Managing Risk in the Information Community

Jill O'Neill, Scholarly Kitchen Chef, served as the coordinator and moderator for this program.

In anticipation of the discussion, the following questions have been posed to our speakers:

What is the size and scope of the problem from your specific viewpoint? Is the problem getting worse, and why?

Given a perception that cybersecurity is a demanding area in terms of continual investment needed of time, money, etc. what are realistic expectations of stakeholders in terms of risk management?

User authentication and access are fairly basic elements of any network for an institution or enterprise. How far do those options go in mitigating risk? What are some of the stumbling blocks encountered?

What are some of the preparations or practical strategies that stakeholders could adopt prior to an actual breach or other incidence of cybercrime? If “security breach” plans have been developed by the library, how frequently do those need to be reviewed or updated? Are there recognizable or predictable events or shifts that ought to trigger a review, regardless of whether a cybercrime has occurred?

Are there cross-sector initiatives that the community can monitor in order to stay ahead of the problem. How can libraries as well as platform and service providers collaborate successfully?

Related Information and Shared Resources:

Scholarly Networks Security Initiative (SNSI) - SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of institutional and personal data. Members include large and small publishers, learned societies and university presses and others involved in scholarly communications.

ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements - ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet.

The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.

Learning Lessons from the Cyber-Attach: British Library cyber incident review - This paper aims to provide an overview of the cyber-attack on the British Library that took place in October 2023 and examines its implications for the Library’s operations, future infrastructure, risk assessment and lessons learned. Its purpose is to ensure a common level of understanding of key factors that may help peer institutions and other organisations learn lessons from the Library’s experience.

NIST Cybersecurity Framework - Helping organizations to better understand and improve their management of cybersecurity risk

NISO Webinar: Cybersecurity, October 2022 - This NISO educational event brought together a group of experts in systems and cybersecurity to discuss the key challenges currently facing the information community. From issues of authentication to the threats posed by ransomware, all organizations must prioritize protections for digital identities and assets. Libraries, funding agencies, content and platform providers, and end users are largely aware of the dangers, but hesitate over the potential inconvenience and hidden costs of addressing them. What can be done? This roundtable discussion provided insights and encouragements.