Učitavanje video playera...
02:15:15
CUC 2004 WS2 Aco Dmitrović - Security Policy in Academic Environment: Design and Implementation
Internet is not a friendly place where academic elite communicates and generously shares its knowledge anymore. It has become commercialized, politicized, spammed, spied and all in all a totally insane place. Nevertheless, we must all use it and learn how to live in those polluted conditions. IT professionals must organize and implement defensive and preventive measures.
Before any technical means of defence can be deployed, there must be a Security Policy in place, which gives users the basic rules of acceptable behaviour, and IT personnel authority to act.
In our workshop, we will present the industrial standards that serve as a starting point in creation of Policies, such as ISO 17990 and NIST draft for Internet Security Policy. Then we will argue that such rigid standards are not well suited for the academic environment, where a certain degree of freedom is necessary to support research, education and invention. While some rules can be very similar in both commercial and academic organizations, policies must be localized and adapted to a specific culture.
