Higher Education & Information Security
5.1K views | +0 today
Follow
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

The Great Untapped Potential of Windows 8 Picture Passwords

The Great Untapped Potential of Windows 8 Picture Passwords | Higher Education & Information Security | Scoop.it
Windows 8 lets you use a series of gestures to log into your PC, a minor improvement with big implications.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Twitter implements DMARC standard to fight phishing

Twitter implements DMARC standard to fight phishing | Higher Education & Information Security | Scoop.it

Twitter has implemented DMARC, a standard for preventing email spoofing, in order to make it harder for attackers to send phishing emails that appear to come from twitter.com addresses.

 

Twitter users are constantly targeted in phishing attacks that try to pass rogue emails as official communications from the company. These phishing emails direct users to fake Twitter websites in order to steal their login credentials.

 

"Earlier this month, we began using a new technology called DMARC that makes it extremely unlikely that most of our users will see any email pretending to be from a Twitter.com address. DMARC is a relatively new security protocol created by a group of organizations to help reduce the potential for email-based abuse," said Josh Aberant, Twitter's postmaster, Thursday in a blog post.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Dell Says it Can Beat Cisco in Enterprise and Cloud Security

Dell Says it Can Beat Cisco in Enterprise and Cloud Security | Higher Education & Information Security | Scoop.it

Dell can trump Cisco in the information-technology security market, say Dell's executives in describing how the company with its multifaceted approach will hold an edge against some powerful rivals that also include HP and IBM.

 

Bill Evans, director of product marketing at Dell Quest, said Dell's direction is to advance the "concept of embedded security" to virtually any type of device, wireless or fixed, so that the enterprise can easily establish the policies and controls they want for access and identity management. Quest's audit and activity monitoring capabilities mean that "we have user-activity monitoring" that can be used by enterprises or cloud services, said Evans. "Cisco doesn't have an identity business."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Mobile (Post-PC) in Higher Education
Scoop.it!

Jumio Brings Identity Verification To Mobile Apps – Just Hold Up Your ID To The Camera | TechCrunch

Jumio Brings Identity Verification To Mobile Apps – Just Hold Up Your ID To The Camera | TechCrunch | Higher Education & Information Security | Scoop.it
Jumio, the Andreessen Horowitz-backed mobile payments and ID-scanning startup, is today releasing a new version of its Netverify product designed specifically for mobile devices, both smartphones and tablets. Netverify Mobile, as it's called, will...

Via Stephen diFilipo
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How Colorado's CISO is revamping the state's information security -- on a $6,000 budget

How Colorado's CISO is revamping the state's information security -- on a $6,000 budget | Higher Education & Information Security | Scoop.it

Before Jonathan Trull took over as Chief Information Security Office for the state of Colorado in 2012, he had already been working in the Colorado Office of the State Auditor for a decade. As the Deputy State Auditor, he was responsible for overseeing annual audits of the state's systems.

 

It was during that time that Trull said he became concerned with what he observed as repeated mistakes and violations that were not addressed, and even took part in a penetration test on state systems with results he says were "horrifying."

 

Trull recently spoke with CSO about his new role, and how he hopes to create effective change in Colorado's security infrastructure—even on a miniscule budget.

more...
Higher Ed InfoSec Council's comment, February 21, 2013 5:02 PM
Of relevance to higher ed: "We are also working on building the next generation of security workforce. We just started a cybersecurity internship program. Our first two cybersecurity interns started in January. College students. We are working with the different universities on that."
Scooped by Higher Ed InfoSec Council
Scoop.it!

Some Victims of Online Hacking Edge Into the Light

Some Victims of Online Hacking Edge Into the Light | Higher Education & Information Security | Scoop.it
Few American corporations that have been hacked in recent years have publicly acknowledged it, but some are now going public, reflecting new ways of judging such disclosures.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Notification of .edu server breach mistaken for phishing email

Notification of .edu server breach mistaken for phishing email | Higher Education & Information Security | Scoop.it

The administrators of 7,000 university websites are being required to change their .edu domain account passwords after a security breach ... one that was reported to them by EDUCAUSE, the non-profit higher-education IT group that administers .edu, via an email that some complained bore the markings of a phishing attempt.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Raising the Bar for Cybersecurity [CSIS Report]

Raising the Bar for Cybersecurity [CSIS Report] | Higher Education & Information Security | Scoop.it

Extracting value from the computers or networks of unsuspecting companies and government agencies has become a big business. No company or agency can ignore network security; it is the source of systemic risk that threatens long-term health and profitability. Companies must secure their networks if they are to exercise fiduciary responsibility and due diligence. Cybersecurity is part of the larger corporate strategy for managing risk and compliance. Cybersecurity risk management is becoming a board-level responsibility. This paper identifies how those responsibilities can be met.

