Share ideas that matter on the social web and experience
the benefits of curating the world's best content.
I don't have a Facebook, a Twitter or a LinkedIn account
|
Scooped by HE Info Sec Council onto Higher Ed Information Security |
Scoop.it!
Among your typical New Year's resolutions--lose weight, stop smoking, be happier--you should consider making some pledges to better secure your digital life. You might even be healthier if you can prevent the stress of a digital disaster, like malware wiping out your PC, having your online accounts hacked, or becoming a victim of identify theft because of a phishing scam or data theft. With that in mind, here are some security resolutions you should consider for the new year.
Are you sure you want to delete this scoop?
 Your new post is loading...
Scoop.it!
Natalie Runyon gives advice for breaking down the security and risk silos in your organization for a more collaborative enterprise risk management approach Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
(ISC)2 (“ISC-squared”), the world’s largest not-for-profit information security professional body and administrators of the CISSP and the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, today announced they have signed an agreement to collaborate on a new professional certification for information security. The combined initiative will address a significant concern over the security of modern business systems by establishing a common global understanding of professional knowledge and best practices in the design, implementation and management of cloud computing systems.
Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
The National Security Agency's PRISM program tapped directly into the servers of most of the web's largest companies, monitoring our search history, the content of emails, file transfers, and live chats, The Guardian alleges. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
With technology now at the center of nearly all business processes, information security is no longer simply an operational concern. It deserves a place on the board's strategic agenda. And that means the CISO needs to step up in the boardroom.
"Your organization will come under attack. It's not a matter of 'if.' It's a matter of 'when.' And security is no longer simply an operational concern. As technology has become the central component of nearly all business processes, security has become a business concern. As a result, information security should sit firmly on the boardroom agenda."
"It's not just about compliance... It's about overall risk management." Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.
Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The results, to say the least, were eye opening because they show how quickly even long passwords with letters, numbers, and symbols can be discovered.
The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. Security-conscious websites never store passwords in plaintext. Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that "5f4dcc3b5aa765d61d8327deb882cf99" and "7c6a180b36896a0a8c02787eeafb0e4c" are the MD5 hashes for "password" and "password1" respectively.
HE Info Sec Council's insight:
For more details on password hashing, see the earlier Ars feature "Why passwords have never been weaker—and crackers have never been stronger": http://arstechnica.com/security/2012/08/passwords-under-assault/ Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Michael Santarcangelo explains why pairing security pros with non-security people helps each partner do their job more effectively - and reduces risk for the enterprise Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
National Cyber Security Awareness Week is an annual Australian Government initiative held in partnership with industry, community and consumer organisations and all levels of government.
The aim of Awareness Week is to help Australians using the internet – whether at home, the workplace or school – understand the simple steps they can take to protect their personal and financial information online.
With nearly 1,400 partners coming together for Awareness Week, the message of cyber security will be heard around Australia through a range of events, including seminars, webinars, media, social media, and other distribution channels. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
When the moderator of a panel discussion at the recent RSA conference asked the audience how many thought their risk management programs were successful, only a handful raised their hands. So Network World Editor in Chief John Dix asked two of the experts on that panel to hash out in an email exchange why these programs don't tend to work.
Alexander Hutton is director of operations risk and governance at a financial services firm (that he can't name) in the Greater Salt Lake City area, and Jack Jones is principal and Co-Founder of CXOWARE, Inc., a SaaS company that specializes in risk analysis and risk management.
Jones: "Risk management programs don't work because our profession doesn't, in large part, understand risk. And without understanding the problem we're trying to manage, we're pretty much guaranteed to fail." Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
The gleefully sarcastic online game about collecting and selling personal data. Also available on Facebook!
HE Info Sec Council's insight:
Visit http://datadealer.com/ to try the game! 
HE Info Sec Council's curator insight,
May 22, 1:02 PM
Visit http://datadealer.com/ to play the game! Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal.
Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail. The IRS, on the other hand, publicly said last month that it would abandon a controversial policy that claimed it could get warrantless access to e-mail correspondence. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
The rapid proliferation of smartphones, tablets, and other mobile devices has created a new challenge for college and university IT administrators. With the use of personal mobile devices now mainstream, users of software increasingly expect to get things done on their smartphones. Unlike first-generation applications, such as campus bus schedules, a growing number of new offerings touch enterprise data. The time has come for IT managers to put measures in place that ensure mobile data security across the enterprise. Security issues throughout the enterprise mobile ecosystem, from physical devices to app distribution to the actual code being executed on smartphones, must be systematically addressed. A number of new open-source and community-source technologies can help, including the Kurogo Mobile Platform and the Kuali Mobility for the Enterprise (KME) platform. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
A 2002 CSOonline article reminds us that despite what progress and advances we witness in the industry, security's mission doesn't change Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Did you know that there are 13 million Facebook users who have never touched their Facebook privacy settings?
That may seem like a small number when taken in light of the 751 million monthly active users the company recently reported but 13 million is still a number which should not be dismissed.
According to this infographic, 28 percent of all Facebook users share all, or almost all, of their wall posts with an audience wider than just their friends.
Furthermore, 11 percent of Facebook users said that someone else has tried to use their login without their permission.
Delete the scoop?
Are you sure you want to delete this scoop?
Yes
|
Scoop.it!
An impressive 85 percent of educational institutions allow students, teachers and faculty to use personal devices on school networks. This is a huge opportunity for professors and students to engage in new learning styles — and for hackers and criminals to gain access to networks and potential sensitive data.
Mobile computing has created a new demand for access and bandwidth that colleges are struggling to meet. Almost no organizations can afford to supply devices quickly enough for voracious mobile consumers. As a result, students and professors have resorted to bringing their own devices on campus. When managed properly, BYOD can solve a number of problems, but when BYOD goes wrong, universities can find themselves in real trouble.
Bradford Networks recently released a survey of K–12 and higher education IT and network professionals, focusing on BYOD technologies and policies. The results indicate that there is great opportunity for students and professors as well as enormous risk... Via IS Decisions 
IS Decisions's curator insight,
June 11, 4:10 AM
How to make BYOD work? Organizations need to secure their wireless networks and offer security to BYOD. Software that allows you to secure network access across all sessions types - including Wi-Fi and VPN permit an organization to control their wireless networks and offer security to BYOD.
Happy to say the new UserLock 7 offers Wi-Fi session control to mitigate BYOD risk and strengthen the first line of defense in a Windows Network. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
What are the essential ingredients for making a security awareness program successful? Check out these 9 tips from CSO contributors on how to make awareness work in your organization. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Researchers from the Georgia Institute of Technology have created a “malicious charger” able to hack any iOS device simply by plugging it in. Via IT Security Unplugged Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
John Pescatore compares Idaho State University's (ISU) projected cost of settling HIPAA violations with the US Department of Health and Human Services (HHS) to what it would have cost the university to implement security controls that could have (helped) protect its systems from breaches. The estimated cost to ISU, including the fine, the costs of managing the breach, and the implementation of a Corrective Action Plan is US $1 million over two years. Putting in place certain Critical Security Controls that would have detected the issue that exposed patient data would cost an estimated US $75,000. Even adding in extras like vulnerability assessments and monitoring would put the cost at US $500,000, equivalent to one year's share of the above cost. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
A $100 million database set up to store extensive records on millions of public school students has stumbled badly since its launch this spring, with officials in several states backing away from the project amid protests from irate parents.
The database, funded mostly by the Bill & Melinda Gates Foundation, is intended to track students from kindergarten through high school by storing myriad data points: test scores, learning disabilities, discipline records - even teacher assessments of a child's character. The idea is that consolidated records make it easier for teachers to use software that mines data to identify academic weaknesses. Games, videos or lesson plans would then be precisely targeted to engage specific children or promote specific skills.
The system is set up to identify millions of children by name, race, economic status and other metrics and is constructed in a way that makes it easy for school districts to share some or all of that information with private companies developing education software. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
This infographic highlights the top skills organizations are looking for in a security professional. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Security executives are stepping in line and forming their own strategies, approaches, and use cases to achieve that new competitive edge. CISO’s are conquering this frontier by reducing risk and fraud, whether it stems from cyber data loss or questionable customer transactions.
