Program Title: Creating Effective Cybersecurity
ILS: General
Program Description: Whether you’re a systems administrator leading a team or a lone librarian in multiple roles, the steps to create effective cybersecurity are available to you. Using ISO27001 as the underlying framework and emphasizing a proactive, 20/80 approach (20% effort for 80% results), this session will cover the fundamental knowledge for ensuring a more secure IT environment and how to specifically create an effective data security program at your institution. The session will begin with Data Security. What is data security? What are we securing against? What is a good backup? How often does one take backups? And of what? I’ll bring up the usefulness of Amazon S3 for this purpose, since it is effective and cheap but will provide other cloud solutions they may already have access to. To begin a Data Security program, participants will need to conduct an audit. Because there is so much data, it’s important to sit down with various stakeholders in your institution and find out what data is truly essential to their activities. I’ll show a simple worksheet to help manage this discussion with stakeholders and help rank which data and services are essential. I will also give participants a simple email template they can send to their vendors to ask them what steps are being taken to secure their data. These responses from vendors can be used to fill in the worksheet. During this portion we will briefly break down the ISO27001 document since vendors will often cite it. Having the essential data infrastructure mapped out, the next step is the Disaster Response planning meeting: a simple sit down meeting with various stakeholders to discuss possible responses. I will use the worksheet from the previous section to show how participants can guide this discussion and get a useful outcome that should greatly assist in responding to high-impact cybersecurity events.
Speaker/ Information: Alan McCarthy-Behler
Presentation located below