Please note that we are not currently maintaining content for this Scoop.it! page. However, you can visit the EDUCAUSE Cybersecurity Initiative website for additional higher education information security resources.
On September 24-25, 2013, the Privacy Tools for Sharing Research Data project at Harvard University held a workshop titled "Integrating Approaches to Privacy across the Research Data Lifecycle." Over forty leading experts in computer science, statistics, law, policy, and social science research convened to discuss the state of the art in data privacy research. The resulting conversations centered on the emerging tools and approaches from the participants’ various disciplines and how they should be integrated in the context of real-world use cases that involve the management of confidential research data.
This workshop report, the first in a series, provides an overview of the long-term longitudinal study use case. Long-term longitudinal studies collect, at multiple points over a long period of time, highly-specific and often sensitive data describing the health, socioeconomic, or behavioral characteristics of human subjects. The value of such studies lies in part in their ability to link a set of behaviors and changes to each individual, but these factors tend to make the combination of observable characteristics associated with each subject unique and potentially identifiable.
Instead of focusing on a device or a user, it would be, “only about the data – not about the device, not about the network. You need to protect it, own it, revoke it.”
To do that in the next five years, he said, would require three things: “First, encrypt it with enterprise key management. That’s fundamental to any BYOD strategy.
“Second, it has to reside in a virtual container that I control, like an embassy that is subject to my rules and my laws. Somebody else can’t repurpose it, send it out on an email or do anything with it.
Finally, he said, it would have to possess egress policies that control who can access it. “If I want to revoke the key, I can hit a red button and it doesn’t matter if the bytes are still there, you can’t read them,” he said, contending that if the National Security Agency had had that kind of control over its data, it could have prevented whistleblower Edward Snowden from stealing and passing on classified information to journalists.
Georgetown University Law Center Dean William M. Treanor is pleased to announce the establishment of the new Center on Privacy and Technology. The Center will bring Georgetown Law’s legal expertise to bear on privacy debates in federal and state legislatures, regulatory agencies and the academy. It will also train Georgetown Law students to be leaders in privacy practice, policymaking and advocacy.
“We are in the midst of a debate about privacy that has the most profound importance, and the ways in which it is resolved will shape the most central aspects of our lives,” Treanor said. “The new Center on Privacy and Technology will ensure that our faculty and students stay at the forefront of that debate for years to come.”
National Cyber Security Awareness Month is just 3 months away. Have you started planning events and activities for your campus yet? Join EDUCAUSE and NCSA as we celebrate the 11th annual #NCSAM this October.
The pace of change for Information Technology is challenging established notions of "What is IT?" and "What is Information Security in the modern age?" For one example, the "new" data center technologies such as virtualization, Software-Defined Networking (SDN), service-oriented delivery models, and cloud computing have radically changed the typical IT infrastructure from a defined set of assets owned and controlled by the organization to a constantly fluctuating roster of resources that can come and go from IT department visibility and control.
As this has occurred, we have witnessed the equivalent of a Cambrian Explosion of new Internet-connected life forms--mobile devices, tablets, sensors, actuators, home appliances, monitoring systems, content access devices, and wireless terminals. Applications running on these devices range from recreation to services critical to the functioning of our social and economic infrastructure. Put it all together, and we expect that world population of Internet-connected devices will grow from today's 10 billion to over 50 billion by the year 2020.
From a security point of view, these IT changes, including the expansion of Internet-connected devices, lead to a corresponding increase in attack surface. Instead of the mission of protecting a reasonably known and enclosed IT perimeter, we now must be ready to secure any connected device humans can make against any threat a hacker can innovate. Clearly, using established security practices, except on a larger scale, will not suffice.
Plainly said, we need to think differently about cybersecurity.
Maintaining security on campus may at times appear to be an intractable problem. Yet, a recent survey by the security-focused SANS Institute suggests that some schools may be bringing on their own problems.
Certainly, you have a security system or two deployed in your network. These systems, such as Intrusion Prevention Systems (IPS) or next generation firewalls (NGFW), alert you of suspicious activity on a daily basis. Furthermore, you are probably compliant to whatever your industry mandates such as PCI. Well so are your peers, which begs the question of why so many organizations continue to get breached?
I would posit this is another case of not keeping up with the times. Let’s face it, when was the last time you evaluated your security infrastructure to determine if it could withstand the most recent threats?
October is National Cyber Security Awareness Month (NCSAM) and it is coming up quickly!
Please let us know if your campus is planning any events or activities in October. We are creating a list of 2014 campus events and we’d like to include as many higher education institutions as possible in our NCSAM Resource Kit. Feel free to share the URL or your plans with this list, or send an e-mail directly to firstname.lastname@example.org.
The Higher Education Information Security Council (HEISC) has also compiled a number of FREE educational materials that can be adapted for use at your institution in our Cybersecurity Awareness Resource Library. Or if your institution is seeking a presenter, we have a Speakers Bureau.
All of the resources mentioned above can be found on our NCSAM website: http://www.educause.edu/ncsam. We look forward to hearing from you and learning about what your institution is doing to promote the 11th annual National Cyber Security Awareness Month!
Implementing a security awareness program seems rather straightforward, until you actually start to implement one - factoring in things like resources and the people (users) to be trained. At that point, it can seem complicated, costly, and unnecessary. However, the process doesn't have to be a logistical and expensive nightmare, and it's certainly worth it in the long run.
While the Internet has given us the ability to run down the answer to almost any question, cybersecurity is a realm where past myth and future hype often weave together, obscuring what actually has happened and where we really are now. If we ever want to get anything effective done in securing the online world, we have to demystify it first.
The constant barrage of headlines trumpeting high-profile security breaches makes it easy to understand at a high level that hack attacks are on the rise, but mere words alone don't truly convey the scope of the constant threats. A mesmerizing example of data visualization by computer security firm Norse lets you see penetration attempts in real time, via a DEFCON-esque map that feels like it was ripped right from the old WarGames movie.
Witnessing the constant ping-ping-ping of individual penetration attempts is hypnotic. If you watch long enough, the map will explode in a frenzy of color, as coordinated mass-hack attacks blast across the globemost often out of China, and often pointed toward the U.S. The U.S. itself is the steady number two on the map's "Attack Origins" list, however.
The old adage that the only thing that's constant is change certainly applies to the world of information security. Whether it's the ever-shifting threat scenarios or the technologies designed to thwart them, new developments seem to be happening all the time.
Because of the dynamic nature of the security discipline, the skills organizations and their security programs need are also continually changing.
We checked in with a number of security executives, industry analysts and recruitment specialists to find out what they see as the most in-demand skills today and in the coming months. Here are some areas they noted.
Duke University Press alerted users on Tuesday that its website had suffered a “security incident.” In an email blast to people with site accounts, the publisher said that usernames and encrypted passwords had been exposed as a result of the breach but that no financial information had been compromised.
According to a spokeswoman, the press learned of the breach on May 29 and had been working with the university’s Office of Information Technology in the weeks since then to gauge the extent of the damage.