Higher Education ...
Follow
Find
4.7K views | +0 today
Scooped by Higher Ed InfoSec Council
onto Higher Education & Information Security
Scoop.it!

Is Security Awareness Time and Money Wasted? A Different Perspective - The Security Skeptic

Is Security Awareness Time and Money Wasted? A Different Perspective - The Security Skeptic | Higher Education & Information Security | Scoop.it

"Dave Aitel recently published an article that generated a fair bit of controversy. In Why You Shouldn't Train Employees for Security Awareness, David claims that money spent on security training for employees would be better spent on securing networks and assets, concluding that "organizations will be much better off if the CSO/CISO focuses instead on preventing network threats and limiting their potential range. Employees can't be expected to keep the company safe; in fact it is just the opposite. Security training will lead to confusion more than anything else.

 

Aitel makes many valid points. These should not be discounted or ignored because he's arguing against a seemingly prevailing opinion regarding security awareness. One important argument Aitel raises is that users are overmatched, outgunned, and out numbered. This argument is hard to dispute, and no awareness program I know of can prepare users for the diverse and constantly changing threat landscape they face. Combine this with the "trajedy of the URL", where we often teach users to be secure at the expense of making use of the very convenience hyperlinks offer, and I'll admit that, in this context, it is hard to argue that awareness makes a difference.

 

Aitel explains that the efficacy of security awareness programs is not corroborated by "broad statistical evidence", and offers anecdotal data suggesting that on average, organizations with security programs still see "a click-through rate on client-side attacks of at least 5 to 10 percent."

 

Here is where my perspective on security awareness programs begins to differ from Dave Aitel's. His conclusions are not wrong, but Security awareness programs ought to do more than teach users how to avoid click-through and client-side attacks."

more...
No comment yet.
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Security Must Evolve to Be ‘All About the Data’

Security Must Evolve to Be ‘All About the Data’ | Higher Education & Information Security | Scoop.it

Instead of focusing on a device or a user, it would be, “only about the data – not about the device, not about the network. You need to protect it, own it, revoke it.”

 

To do that in the next five years, he said, would require three things: “First, encrypt it with enterprise key management. That’s fundamental to any BYOD strategy.

 

“Second, it has to reside in a virtual container that I control, like an embassy that is subject to my rules and my laws. Somebody else can’t repurpose it, send it out on an email or do anything with it.

 

Finally, he said, it would have to possess egress policies that control who can access it. “If I want to revoke the key, I can hit a red button and it doesn’t matter if the bytes are still there, you can’t read them,” he said, contending that if the National Security Agency had had that kind of control over its data, it could have prevented whistleblower Edward Snowden from stealing and passing on classified information to journalists.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Georgetown Law Launches Center on Privacy and Technology

Georgetown Law Launches Center on Privacy and Technology | Higher Education & Information Security | Scoop.it

Georgetown University Law Center Dean William M. Treanor is pleased to announce the establishment of the new Center on Privacy and Technology. The Center will bring Georgetown Law’s legal expertise to bear on privacy debates in federal and state legislatures, regulatory agencies and the academy. It will also train Georgetown Law students to be leaders in privacy practice, policymaking and advocacy. 

 

“We are in the midst of a debate about privacy that has the most profound importance, and the ways in which it is resolved will shape the most central aspects of our lives,” Treanor said. “The new Center on Privacy and Technology will ensure that our faculty and students stay at the forefront of that debate for years to come.”

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

A Tough Corporate Job Asks One Question: Can You Hack It?

A Tough Corporate Job Asks One Question: Can You Hack It? | Higher Education & Information Security | Scoop.it
To combat the growing threat of online breaches, companies and governments are hiring chief information security officers — whose main responsibility is to make sure data systems are secure.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The CSO of the future

The CSO of the future | Higher Education & Information Security | Scoop.it
What skills, background and education does a security executive need if they want their career to evolve?
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Let's Get Ready for NCSAM 2014 | EDUCAUSE.edu

Let's Get Ready for NCSAM 2014 | EDUCAUSE.edu | Higher Education & Information Security | Scoop.it

National Cyber Security Awareness Month is just 3 months away. Have you started planning events and activities for your campus yet? Join EDUCAUSE and NCSA as we celebrate the 11th annual #NCSAM this October.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

8 ways the password is dying

8 ways the password is dying | Higher Education & Information Security | Scoop.it
From smartphones that know you’re near to tattoos and even pills, high-tech companies are busy replacing pesky strings of text with easier ways to authenticate. Check out the future here.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

