terena logo
5 September 2014
Information Security Management SIG agreed during security, privacy and trust workshop
A breakout discussion about strategic views on security, privacy and trust, during the NREN Security Strategy Workshop.

Participants at a recent workshop about security, privacy and trust agreed to create a new Special Interest Group (SIG) under TERENA, with the main focus on "Information Security Management". Based on their recommendations, TERENA has also changed the name and focus of the activity's webpage from CISO (Chief Information Security Officer) to Information Security Management.

The 'NREN Security Strategy Workshop' was held on 3-4 September 2014, organised by TERENA and SURFnet and hosted in the SURFnet offices in Utrecht, the Netherlands. Almost 30 participants attended from 16 organisations across 15 countries, including Canada and Australia as well as countries in and around Europe. Reaching a shared view about international collaboration among NRENs (national research and education networking organisations) on security, privacy and trust was the main aim of the workshop. The formation of the new SIG provides a platform for future collaboration in this area.

Invited plenary speaker Jeroen van der Ham (University of Amsterdam) elaborated on the ethical issues of research data sharing and the way UvA deals with it, and Andrew Cormack (Janet) talked about the paradox of information sharing with regard to ethics and privacy law. Parallel group discussions were dedicated to the topics of security, privacy & trust strategy, knowledge sharing, trust frameworks, security services, international collaboration and organising the work of Chief Information Security Officers. The workshop concluded that harmonisation of strategies is needed, checklists can serve as the simplest security framework for products and services, and 'share with care' is an important maxim.

What is a Special Interest Group?

Special Interest Groups (SIGs) are a new instrument of TERENA. Rather than a Task Force with a fixed mandate, a SIG is more like a long-term working party around a topic of common interest. SIGs have the following features:

  • A charter defines the major objectives and planned roadmap. There are no defined work items such as deliverables, therefore no milestones and no work item leaders assigned.
  • Instead of a single chair person (or co-chairs), the members of a Steering Committee share the responsibility for guiding the focus and activities of the group.
  • Instead of a defined expiration date, the TERENA Technical Committee decides on the termination of a SIG based on measures and conditions explicitly defined in the Charter.
  • The support of TERENA personnel is provided on an on-demand basis.

A steering committee for the new SIG was formed during the workshop. A draft charter for the Information Security Management SIG will soon be written and circulated to the relevant mailing lists of TERENA. The former CISO mailing list has been renamed.

Mind the name changes

The new Information Security Management SIG homepage is at http://www.terena.org/activities/ism/.

The new mailing list is called: ism@terena.org.

All the former CISO list members and workshop attendees have been added to the new list. Self-subscription is also possible.

Further information

The workshop agenda and presentations are available online.