Theme: Security

Several recent serious security incidents have underlined the vulnerability of educational and research data. It is essential that we share knowledge and experience, and that we collaborate to identify, locate and respond to security incidents, so that we can optimise the sector's resilience. 

Continuous adaptation to the information security standards is also necessary to guarantee the open nature of education and research without compromising security. 

Vrouw van achter gefotografeerd zitten op een bank met een mobiele telefoon in haar hand

Ambitions for Security

SURF's members are resilient to cyber-attacks and can guarantee the security of the open education and research environment within their own institution and sphere of influence. Thanks to the SURF Security Operations Centre (SOC) and the Security Incident & Event Monitoring (SIEM) service, the sector can recognise suspicious patterns in good time and the institutions can intervene promptly and adequately in case of security issues. Every 2 years, the SURF members review their security with the SURF Audit benchmark. SURF organises the OZON cyber security exercise every 2 years. SURF's members pool their expertise on cyber security and privacy in communities such as SCIRT and SCIPR. SURF facilitates the platform for Integral Safety in Higher Education (IV-HO) in which VSNU, VH and OCW collaborate to develop a safe learning and working environment in higher education.

Activities for 2021-2022

In order to realise these ambitions, we will continue to provide existing services and continue a number of projects already underway. In addition, we also need to change course and start up new projects.

SURF 2-Year Plan 2021-2022
Activities for Security

Main changes in direction

  • Development of the members' joint strategic vision for cyber security that provides direction and coherence to existing and new initiatives.
  • Development of new services in terms of the Security Operations Centre (SOC) and Security Incident & Event Monitoring (SIEM), which allow 24/7 monitoring of security issues.
  • Initial exploration of the implementation of Data Protection Impact Assessments (DPIAs) and security audits within SURF.

We will implement the changes in direction for 2021-2022 in the following new projects:

SURF 2-Year Plan 2021-2022
Change of course for Security
SURF 2-Year Plan 2021-2022
Available budget for Security