1 of 10

EUNIS Information Security SIG

  • Online workshop on vulnerability management
  • 25. February 2022

infosec@eunis.org

2 of 10

About EUNIS

European University Information Systems organisation (founded 1993)

Mission

  • "Help member institutions develop their IT landscape by sharing experiences and working together”

Members

  • Institutions (HEIs, national organisations; around 100 from 23 countries)
  • Corporate members (e.g. Blackboard, Oracle, SAP)
  • Individual members

2

3 of 10

Information Security SIG

Established in 2017

Mission

  • Help member institutions to build up information security management systems (ISMS)
  • Use information and expertise that is available at member institutions
  • Support information exchange through workshops, meetings and annual conference

Current leads

  • Asbjørn Reglund Thorsen, CISO at Sikt, Oslo, Norway
  • Thorsten Küfer, CISO at WWU Münster, Germany

3

4 of 10

4

Asbjørn

  • CISO@Sikt
  • EUNIS Security Special Interest Group (Security SIG) since 2018
  • Security geek and a pen-tester since 2008
  • Technical and management background
  • OWASP Norway arrangement committee

5 of 10

5

Thorsten

  • CISO@University of Münster
  • Head of WWU-CERT
  • Information security for 15 years
  • EUNIS Security Special Interest Group (Security SIG) since 2018

6 of 10

Information Security SIG

Past workshops

  • ‘Preparing for the GDPR’ in Berlin, 21. April 2017
  • ’GDPR – from challenges to solutions’ in Lisbon, 12. December 2017
  • ‘GDPR and Information Security’ in London, 10./11. December 2018
  • ‘GDPR and Information Security’ in Malaga, 27./28. January 2020

Virtual workshops

  • ‘Ransomware’ on 9. June 2020
  • ‘Data Protection and Cloud Security’, 27. October & 3. November 2020

6

7 of 10

Agenda

Friday, 25.02.2022

7

10.00 Welcome (Bas Cordewener, Board member EUNIS)

10.05 Introducing EUNIS Information Security SIG (Thorsten Kuefer, Lead of EUNIS InfoSec SIG / University of Muenster, GER)

10.10 Introduction to Vulnerability Testing (Asbjørn Reglund Thorsen, Lead of EUNIS InfoSec SIG / Sikt, Norway)

10.30 Poll

10.35 “Getting to know each other” (break-out groups of 3 pp)

10.50 The UNIT (now Sikt) and University of Oslo cases (Asbjørn Thorsen, Thorsten Kuefer, Espen Grøndahl University in Oslo)

11.30 Poll in Mentimeter & Discussion

11.55 Next steps, reporting and close

12.00 Options of Holm Security vs Greenbone, via GEANT David Heed, SUNET

12:15 Comparisons between, Nessus (paid version), OpenVAS/Greenbone (John Kallevik, Stavanger University)

12:25 Scan of University Porto (Francisco Peixoto, University of Porto)

Close at 12.30

8 of 10

Future topics

Set-up of organisational structures for information security (ISMS)

  • Resolve responsibilities within organisations (CIO/CISO/DPO)
  • Different approaches of member institutions
  • Risk analysis

Set-up of operational structures for information security

  • Incident response teams (IRT/CERT)
  • Proactive activities
  • Reactive activities

8

9 of 10

Ongoing tasks

Revive exchange

  • Mailing list infosec@eunis.org
  • Regular virtual meetings (“Coffee break”)
    • First Friday every second month
  • Occasionally F2F: workshop and session(s) at EUNIS conference

Define the scope of the SIG

  • Distinguish from other workgroups (TF-CSIRT, GÉANT WISE)
    • Connecting higher education institutions
  • Identify future topics

9

10 of 10

info@eunis.org