Why “Security” is not ME…
Thank you all for your feedback on our latest Bulletin article on “Security is YOU!”. Indeed, I can confirm that at CERN you are, in the first instance, responsible for: the computer security of the laptops, smart phones and PCs you use; the computing accounts and passwords you own; the files and documents you hold; the programs and applications you have installed or, in particular, written; and the computer services and systems you manage. In the free and liberal academic environment of CERN, I, as Computer Security Officer, decline that general responsibility.
_image.jpg?subformat=icon)
How can one take responsibility for something one does not control? Currently, I do not control the operating system you run, the programs and applications you install, the webpages you browse, the software you write, the files and documents you create, and the computing services you deploy. Dictating and restricting you to controlled solutions would contradict that freedom and liberty of academic working. Of course, we can change that, but I love CERN’s academic freedom too. So this is probably not the right way to go.
Rather, I see my role as finding a good balance between that academic freedom, the operational needs of the Organization and computer security - and in enabling YOU to assume your share of this balance. “Computer Security” has been delegated to you, but you are not alone. The Computer Security Team is ready to help you. We provide training and awareness, consulting and audits, general protection and detection services, as well as a central Computer Emergency Response Team (CERT). And there is the IT Department! You can delegate your responsibility to the IT Department, which provides a multitude of secured computing services.
In this respect, take this as an offer for 2013. Enjoy the end of the year and have a safe new year!
If you are interested in our work, feel free to subscribe to our monthly security report. For further information, please check our web site or contact us at Computer.Security@cern.ch.
Here are the winners of our “Hide & Seek” competition looking for confidential, but accidentally public, documents on CERN websites: Piotr Jasiun (EN/ICE), Stefan Petrovski (EN/ICE) and Charles-Edouard Sala (BE/ASR). Well done! Congratulations!
Access the entire collection of Computer Security articles here.
by Stefan Lueders, CERN Computer Security Officer
