Higher Education ...
Follow
Find
4.7K views | +0 today
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Obama Discusses Computer Security With Corporate Chiefs

Obama Discusses Computer Security With Corporate Chiefs | Higher Education & Information Security | Scoop.it
President Obama is looking for support as he presses for legislation that would give the administration new technological tools and broader authority in the battle against computer attacks.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

More Privacy Perils: Facebook Data Is Greater Than The Sum Of Your Likes

More Privacy Perils: Facebook Data Is Greater Than The Sum Of Your Likes | Higher Education & Information Security | Scoop.it

New research from the University of Cambridge in England can accurately predict a person's political slant, age, gender and even if they're gay based on their Facebook Likes.

 

The report, Private traits and attributes are predictable from digital records of human behavior, was just posted on the Proceedings of the National Academy of Sciences, and is coauthored by David Stillwell and Michal Kosinski of the University of Cambridge and Thore Graepel, of Microsoft Research in Cambridge. In the authors’ words, the study shows that, “easily accessible digital records of behavior, Facebook Likes, can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender.”

more...
Higher Ed InfoSec Council's comment, March 13, 2013 10:06 AM
The article also states: "There is a corollary here with computer security. The accumulation of too much data about any one entity in a single location poses a threat. In cyber security, this risk is mitigated by dispersing data in such a way that no one bit of it leads to any other. Studies like this one from Cambridge suggest that we may need to think about privacy in similar ways. Using third-party tools to distribute our data among different servers—preferable ones that users possess their own unique encryption keys to—may be the only way to prevent third parties from painting possibly misleading pictures of us without our consent or knowledge."
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

DNA hack could make medical privacy impossible

DNA hack could make medical privacy impossible | Higher Education & Information Security | Scoop.it

It may now be possible for anyone, even if they follow rigorous privacy and anonymity practices, to be identified by DNA data from people they do not even know.

 

A paper published in January in the journal Science describes a process by which it's possible to identify by name the donors of DNA samples, even without any demographic or personal information. The technique was developed by a team of geneticists at MIT's Whitehead Institute for Biomedical Research and is intended to demonstrate that science and technology have surpassed the techniques and laws currently in place for safeguarding private medical data, according to Yaniv Erlich, a fellow at Whitehead and member of the research team.

 

The point was not to reveal private information, but to demonstrate a systemic weakness that will require research, debate and new laws and technology to overcome, Erlich says. The technique relies on the custom of passing family names down through the fathers family. By statistically modeling the distribution of family names, the researchers were able to narrow the list of possible contributors of DNA samples. They then pinpointed individuals using a range of other publicly available sources, none of which were directly connected to the original donors and none of which included protected personal data.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Hot security skills of 2013

Hot security skills of 2013 | Higher Education & Information Security | Scoop.it
We asked, experts answered: Here's what you need to know to stay marketable

 

Most successful CSOs will tell you it was a unique mix of skills that propelled them to their current position. Technical background is important, certainly, but practice in the business and excellence in communication are paramount for any CSO truly worthy of a place in the C-suite. We don't expect that to change any time soon.

 

But every few years, a few super-hot skills get added to the mix, ones that will make you even more attractive (to your company and to future employers) and keep you on top of your game. You may need to bring in some of these skills by maintaining a well-rounded staff, rather than by acquiring them yourself.

Higher Ed InfoSec Council's insight:

The article suggests that these skills are among the most important right now: Diverse technology experience; Fluency in the IT side of physical security; Advanced data-protection expertise; Business and financial acumen; Good communication skills; and Adaptability.

 

Are there other skills you’d recommend in order to remain a successful CSO or CISO?

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Cybersecurity Boon or Privacy Threat?

Cybersecurity Boon or Privacy Threat? | Higher Education & Information Security | Scoop.it

Rights advocacy groups and security practitioners remain on opposite ends of the spectrum on the merits of sharing information as a means to improve cyber security.

 

The Electronic Frontier Foundation, the Center for Democracy and Technology and other groups have vigorously opposed the Cyber Intelligence Sharing and Protection Act (CISPA), contending that it's a major threat to privacy.

...

Security practitioners, however, view CISPA and information sharing in general quite differently.

