A problem to report? A question to ask?In case of doubt, question, event, suspicious site or email... Go directly to RSSI: rssi@uphf.fr |
Description
IT security, or more broadly Information Systems Security (SSI), is part of the digital strategy at UPHF and INSA HdF.
This applies to all the establishment's information systems (Training, Pedagogy, Human Resources, Research, Financial and Accounting, ...) integrating technical, human and legal resources.
It aims to protect the circulation, storage and processing of data in order to guarantee the continuity of the university's activity in a strategic context of stored digital data (scientific data, technological data, management data, personal data...).
SSI functional chain
The organization of the SSI in each ministry complies with interministerial directive n°901 on the protection of information systems dealing with sensitive non-classified defense information.
Within each ministry, there are
- A Senior Defense and Security Official reporting to the Minister (HFDS):
He advises the Minister on defense and security matters. He leads and coordinates policy on defense, vigilance, crisis prevention and emergency situations, and oversees the preparation of implementing measures. It oversees the protection of scientific and technical assets, coordinates information systems security policy and monitors its application.
-
An Information Systems Security Officer (FSSI) designated and placed under the authority of the HFDS:
He leads the steering of the SSI within the ministry, he is the link with the AQSSI and RSSI. He liaises with interministerial and ministerial commissions specialized in SSI.
Within each facility, there are
- A Qualified Authority for ISS (AQSSI):
The head of the establishment. He defines the information systems security policy adapted to his establishment and sets its objectives. He/she ensures that regulatory provisions are implemented.
- A Deputy Defense Security Officer (DDS):
Designated by the AQSSI, he is the functional correspondent of the HFDS, he has a coordinating, advisory and information role concerning: the protection of scientific and technical potential, the protection of secrecy and the preparation/execution of defense and security plans.
- An Information System Security Manager (ISSM) + Deputy ISSM:
Appointed by the AQSSI, he/she advises the AQSSI, monitors the resources required to implement instructions and directives.
Further information to be found on Renater's dedicated ISS website
Actions implemented for SSI
Awareness
IT security is not just the preserve of computer scientists in the DNum, components or technological processes, but well and truly everyone's business.
This is why the DNum is implementing a plan to prevent these risks by providing regular information on the highlights of security alerts and setting up events (conferences...) around digital security.
Juridical- Internal regulations
Each user of the establishment: student, administrative staff, technical staff, teacher, researcher and guest is responsible for the digital resources (networks, machines, platforms...) made available to them.
These responsibilities, rights and duties are defined in a legal act validated by the UPHF Board of Directors and called Règlement intérieur des usages des systèmes d'Information.
There is also the PSSIE (Politique de Sécurité des Systèmes d'Information de l'État) regulation, which defines national guidelines for information systems security, and to which ministries and state-owned public establishments must submit.
More information on the PSSIE
Technological environment
The university implements a certain number of technological building blocks enabling access to the institution's information systems in such a way as to follow national recommendations (e.g. size and complexity of passwords, access via VPN, multifactor authentication...) and works to consolidate environments and platforms along these lines.
You will find opposite the three tools implemented at UPHF:
- ESUP OTP (multifactor authenticator)
- eduVPN (VPN)
- Sesame (digital identity management, password, login...]