In general, businesses have made progress in laying the foundations for the required technical data-mart infrastructure and the organization structure to support big data security initiatives. And yet, there is much work to be done in other component areas of the complex journey of building the successful security program.
Organizations can benefit by leveraging existing skilled and proven data scientists from within the core business community to propel the journey forward.
Here are seven ways that CISOs of banking institutions can leverage the Security Data Scientist.
HE Info Sec Council's insight:
Although this is an article about the banking industry leveraging security data scientists, it offers steps that may be relevant for the higher education community. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Idaho State University (ISU) has agreed to pay $400,000 to the U.S. Department of Health Human Services (HHS) to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The settlement involves the breach of unsecured electronic protected health information (ePHI) of approximately 17,500 patients at ISU’s Pocatello Family Medicine Clinic.
ISU operates 29 outpatient clinics and is responsible for providing health information technology systems security at those clinics. Between four and eight of those ISU clinics are subject to the HIPAA Privacy and Security Rules, including the clinic where the breach occurred.
The HHS Office for Civil Rights (OCR) opened an investigation after ISU notified HHS of the breach in which the ePHI of approximately 17,500 patients was unsecured for at least 10 months, due to the disabling of firewall protections at servers maintained by ISU. OCR’s investigation indicated that ISU’s risk analyses and assessments of its clinics were incomplete and inadequately identified potential risks or vulnerabilities. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Are we creating a cyber professional salary bubble that will eventually burst, asks Holly Ridgeway, SVP and CISO enterprise systems at PNC.
"It is a great time to be in the cyber security field. But, have you noticed the growing challenges of recruiting and retaining good cyber talent? Six-figure salaries used to take years to achieve. Now, if you have a specialized cyber skill set, you can attain that figure with only a few years of experience. So, the question is: Are we growing cyber professionals who do not have the foundation needed to perform at a sustained level? Are we so desperate for these skill sets that we are willing to outbid each other?" Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Security experts have proposed a simple way for websites to better secure highly sensitive databases used to store user passwords: the creation of false "honeyword" passcodes that when entered would trigger alarms that account hijacking attacks are underway.
The suggestion builds on the already established practice of creating dummy accounts known as honeypot accounts. It comes as dozens of high-profile sites watched user data become jeopardized—including LivingSocial, dating site Zoosk, Evernote, Twitter, LinkedIn, and eHarmony to name just a few from the past year. Because these dummy accounts don't belong to legitimate users of the service and are normally never accessed, they can be used to send a warning to site administrators when attackers are able to log in to them. The new, complementary honeyword measure—proposed in a research paper titled "Honeywords: Making Password-Cracking Detectable—was devised by RSA Labs researcher Ari Juels and MIT cryptography professor Ronald Rivest, the latter who is the "R" in the RSA cryptography scheme. 
Joerg Asma's curator insight,
May 9, 12:11 PM
From Honeypot 2 HoneyWord - interesting approach, but hoy to avoid honeywords u dont know Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Each year, the Executive Women's Forum announces their "Women of Influence" Awards at their annual EWF event.
The awards, co-presented by Alta Associates and CSO Magazine, recognize outstanding women in several categories: one winner from the public sector, a private solutions provider from the security industry, a corporate practitioner from the private sector, and a "One to Watch," a future leader in the security field. This year, a lifetime achievement award was also given. The winners were nominated by peers in the security community.
CSO asked each winner of the 2012 WOI awards to give us their perspective on their success, lessons learned in their careers — and how women are making their mark in the security industry today. Delete the scoop?
Are you sure you want to delete this scoop?
Yes
Scoop.it!
Thanks to an exploding number of wellness apps and wearable devices, you may be beaming biodata into the cloud right now. As the Quantified Self movement picks up steam, who stands to profit? (Hint: not you.) And can those cashing in on Big Data use your heart rate against you? (Take a guess.) Delete the scoop?
Are you sure you want to delete this scoop?
Yes
|