 

In the past few years, a new approach to cybersecurity has emerged, based on the analysis of data on successful attacks. In this approach, continuous diagnostics and mitigation replace the reactive network security methods used in the past. The approach combines continuous monitoring of network health with relatively straightforward mitigation strategies. The strategies used in this approach reduce the opportunities for attack and force attackers to develop more sophisticated (and expensive) techniques or to give up on the target. In combination, continuous monitoring and mitigation strategies provide the basis for better cybersecurity.

 

Publisher: CSIS (Center for Strategic & International Studies)

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Obama Executive Order Redefines Critical Infrastructure

Obama Executive Order Redefines Critical Infrastructure | Higher Education & Information Security | Scoop.it

President Barack Obama's cybersecurity executive order, signed on Tuesday, could significantly expand the list of companies categorized as part of U.S. critical infrastructure sector, security experts said Wednesday.

 

The executive order requires federal agencies and critical infrastructure owners and operators to work cooperatively to minimize cyber risks and strengthen resilience to attacks. It also calls for the creation of new consensus security standards and best practices that critical infrastructure companies will be urged, but not mandated, to follow.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

How to sacrifice your online privacy for fun and profit | PCWorld

How to sacrifice your online privacy for fun and profit | PCWorld | Higher Education & Information Security | Scoop.it
Companies buy and sell your private data every day. Should you remain a passive observer, or jump into the action yourself? Welcome to the dark side of the data economy.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Obama's Cybersecurity Executive Order: What You Need to Know

Obama's Cybersecurity Executive Order: What You Need to Know | Higher Education & Information Security | Scoop.it

Embargoed until the delivery the State of the Union address, US President Obama signed the expected and highly anticipated cybersecurity executive order. With potentially serious implications for US and foreign citizens' privacy, here's what you need to know.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

ECPA Reform Update [Recording]

ECPA Reform Update [Recording] | Higher Education & Information Security | Scoop.it

Recording of the January 29, 2013 call with Greg Nojeim, Senior Counsel at the Center for Democracy & Technology on the Electronic Communications Privacy Act (ECPA) reform and its implications for higher education. Includes audio recording (MP3) and chat transcript.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

PCI Council Releases Guidelines for Cloud Compliance

PCI Council Releases Guidelines for Cloud Compliance | Higher Education & Information Security | Scoop.it
A new set of guidelines from the PCI Security Standards Council is intended to help merchants and cloud services providers comply with the PCI DSS when handling payment card data on the web.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Certificate authorities band together to boost security

Certificate authorities band together to boost security | Higher Education & Information Security | Scoop.it
Education on the proper use of certificates is needed in the industry, analyst says

 

At a time when certificate authorities are under attack by cybercriminals, a group of companies has formed an alliance to try to improve the security of the CA infrastructure.

 

Members of the Certificate Authority Security Council, announced Thursday, include Comodo, Trend Micro, Symantec, GMO GlobalSign, Entrust, DigiCert and Go Daddy. Some of the companies have recently suffered compromises of their CA systems.

 

Until now, the CAs has participated in other industry groups, such as the Certification Authority/Browser Forum. The council will be the first group in which the companies can speak with a "unified CA voice," councilmember Robin Alden, chief technology officer of Comodo, said in a blog post.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Password Protect Your Devices - 10 Incredibly Simple Things You Can Do To Protect Your Privacy

Password Protect Your Devices - 10 Incredibly Simple Things You Can Do To Protect Your Privacy | Higher Education & Information Security | Scoop.it
Choosing not to password protect your devices is the digital equivalent of leaving your home or car unlocked. If you're lucky, no one will take advantage of the access.

Via Stephen diFilipo, Higher Ed InfoSec Council
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

CISPA Cybersecurity Bill, Reborn: 6 Key Facts -- InformationWeek

CISPA Cybersecurity Bill, Reborn: 6 Key Facts -- InformationWeek | Higher Education & Information Security | Scoop.it
House revives controversial cybersecurity information-sharing bill, but can CISPA 2.0 address lingering privacy concerns?
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Open Source Data: Big Data for All

Open Source Data: Big Data for All | Higher Education & Information Security | Scoop.it

Over the past decade, the privacy framework has become preoccupied with organizational data management processes grouped under the title “accountability.” While improving corporate governance and mitigating data security risks (no doubt admirable goals), accountability measures generate little benefit to individuals. Indeed, by treating organizations as trusted stewards of personal information, accountability cuts individuals out of the decisionmaking process. You want privacy? Walmart or Pfizer will take care of it for you.

