I. Background

Industry Story

Once More into the Breach

Security breaches have been found in higher education sector during the last few years. University of California, San Francisco (USCF) has discovered an unauthorised access to a file server storing Social Security numbers and bank account information, which has caused a potential data security breach impacting 46,000 individuals. Another security breach in University of California, Los Angeles has been reported that approximately 800,000 student, faculty, and staff records had been compromised in a series of intrusions.

According to John DiMaria of BSI Group, security breaches stem from poor risk analysis / management and consistency of processes. Most organisations think that technology is the answer to mitigating risk while they ignore the "Egg Shell" security problem (hard-core technology on the outside; firewalls, penetration testing, passwords, segmentation, etc., but no controls governing the information within the organisation's walls, lack of training and awareness, no classification of information, no formal controls, absence of or poor access and incident management, and so on). In essence, information security management is of the same importance of the technologies used for preventing security breaches.

A popular solution to information security management, as suggested by John DiMaria, is to adopt the international standards such as ISO 27001, which are used around the world and promotes the adoption of a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security management system.

See the article: http://campustechnology.com/Articles/2007/04/Once-More-unto-the-Breach.aspx?sc_lang=en&Page=1

Information Security Management System (ISMS)

An ISMS is a systematic approach to managing universities' sensitive information so that it remains secure. An ISMS includes a set of policies and procedures concerned with information security protection, encompassing three key elements: 1) people; 2) processes; and 3) IT systems.

Some well-known international standards of ISMS are ISO 27001, Standard of Good Practice (SOGP), COBIT and ITIL. Among them, ISO is the best known standard for ISMS, which helps to establish and maintain an effective information management system via a continual improvement approach.

 
Reference:
http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001/
http://www.bsi-emea.com/InformationSecurity/Overview/WhatisanISMS.xalter
Next page >
P.1 of 4