing and always well attended
Collaboration with the Universities Challenges and Chances
21
© 2015 SWITCH 22
Thanks for your attention! Questions?
