An experiment in security at the University of Poitiers

Abstract

Ensuring the security of the information systems in an university is not simple. When this university is scattered over about fifteen different sites, the security measures become very complex. Moreover, when you consider this university is one of the oldest in France, it is easy to understand that the habits acquired, either through the user-friendly access to the system or through ignorance, can imperil the security of the information systems. Within four years, we have tried to raise the security level so that the risks incurred would become acceptable without, as yet, plunging into an ocean of debt or destroying all attempts at innovation as far as research or pedagogy goes. Indeed the world of education presents the special characteristic of leaving a large freedom of action to the personnel, that is to say limiting restrictions and constraints, and, on the other hand, of having to enforce a large security to protect our patrimony. We will develop the following points : the organization and the administrative measures that have been taken, the objectives and the technical choices, and the financial balance. The administrative part relies on the organization that has been set up, the training of the security agents and the development of awareness of the users. On the technical level, the points approached will be the choices entailed by the architecture of the network and the deployment of protective barriers at a general as well as targeted level. Finally a financial balance, by entries of expenses incurred, will be shown.