Enhancing information security of a university using computer ethics video clips, managed security service and an information security management system
暂无分享,去创建一个
An experience of enhancing information security for the ICT service department of a Japanese national university corporation is described. Information security is realized by the integration of people, processes, and technology. In order to enhance the people's side of information security, we have been using digital video clips, which are produced by a group of faculty members of Japanese universities. In order to enhance the technology side of information security, we have been using a managed security service and other means. We could reach 24 hours a day and 365 days a year monitoring at the doorway of the university using the service. However, we had no standard means to enhance the process side of information security until recently. This deficiency became an obstacle to making agreements between other universities on inter-university activities. This need also may be an obstacle to gaining reliance from users. In order to cope with this problem, we have decided to implement an information security management system (ISMS). It takes a lot of time and work to implement the ISMS. However, many parts of the ISMS were processes that we were already doing without any clear rules. The ISMS helps not only enhance information security but also improve daily work and management of the staff.
[1] Atsushi Nakamura,et al. Digital video clips covering computer ethics in higher education , 2005, SIGUCCS '05.
[2] Amanda Andress,et al. Surviving Security: How to Integrate People, Process, and Technology, Second Edition , 2001 .
[3] Tetsutaro Uehara,et al. Improving computer ethics video clips for higher education , 2008, SIGUCCS '08.
[4] Masato Masuya,et al. An experience of monitoring university network security using a commercial service and DIY monitoring , 2006, SIGUCCS.