10 Ways To 'Fix' Cybersecurity

10 Ways To 'Fix' Cybersecurity | Higher Education & Information Security | Scoop.it

Ten cyberexperts offer up their best ideas for stemming the threats we face when it comes to digital security.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

3 Strategies for the New Era of Enterprise Cybersecurity

3 Strategies for the New Era of Enterprise Cybersecurity | Higher Education & Information Security | Scoop.it

The pace of change for Information Technology is challenging established notions of "What is IT?" and "What is Information Security in the modern age?" For one example, the "new" data center technologies such as virtualization, Software-Defined Networking (SDN), service-oriented delivery models, and cloud computing have radically changed the typical IT infrastructure from a defined set of assets owned and controlled by the organization to a constantly fluctuating roster of resources that can come and go from IT department visibility and control.

 

As this has occurred, we have witnessed the equivalent of a Cambrian Explosion of new Internet-connected life forms--mobile devices, tablets, sensors, actuators, home appliances, monitoring systems, content access devices, and wireless terminals. Applications running on these devices range from recreation to services critical to the functioning of our social and economic infrastructure. Put it all together, and we expect that world population of Internet-connected devices will grow from today's 10 billion to over 50 billion by the year 2020.

 

From a security point of view, these IT changes, including the expansion of Internet-connected devices, lead to a corresponding increase in attack surface. Instead of the mission of protecting a reasonably known and enclosed IT perimeter, we now must be ready to secure any connected device humans can make against any threat a hacker can innovate. Clearly, using established security practices, except on a larger scale, will not suffice.

 

Plainly said, we need to think differently about cybersecurity.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

SANS Report: Central Admin Largest Security Risk for Higher Ed

SANS Report: Central Admin Largest Security Risk for Higher Ed | Higher Education & Information Security | Scoop.it
Maintaining security on campus may at times appear to be an intractable problem. Yet, a recent survey by the security-focused SANS Institute suggests that some schools may be bringing on their own problems.
Higher Ed InfoSec Council's insight:

Original SANS Report: https://www.sans.org/reading-room/whitepapers/analyst/higher-education-open-secure-35240

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

FCC Will Push Network Providers on Cybersecurity, Wheeler Says

FCC Will Push Network Providers on Cybersecurity, Wheeler Says | Higher Education & Information Security | Scoop.it
If private companies don't improve their security efforts, the agency will step in with regulations, the FCC's chairman said
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Here's One Big Way Your Mobile Phone Could Be Open To Hackers

Here's One Big Way Your Mobile Phone Could Be Open To Hackers | Higher Education & Information Security | Scoop.it
Unsecure Wi-Fi networks have been a well-known vulnerability in the tech industry for years. They can let even an unsophisticated hacker capture your traffic and possibly steal your identity.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

AIG cyber insurance covers bodily harm

AIG cyber insurance covers bodily harm | Higher Education & Information Security | Scoop.it
AIG said it's expanding cyber insurance to cover property damage and bodily injury. It's another sign the digital and physical worlds have merged.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

4 Universities Band Together to Share and Protect Digital Resources

4 Universities Band Together to Share and Protect Digital Resources | Higher Education & Information Security | Scoop.it

The online-education boom has made technology vendors powerful. So powerful, in fact, that some university officials say it’s getting harder and harder to update their technology without placing themselves under the sway of outside companies.

 

Now four major research universities are trying to promote strength in numbers. They are creating a consortium, called Unizin, that they hope will help member institutions innovate on their own terms.

 

“Unizin is a strategic move by universities to assert greater control and influence over the digital-learning landscape than would otherwise be possible by any single institution,” the founders write in a news release. The four institutions are Colorado State University, Indiana University, the University of Florida, and the University of Michigan.

 

Unizin will negotiate contracts with technology vendors for products and services that many universities already buy individually. But instead of implementing the technologies locally, member institutions will get a set of “sewn-together services” from Unizin in exchange for dues, says Bradley C. Wheeler, vice president for information technology at Indiana.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Some Things Should Be Banned from the Internet of Things

Some Things Should Be Banned from the Internet of Things | Higher Education & Information Security | Scoop.it

The unknown danger in connecting an increasing number of analog objects, such as light bulbs, to the Web is worrying policy advisers.


The "Internet of Things” just might have too many things, says Richard Danzig, a member of the Defense Policy Board and the President’s Intelligence Advisory Board. 