 

At the RSA Conference 2013 here this week, several security experts said that threat information sharing is a vital piece of the effort to improve cyber security at a time when attacks against U.S. organizations are escalating sharply.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

ERM: The basics

ERM: The basics | Higher Education & Information Security | Scoop.it
An introduction to ERM (Enterprise Risk Management) for security, IT and operational risk professionals. ISO and COSO frameworks; risk measurement and prioritization; mini-case studies and real-world ERM examples.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Applying Big Data Approaches to Information Security a Challenge

Applying Big Data Approaches to Information Security a Challenge | Higher Education & Information Security | Scoop.it

Applying big data approaches to information security can help enterprises build better situational awareness capabilities, but implementation could prove to be a major challenge, security experts said at the RSA Conference 2013 being held here this week.

 

Companies such as RSA and Symantec are using the conference to spell out their strategies of using new data aggregation, correlation and analytics approaches to help enterprise sift through huge sets of structured and unstructured data for threat indicators. The idea is that such data aggregation and correlation will help companies spot trends and threats that conventional signature-based security tools are unable to detect.

Higher Ed InfoSec Council's insight:

Two similar articles on the topic of big data, analytics, and security: 

 

Do Enterprise Security Teams Want 'Big Data Security'? http://www.cio.com/article/729526/Do_Enterprise_Security_Teams_Want_Big_Data_Security_

 

RSA: Big Data, Analytics Services Will Secure Data Centers

http://www.cio.com/article/729386/RSA_Big_Data_Analytics_Services_Will_Secure_Data_Centers

 

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Mobile (Post-PC) in Higher Education
Scoop.it!

Mobile security startup PassBan offers smartphone owners a slew of authentication options—including one you can wear

Mobile security startup PassBan offers smartphone owners a slew of authentication options—including one you can wear | Higher Education & Information Security | Scoop.it

A mobile security startup called PassBan thinks the best way to keep mobile devices secure is to allow people to choose from a bevy of different authentication options—including one that you wear on your wrist.


Via Stephen diFilipo
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

World’s first on-device mobile intrusion prevention system

World’s first on-device mobile intrusion prevention system | Higher Education & Information Security | Scoop.it
At the Mobile World Congress 2013 in Barcelona, Spain, mobile security firm Zimperium introduced the world’s first on-device Mobile Intrusion Prevention System to protect BYOD organizations from a variety of cybersecurity threats such as spear-phishing,...
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

(ISC)2 report says security departments are understaffed

A panel discussion at RSA later today will look at results of the sixth annual Global Information Security Workforce Study (GISWS) from education and certification provider (ISC)2.

 

“The Threat Horizon: The 2013 Global Information Security Workforce Study,” delves into what (ISC)2 officials say is a troubling shortage of skilled security professionals that is having a ripple effect on the global economy.

 

The study surveyed more than 12,000 information security professionals. More than half – 56 percent - of CISOs surveyed for the report feel their security organizations are short-staffed.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Certificate authorities band together to boost security

Certificate authorities band together to boost security | Higher Education & Information Security | Scoop.it
Education on the proper use of certificates is needed in the industry, analyst says

 

At a time when certificate authorities are under attack by cybercriminals, a group of companies has formed an alliance to try to improve the security of the CA infrastructure.

 

Members of the Certificate Authority Security Council, announced Thursday, include Comodo, Trend Micro, Symantec, GMO GlobalSign, Entrust, DigiCert and Go Daddy. Some of the companies have recently suffered compromises of their CA systems.

 

Until now, the CAs has participated in other industry groups, such as the Certification Authority/Browser Forum. The council will be the first group in which the companies can speak with a "unified CA voice," councilmember Robin Alden, chief technology officer of Comodo, said in a blog post.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Password Protect Your Devices - 10 Incredibly Simple Things You Can Do To Protect Your Privacy

Password Protect Your Devices - 10 Incredibly Simple Things You Can Do To Protect Your Privacy | Higher Education & Information Security | Scoop.it
Choosing not to password protect your devices is the digital equivalent of leaving your home or car unlocked. If you're lucky, no one will take advantage of the access.

Via Stephen diFilipo, Higher Ed InfoSec Council
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

CISPA Cybersecurity Bill, Reborn: 6 Key Facts -- InformationWeek

CISPA Cybersecurity Bill, Reborn: 6 Key Facts -- InformationWeek | Higher Education & Information Security | Scoop.it
House revives controversial cybersecurity information-sharing bill, but can CISPA 2.0 address lingering privacy concerns?
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

GAO Pokes Holes in Government’s Cybersecurity Strategy

GAO Pokes Holes in Government’s Cybersecurity Strategy | Higher Education & Information Security | Scoop.it

The decade-old federal government cybersecurity strategy continues to face persistent challenges to effectively secure the nation s online infrastructure, according to recent congressional testimony from the Government Accountability Office.