 

In a new article, Big Data for All: Privacy and User Control in the Age of Analytics, which will be published in the Northwestern Journal of Technology and Intellectual Property, Jules Polonetsky, CIPP/US, and Omer Tene try to refocus the privacy framework on individual empowerment. They argue that going forward, organizations should provide individuals with practical, easy-to-use access to their information, so they can become productive participants in the data economy. In addition, organizations should be transparent about the decisional criteria underlying their data processing activities, allowing individuals to challenge, or at the very least understand, how decisions about them are made.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Official Google Blog: An update on our war against account hijackers

Official Google Blog: An update on our war against account hijackers | Higher Education & Information Security | Scoop.it

Compared to five years ago, more scams, illegal, fraudulent or spammy messages today come from someone you know. Although spam filters have become very powerful—in Gmail, less than 1 percent of spam emails make it into an inbox—these unwanted messages are much more likely to make it through if they come from someone you’ve been in contact with before. As a result, in 2010 spammers started changing their tactics—and we saw a large increase in fraudulent mail sent from Google Accounts. In turn, our security team has developed new ways to keep you safe, and dramatically reduced the amount of these messages.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

I.B.M. to Take Big Step Into Mobile

I.B.M. to Take Big Step Into Mobile | Higher Education & Information Security | Scoop.it

IBM is announcing a major mobile initiative involving software, services and partnerships with other large vendors. I.B.M. plans to deploy consultants to give companies mobile shopping strategies, write mobile apps, crunch mobile data and manage a company’s own mobile assets securely..

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Taking Privacy to Extremes: What Consumers Need to Know

Taking Privacy to Extremes: What Consumers Need to Know | Higher Education & Information Security | Scoop.it

Personal privacy: It’s a tenant of American citizenship, but also the source of a long-held debate over the balance between an individual liberty and national security. Where should governments draw the line, and what do consumers need to know about balancing their own privacy with security?

 

Take, for example, Silent Text, one of a few new encryption apps built to allow anyone to “send files securely from a smartphone or tablet at the touch of a button.” For context, encryption is a key part of what most security company does for its users. It’s the process of scrambling information, like your email messages, in such a way that eavesdroppers or hackers cannot read it.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

FIDO Alliance Says, 'Forget Passwords!'

FIDO Alliance Says, 'Forget Passwords!' | Higher Education & Information Security | Scoop.it
The username-password approach to online security is more problem than cure, according to Fast Identity Online, a new industry alliance that plans to streamline and enhance online authentication with an open, standards-based protocol.
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Privacy Trends 2013: The Uphill Climb Continues

Privacy Trends 2013: The Uphill Climb Continues | Higher Education & Information Security | Scoop.it

Our ever-deepening transition into digital is transforming businesses in ways we have not seen since the onset of the industrial revolution.

It is opening doors to a world of opportunity — and tremendous risk to privacy. As we enter a new era in privacy protection, three categories play increasingly larger roles:

GovernanceTechnologyRegulation

In the past 15 years, privacy regulations have had to evolve quickly to address operational and lifestyle changes that technology has brought forth. Privacy regulators are doing everything they can to keep up, but as technology’s evolution accelerates, regulators continue to fall behind.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

5 Myths about Security Awareness Programs

5 Myths about Security Awareness Programs | Higher Education & Information Security | Scoop.it
Lance Spitzner of SANS Securing the Human program outlines five common misconceptions about security awareness programs
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Executive Order -- Improving Critical Infrastructure Cybersecurity

Executive Order -- Improving Critical Infrastructure Cybersecurity | Higher Education & Information Security | Scoop.it

Read the text of President Obama's cybersecurity Executive Order signed on February 12, 2013.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Security Pioneer Creates Service to Encrypt Phone Calls and Text Messages

Security Pioneer Creates Service to Encrypt Phone Calls and Text Messages | Higher Education & Information Security | Scoop.it
Phil Zimmermann, the creator of the widely used Pretty Good Privacy e-mail encryption software, recently unveiled Silent Circle, which adds security features to phone, video and text messages sent by smartphones.
more...
No comment yet.