This session consists of three presentations.
Featured Speakers
Harald Gilch, HIS-Institut für Hochschulentwicklung, Germany:
More than technology: crisis management after cyber-attacks – recommendations for higher education management #54
The rising risk of cyber-attacks has prompted higher education institutions to enhance their preparedness. Alongside bolstering IT security, it is crucial to establish effective crisis management protocols to enable swift responses. This paper presents a phase model of crisis management following cyber-attacks, based on case studies of affected universities in Germany, and provides guidelines for each phase. Dealing with a cyberattack requires not only the restoration of IT systems but also the management of a crisis experience for the entire university organization and its members. Preparation for crisis management following a cyber-attack is an ongoing task for higher education management, as the threat will continue to increase in the future.
Download the presentation
Pekka Seppänen and Hanne Kesänen, University of Helsinki:
Raising Information Security Awareness – Case: Information Security Test in the University of Helsinki #58
Cyber incidents targeted at higher education institutions have become more common in Europe in recent years and phishing campaigns, for example, are nowadays a regrettable part of daily life at universities. The best ways to develop and maintain the information security awareness of the University’s staff and students have been under much consideration at University of Helsinki in recent years, and one of the tools chosen for this was the University of Helsinki IT Security Test. The purpose of the test is to provide a quick and easy way for University staff and students to maintain their IT security knowledge and to safeguard their university activities from security threats. The short, annual test is mandatory for all staff members and degree students. The test was launched three years ago. In our presentation, we will walk through the process of how the test has been organised, also from a technical point of view, and what lessons we have learned from it and how the University staff and students have welcomed the test. According to the feedback, most of the University of Helsinki’s staff and students have considered the IT security test meaningful and easy. On the other hand, some have found the mandatory test inconvenient and even unnecessary. We will also reflect on the possible impact the test has had on the information security awareness of the University staff and students.
Download the presentation
Agnethe Sidselrud and Stine Rønnes, The Norwegian Directorate for Higher Education and Skills, Norway:
Governance of information security and safety within international academic cooperation – how to assess and manage the risks? #40
The HE sector’s core tasks are research, education, and dissemination of knowledge, with
academic freedom and openness as central values. These tasks and values often seem contradictory to efforts within security and safety and can challenge management of information security at the higher education institutions (HEIs). New geopolitical situation makes it even more important that the HEIs prioritizes information security and build competence, raising awareness and understanding of how these areas affect each other, and that the ongoing governance and management of information security must be a prerequisite for being able to carry out core tasks, i.e. research and education.
The Norwegian Directorate of Higher Education and Skills (HK-dir) has assessed the main values, threats, weaknesses and risks in management of information security in the HE-sector with regard to national and civil security. The Directorate has also published national guidelines for responsible academic cooperation, and addressed several important risk reducing measures for information security that must be implemented before the research cooperation or mobility projects can get started.
In this presentation we will share the recommendations included in the new national guidelines for responsible academic cooperation about how to assess risk and find the right risk reducing measures. We will also share our insight about what challenges the HEIs might meet in assessing and tackling the risk. The presentation will conclude with our recommendations about measures that prove cost-effective and ensure long lasting effect at all levels of management of information security.
Download the presentation