 

hortcomings persist in assessing risks, developing and implementing security programs, and monitoring results at federal agencies,” the GAO contends. “This is due in part to the fact that agencies have not fully implemented information security programs, resulting in reduced assurance that controls are in place and operating as intended to protect their information resources.”

 

Other major problems include lack of cybersecurity guidance for federal agencies, variances in the degree to which agencies must comply with specific cybersecurity regulations, the lack of a centralized information sharing system, and failure of the Department of Homeland Security to fully develop predictive analysis of cyber threats.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Telecom seeks critical infrastructure status for IT vendors

Telecom seeks critical infrastructure status for IT vendors | Higher Education & Information Security | Scoop.it

The Obama administration excluded the information technology (IT) industry from its definition of the nation's critical infrastructure, giving them immunity from security-related requirements unless changed by Congress.

While this is good for tech companies, the telecom industry is crying foul, saying IT businesses should share any regulatory burden.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Harvard E-Mail Search Stuns Faculty Members

Harvard E-Mail Search Stuns Faculty Members | Higher Education & Information Security | Scoop.it

Bewildered, and at times angry, faculty members at Harvard criticized the university on Sunday after revelations that administrators secretly searched the e-mail accounts of 16 resident deans in an effort to learn who leaked information about a student cheating scandal to the news media. Some predicted a confrontation between the faculty and the administration.

 

News of the e-mail searches prolonged the fallout from the cheating scandal, in which about 70 students were forced to take a leave from school for collaborating or plagiarizing on a take-home final exam in a government class last year.

more...
Higher Ed InfoSec Council's comment, March 11, 2013 11:19 AM
Statement from Deans Michael D. Smith and Evelynn M. Hammonds: http://www.fas.harvard.edu/home/content/deans-communications
Scooped by Higher Ed InfoSec Council
Scoop.it!

IT Security Managers Too Focused on Compliance, Experts Say

IT Security Managers Too Focused on Compliance, Experts Say | Higher Education & Information Security | Scoop.it
Companies with IT security strategies that focus mostly on complying with key standards are dangerously unprepared for emerging cyber threats, said security experts at the RSA Conference 2013 here this week.

 

Over the past few years, the security strategies of many companies and government agencies have centered around meeting the requirements of Sarbanes-Oxley, Health Information Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standards (PCI DSS), Federal Information Security Management Act (FISMA) and other government and industry standards.

 

Experts say that meeting such standards is important, but they should be used as baseline controls in a broader IT security strategy.

"The audit industry has become a monster," said Anup Ghosh, founder of security firm Invincea.

 

"Keeping those guys at bay" has become a full-time job in many IT security organizations, he said. "A lot of compliance regimens have been all about checking boxes and following processes."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Evernote hit in hacking attack, users must reset their passwords

Evernote hit in hacking attack, users must reset their passwords | Higher Education & Information Security | Scoop.it
Evernote, which makes business and consumer productivity software for things like taking notes and doing research, is forcing all of its 50 million users to change their passwords after detecting a hacker intrusion on its sytem.

 

The attacker gained access to Evernote accounts' usernames, email addresses and passwords. Although passwords are encrypted, the company "in an abundance of caution" is implementing a password reset, the company said in a blog post on Saturday.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

As ‘Do Not Track’ Effort Seems to Stall, Web Companies Race to Look Privacy-Friendly

As ‘Do Not Track’ Effort Seems to Stall, Web Companies Race to Look Privacy-Friendly | Higher Education & Information Security | Scoop.it

Privacy is no longer just a regulatory headache. Increasingly, Internet companies like Microsoft, Facebook and Mozilla are pushing each other to prove to consumers that their data is safe and in their control. 

 

In some instances, established companies are trying to gain market advantage by casting themselves as more privacy-friendly than their rivals. For example, Mozilla, an underdog in the browser market, suggested last week that it would allow its users to disable third-party tracking software altogether.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Distance Ed Archive
Scoop.it!

Store, Share and Connect with Your Own Private Cloud: ownCloud

Store, Share and Connect with Your Own Private Cloud: ownCloud | Higher Education & Information Security | Scoop.it

"ownCloud helps enterprises concerned about sensitive data leakage via Dropbox deliver a secure file sync and share solution on site, on their storage, integrated with their infrastructure and security systems, managed to their policies. The result is an easy-to-use solution that provides complete control over sensitive corporate data." from source: https://owncloud.com


Via Robin Good, ghbrett
more...
Robin Good's curator insight, February 25, 2013 11:20 AM


If you are looking for a good and safe alternative to Drobox or Box.net here is one: Owncloud is an open source software which you can install on your own web server and which provides you not only with full file storage and sharing capabilties, but also with the ability to connect directly to other file storage services and to run HTML5 apps.


