2. Organisation of ISBP 2010
- To maintain the influence of the Information Security Advisory Group (and hence the ICTF)
- To maintain the link with ODIT
- To redress the balance of resources for OxCERT
- To have dedicated roles to work full time on the project where necessary
- To provide the relative expertise in Information Security and project management/organisation
- To maintain and - where possible - improve the communications and reporting framework to include the ICTF, ODIT and PICT
- To engage with other relevant functional groups (such as Administrators etc).
The proposed solution is to create a new post within OxCERT and for OxCERT to extend their remit from being purely an incident response team to including wider Information Security duties. This will allow OxCERT (via the chair of the IS-AG) to continue to provide the necessary expertise and be responsible for the ISBP 2010 project whilst maintaining their other roles and responsibilities. The OxCERT post will be funded for 18 months (to cover the duration of the next phase of the project) though OUCS have agreed that the post will be created for a period of 3 years. This was felt necessary to provide adequate time to train and embrace a new member of the team. This will mean that the project is led by Jonathan Ashton of OXCERT and reports will go via Roger Treweek (head of Networks and Communications in OUCS) to PICT. Paul Jeffreys is Project Sponsor.
The remainder of the ISBP 2010 funding will cover the post of Project Manager for 18 months which will continue to be filled by Miranda Llewellyn. In terms of communication, the role of the IS-AG will remain the same as the involvement and influence of the ICTF continues to be critical to the future success of the project. One of the first jobs for the Advisory Group however will be to determine how to extend and define the scope of the project, and how to incorporate the relevant functional groups (such as Administrators etc.) in the process.