Logo of Humboldt-Universität zu BerlinLogo of Humboldt-Universität zu Berlin
edoc-Server
Open-Access-Publikationsserver der Humboldt-Universität
de|en
Header image: facade of Humboldt-Universität zu Berlin
View Item 
  • edoc-Server Home
  • Tagungs- und Konferenzbände
  • Proceedings of the 7th International Conference of European University Information Systems EUNIS2001 (Humboldt-Universität zu Berlin, 28.03.2001 - 30.03.2001)
  • View Item
  • edoc-Server Home
  • Tagungs- und Konferenzbände
  • Proceedings of the 7th International Conference of European University Information Systems EUNIS2001 (Humboldt-Universität zu Berlin, 28.03.2001 - 30.03.2001)
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
All of edoc-ServerCommunity & CollectionTitleAuthorSubjectThis CollectionTitleAuthorSubject
PublishLoginRegisterHelp
StatisticsView Usage Statistics
All of edoc-ServerCommunity & CollectionTitleAuthorSubjectThis CollectionTitleAuthorSubject
PublishLoginRegisterHelp
StatisticsView Usage Statistics
View Item 
  • edoc-Server Home
  • Tagungs- und Konferenzbände
  • Proceedings of the 7th International Conference of European University Information Systems EUNIS2001 (Humboldt-Universität zu Berlin, 28.03.2001 - 30.03.2001)
  • View Item
  • edoc-Server Home
  • Tagungs- und Konferenzbände
  • Proceedings of the 7th International Conference of European University Information Systems EUNIS2001 (Humboldt-Universität zu Berlin, 28.03.2001 - 30.03.2001)
  • View Item
2001-03-30Konferenzveröffentlichung DOI: 10.18452/1080
Enhancing information systems security in an academic organization
Morris, François
Humboldt-Universität zu Berlin
The purpose of this paper is to describe an approach to enhance the security in a research organization. The environment is very specific and unfavorable. Each site is directly connected to Internet. Many people are non permanent. The users are individualistic but also implied in worldwide cooperation. A large openness and many services are required. The security record is very bad but standard solutions cannot be directly applied. First we evaluate the threats keeping in mind the representation of the world we have (i.e. where we put the index in a scale from friendly to hostile), what are the assets to protect (respectability, research results), the cost of an incident. In a second step we define and implement a security policy. It is more an organizational than a technical problem (the firewall is not the panacea). The first target is people. The management must be involved. The technical staff must be trained, participate in a supporting network. The user must know the rules to follow (charter). An important point is to make the architecture manageable. Considering the security at the first stage of a project, separating and isolating the systems in different networks, standardizing allows to focus on few exposed systems. Before buying expensive hardware and software some simple actions as implementing filters in the routers can be performed. The third step is to measure how the security policy is efficient. Some tools can help: analysis of the reported incidents (logs), intrusion detection and simulation. This feedback leads to a new assessment of the risks and an adaptation of the policy. The security is a dynamic process. To raise he security level the investments were put on some key actions: training and education which were developed inside the organization, architecture (partition of the network, filters), measuring the security.
Files in this item
Thumbnail
Morris.pdf — Adobe PDF — 46.08 Kb
MD5: 43da09acfc7578179ca4ee7854971a33
1385_html.zip — Unknown — 44.39 Kb
MD5: 16d96b7531b7bb1765beddc6f5fad873
1385_xml.zip — Unknown — 6.554 Kb
MD5: d0d00dda157de9e8a260699245f17b22
Cite
BibTeX
EndNote
RIS
InCopyright
Details
DINI-Zertifikat 2019OpenAIRE validatedORCID Consortium
Imprint Policy Contact Data Privacy Statement
A service of University Library and Computer and Media Service
© Humboldt-Universität zu Berlin
 
DOI
10.18452/1080
Permanent URL
https://doi.org/10.18452/1080
HTML
<a href="https://doi.org/10.18452/1080">https://doi.org/10.18452/1080</a>