Excerpted from the Techcrunch review: "OwnCloud is a free software suite, written in PHP, that provides file storage, synchronization, and sharing. It provides the same basic features of Dropbox or Box.net."


"The core ownCloud offering is file storage and synchronization. You also get optional contacts and calendar synchronization, if you want to use it. As an open source application, you can install it on any computer you control. This means you know how and where your data is stored, something which existing hosted solutions abstract away from you. Individuals and enterprises can install ownCloud on their own hardware, and define access policies according to their own needs."


"...the ownCloud mobile client can automatically upload pictures taken from your phone."


"...ownCloud can be connected to third-party storage like Dropbox or Google Drive or even an FTP server. These are read-write connections, allowing you to use third-party storage in whatever ways make sense for you..."


"...ownCloud supports HTML5 applications, allowing you to add all sorts of additional functionality. The ownCloud app catalog has dozens of apps."


(Source: Techcrunch)


Overview: https://owncloud.com/owncloud-overview


Download and subscriptions: https://owncloud.com/owncloud-subscriptions


Find out more: https://owncloud.com/







Steve Vaitl's curator insight, February 26, 2013 9:19 AM

Want your own private cloud drive?

ghbrett's curator insight, February 28, 2013 1:14 PM

This is a solution that makes a lot of sense to me. Keeping the curation and management of content locally will allow personal and enterprise installations to share content among their community. 

 

Be sure to read @RobinGoods' comments below that are much more detailed than mine.

Scooped by Higher Ed InfoSec Council
Scoop.it!

RSA 2013: Anatomy of a 'Longlining' attack

RSA 2013: Anatomy of a 'Longlining' attack | Higher Education & Information Security | Scoop.it
Proofpoint study describes a "new" industrial phishing technique that's becoming increasingly popular among attackers.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Application-specific passwords weaken Google's two-factor authentication, researchers say

Application-specific passwords weaken Google's two-factor authentication, researchers say | Higher Education & Information Security | Scoop.it

Researchers from two-factor authentication provider Duo Security found a loophole in Google's authentication system that allowed them to bypass the company's 2-step login verification by abusing the unique passwords used to connect individual applications to Google accounts.

 

According to the Duo Security researchers, Google fixed the flaw on Feb. 21, but the incident highlights the fact that Google's application-specific passwords don't provide granular control over account data.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The Great Untapped Potential of Windows 8 Picture Passwords

The Great Untapped Potential of Windows 8 Picture Passwords | Higher Education & Information Security | Scoop.it
Windows 8 lets you use a series of gestures to log into your PC, a minor improvement with big implications.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Twitter implements DMARC standard to fight phishing

Twitter implements DMARC standard to fight phishing | Higher Education & Information Security | Scoop.it

Twitter has implemented DMARC, a standard for preventing email spoofing, in order to make it harder for attackers to send phishing emails that appear to come from twitter.com addresses.

 

Twitter users are constantly targeted in phishing attacks that try to pass rogue emails as official communications from the company. These phishing emails direct users to fake Twitter websites in order to steal their login credentials.

 

"Earlier this month, we began using a new technology called DMARC that makes it extremely unlikely that most of our users will see any email pretending to be from a Twitter.com address. DMARC is a relatively new security protocol created by a group of organizations to help reduce the potential for email-based abuse," said Josh Aberant, Twitter's postmaster, Thursday in a blog post.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Dell Says it Can Beat Cisco in Enterprise and Cloud Security

Dell Says it Can Beat Cisco in Enterprise and Cloud Security | Higher Education & Information Security | Scoop.it

Dell can trump Cisco in the information-technology security market, say Dell's executives in describing how the company with its multifaceted approach will hold an edge against some powerful rivals that also include HP and IBM.

 

Bill Evans, director of product marketing at Dell Quest, said Dell's direction is to advance the "concept of embedded security" to virtually any type of device, wireless or fixed, so that the enterprise can easily establish the policies and controls they want for access and identity management. Quest's audit and activity monitoring capabilities mean that "we have user-activity monitoring" that can be used by enterprises or cloud services, said Evans. "Cisco doesn't have an identity business."

more...
No comment yet.