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

6 steps to win executive support for security awareness programs

6 steps to win executive support for security awareness programs | Higher Education & Information Security | Scoop.it

Obtaining C-Level support for security awareness programs can be tough, so Ira Winkler and Samantha Manke share a handful of tips for appealing to the executives in your organization.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

No money, no problem: Building a security awareness program on a shoestring budget

No money, no problem: Building a security awareness program on a shoestring budget | Higher Education & Information Security | Scoop.it
Implementing a security awareness program seems rather straightforward, until you actually start to implement one - factoring in things like resources and the people (users) to be trained. At that point, it can seem complicated, costly, and unnecessary. However, the process doesn't have to be a logistical and expensive nightmare, and it's certainly worth it in the long run.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The 5 Biggest Cybersecurity Myths, Debunked | Opinion | WIRED

The 5 Biggest Cybersecurity Myths, Debunked | Opinion | WIRED | Higher Education & Information Security | Scoop.it
While the Internet has given us the ability to run down the answer to almost any question, cybersecurity is a realm where past myth and future hype often weave together, obscuring what actually has happened and where we really are now. If we ever want to get anything effective done in securing the online world, we have to demystify it first.
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Technology in LED smart lights raises privacy concerns

Technology in LED smart lights raises privacy concerns | Higher Education & Information Security | Scoop.it
A California company has found as way to turn energy-saving LED bulbs into smart networks that can collect and feed data
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Watch the Web Get Hacked in Real Time on this Mesmerizing Map

Watch the Web Get Hacked in Real Time on this Mesmerizing Map | Higher Education & Information Security | Scoop.it

The constant barrage of headlines trumpeting high-profile security breaches makes it easy to understand at a high level that hack attacks are on the rise, but mere words alone don't truly convey the scope of the constant threats. A mesmerizing example of data visualization by computer security firm Norse lets you see penetration attempts in real time, via a DEFCON-esque map that feels like it was ripped right from the old WarGames movie.

 

Witnessing the constant ping-ping-ping of individual penetration attempts is hypnotic. If you watch long enough, the map will explode in a frenzy of color, as coordinated mass-hack attacks blast across the globemost often out of China, and often pointed toward the U.S. The U.S. itself is the steady number two on the map's "Attack Origins" list, however.

Higher Ed InfoSec Council's insight:

Also see the Smithsonian's article showing the map: http://www.smithsonianmag.com/smart-news/nets-dark-side-watch-people-try-hack-each-other-live-180951823/?no-ist

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

7 tips for protecting your AWS cloud

7  tips for protecting your AWS cloud | Higher Education & Information Security | Scoop.it
Code Spaces was hacked and had to shut down - what can you learn from this?
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Today's Top Skill Sets in Security -- and Why They're in Demand

Today's Top Skill Sets in Security -- and Why They're in Demand | Higher Education & Information Security | Scoop.it
The old adage that the only thing that's constant is change certainly applies to the world of information security. Whether it's the ever-shifting threat scenarios or the technologies designed to thwart them, new developments seem to be happening all the time.

 

Because of the dynamic nature of the security discipline, the skills organizations and their security programs need are also continually changing.

 

We checked in with a number of security executives, industry analysts and recruitment specialists to find out what they see as the most in-demand skills today and in the coming months. Here are some areas they noted.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Another Higher-Ed Data Breach, This Time at a University Press

Another Higher-Ed Data Breach, This Time at a University Press | Higher Education & Information Security | Scoop.it

Duke University Press alerted users on Tuesday that its website had suffered a “security incident.” In an email blast to people with site accounts, the publisher said that usernames and encrypted passwords had been exposed as a result of the breach but that no financial information had been compromised.

 

According to a spokeswoman, the press learned of the breach on May 29 and had been working with the university’s Office of Information Technology in the weeks since then to gauge the extent of the damage.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

The Privacy Paradox, a Challenge for Business

The Privacy Paradox, a Challenge for Business | Higher Education & Information Security | Scoop.it
A new global survey of consumers found that businesses — more than hackers or government — are seen as a threat to the privacy of personal information.
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

How Apple iOS 8 eases some privacy concerns

How Apple iOS 8 eases some privacy concerns | Higher Education & Information Security | Scoop.it
When Apple releases iOS 8 in the fall, corporate employees who use their iPhones and iPads for work will have better privacy protection when walking in places with Wi-Fi networks.

 

Another privacy feature being added to iOS 8 is to make DuckDuckGo the default search engine in the Safari browser. DuckDuckGo is considered more secure than competitors because it does not track users or collect and store personal information.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

How Well Do Tech Companies Protect Your Data From Snooping?

How Well Do Tech Companies Protect Your Data From Snooping? | Higher Education & Information Security | Scoop.it
We looked at 15 top companies and services that handle your email or store your data every day to see what steps they take to keep it from prying eyes. See how they stack up.
more...
No comment yet.