Information Systems Security

IT security, or more broadly Information Systems Security (SSI), is part of the digital strategy at UPHF and INSA HdF.

This applies to all the establishment's information systems (Training, Pedagogy, Human Resources, Research, Financial and Accounting, ...) integrating technical, human and legal resources.

It aims to protect the circulation, storage and processing of data in order to guarantee the continuity of the university's activity in a strategic context of stored digital data (scientific data, technological data, management data, personal data...).

The organization of the SSI in each ministry complies with interministerial directive n°901 on the protection of information systems dealing with sensitive non-classified defense information.

Within each ministry, there are

• A Senior Defense and Security Official reporting to the Minister (HFDS):

He advises the Minister on defense and security matters. He leads and coordinates policy on defense, vigilance, crisis prevention and emergency situations, and oversees the preparation of implementing measures. It oversees the protection of scientific and technical assets, coordinates information systems security policy and monitors its application.

• An Information Systems Security Officer (FSSI) designated and placed under the authority of the HFDS:

He leads the steering of the SSI within the ministry, he is the link with the AQSSI and RSSI. He liaises with interministerial and ministerial commissions specialized in SSI.

Within each facility, there are

• A Qualified Authority for ISS (AQSSI):

The head of the establishment. He defines the information systems security policy adapted to his establishment and sets its objectives. He/she ensures that regulatory provisions are implemented.

• A Deputy Defense Security Officer (DDS):

Designated by the AQSSI, he is the functional correspondent of the HFDS, he has a coordinating, advisory and information role concerning: the protection of scientific and technical potential, the protection of secrecy and the preparation/execution of defense and security plans.

• An Information System Security Manager (ISSM) + Deputy ISSM:

Appointed by the AQSSI, he/she advises the AQSSI, monitors the resources required to implement instructions and directives.
Further information to be found on Renater's dedicated ISS website

Awareness

IT security is not just the preserve of computer scientists in the DNum, components or technological processes, but well and truly everyone's business.

This is why the DNum is implementing a plan to prevent these risks by providing regular information on the highlights of security alerts and setting up events (conferences...) around digital security.

Technological environment

The university implements a certain number of technological building blocks enabling access to the institution's information systems in such a way as to follow national recommendations (e.g. size and complexity of passwords, access via VPN, multifactor authentication...) and works to consolidate environments and platforms along these lines.
You will find opposite the three tools implemented at UPHF:

• ESUP OTP (multifactor authenticator)
• eduVPN (VPN)
• Sesame (digital identity management, password, login...]