DMP-SS presented to JANET CSIRT Information Security Conference

JANET’s Computer Security Incident Response Team’s (CSIRT) annual conference took place in the Royal Society of Medicine on 10th November 2011. I had already been asked to present the outcomes of our TSB funded SHARE project which involved the use of a secure private cloud to host epidemiology research computing services. This was of particular interest to the delegates since it outlines the practical issues that we faced with contracts and formal certification to ISO-27001 of the working environment. When I was writing the talk I realised that the DMP-SS project represented an important component of the whole picture and illustrates the iterative nature of our information security approach. The whole slide deck is available here but the key message that I was looking to make is best summed up below.

Essentially, the use of data management plans in the development and ongoing curation of an information security management system is one of the core issues being explored by this project and I was interested to see what the views of delegates to this meeting would be to this proposal. I think its fair to say that there was broad agreement that this approach seems to address one of the critical challenges in establishing good information security within an academic research environment. The delegates at the meeting had confidence that they understood the technical issues relating to security but acknowledged that the management issues we perhaps the most profound and enigmatic.

This was indeed the conclusion of the first speaker, Richard Walton, who spoke eloquently on his long career advising government agencies on information security. He clearly outlines the importance of management issues, suggesting that most of the breaches in information security should be from the inside of an organisation.

A surprising outcome from this presentation was the chance meeting with UCL’s Deputy Head of Information Security, Luci Thomas. We had an opportunity to discuss the SHARE and DMP-SS projects in more detail and agreed to work closely with her team to ensure that the ISMS that we develop within the DMP-SS project can be applied across the broader UCL context.