This NISO educational event will bring together a group of experts in systems and cybersecurity to discuss the key challenges currently facing the information community. From issues of authentication to the threats posed by ransomware, all organizations must prioritize protections for digital identities and assets. Libraries, funding agencies, content and platform providers, and end users are largely aware of the dangers, but hesitate over the potential inconvenience and hidden costs of addressing them. What can be done? This roundtable discussion will provide insights and encouragement.
Confirmed speakers are: David Batho, Head of Protective services, Jisc; Robb Burgess, Director of Technical & Security Operations, Silverchair; Skott Klebe, Principal Security Architect, EBSCO Information Services; Amy Pawlowski, Executive Director, OhioLINK; and Tina Price, Director, Security Governance, OCLC.
This Roundtable will be moderated by Todd Carpenter, Executive Director, NISO.
The discussion by participants touched on the following:
What are the three top areas of cybersecurity that create concern for you in your role? What do you see as the big challenges for stakeholders, whether they be libraries, platform providers or generators of content?
User authentication and access are fairly basic elements of any network for an institution or enterprise. What are some of the stumbling blocks there? With the rise in online education and remote working, is the situation getting better or worse?
Some forms of risk have been around for quite a while – phishing emails, concerns about inappropriate sharing credentials, etc. The digital information environment has been mainstream now for at least 30 years. Are there appropriate levels of awareness in most user populations? Have individuals gotten better at recognizing and avoiding behaviors that could create larger issues for an institution or organization?
What is the awareness of risk, of the Threat Environment apt to be at an institutional or enterprise level? How are they most likely to be blind-sided? And when they do experience some kind of breach or similar incident, what percentage are actually prepared on a practical level?
There may be a perception that cybersecurity is an area demanding a lot in terms of investment or other resources, whether that be in the form of IT staffing, ever-evolving system technology, or third-party protective services. What are you hearing from your stakeholders about realistic expectations of what they can actually do about some of these issues?
What are some of the preparations or practical strategies that stakeholders might make prior to an actual breach or other cyber event? And if they should fall victim to some sort of an attack, what should be the top priority in terms of protecting institutional data, resources, etc.?
Without resorting to scare tactics or other exaggeration, what is the threat level for the information industry? Is this an issue of properly communicating any gaps or breaches to partners? Or is there a more effective kind of collaboration that might be considered?
Resources shared by our panel:
Research & Education Networks Information Sharing & Analysis Center (REN-ISAC) - The Research and Education Networks Information Sharing and Analysis Center (REN-ISAC) serves over 700 member institutions within the higher education and research community by promoting cybersecurity operational protections and response.
Zero Trust Rapid Modernization Plan - As an alternative to deployment guidance that provides detailed configuration steps for each of the technology pillars being protected by Zero Trust principles, Rapid Modernization Plan (RaMP) guidance is based on initiatives and gives you a set of deployment paths to more quickly implement key layers of protection.
NISO assumes organizations register as a group. The model assumes that an unlimited number of staff will be watching the live broadcast in a single location, but also includes access to an archived recording of the event for those who may have timing conflicts.
NISO understands that, during the current pandemic, staff at a number of organizations may be practicing safe social distancing or working remotely. To accommodate those workers, we are allowing registrants to share the sign-on instructions with all colleagues so that they may join the broadcast directly.
Registrants receive sign-on instructions via email on the Friday prior to the virtual event. If you have not received your instructions by the day before an event, please contact NISO headquarters for assistance via email (firstname.lastname@example.org).
Registrants for an event may cancel participation and receive a refund (less $35.00) if the notice of cancellation is received at NISO HQ (email@example.com) one full week prior to the event date. If received less than 7 days before, no refund will be provided.
Links to the archived recording of the broadcast are distributed to registrants 24-48 hours following the close of the live event. Access to that recording is intended for internal use of fellow staff at the registrant’s organization or institution. Speaker presentations are posted to the NISO event page.
NISO uses the Zoom platform for purposes of broadcasting our live events. Zoom provides apps for a variety of computing devices (tablets, laptops, etc.) To view the broadcast, you will need a device that supports the Zoom app. Attendees may also choose to listen just to audio on their phones. Sign-on credentials include the necessary dial-in numbers, if that is your preference. Once notified of their availability, recordings may be downloaded from the Zoom platform to your machine for local viewing.