Higher Education & Information Security
5.1K views | +0 today
Follow
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

How a Google Headhunter's E-Mail Unraveled a Massive Net Security Hole

How a Google Headhunter's E-Mail Unraveled a Massive Net Security Hole | Higher Education & Information Security | Scoop.it
After a mathematician received a cold-call recruiting email from Google about a job, he thought it was a spoofed message or a possible test.

 

"Then he noticed something strange. Google was using a weak cryptographic key to certify to recipients that its correspondence came from a legitimate Google corporate domain. Anyone who cracked the key could use it to impersonate an e-mail sender from Google, including Google founders Sergey Brin and Larry Page."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

'Password' is Still the Worst Password, But Watch Out for 'Ninja'

'Password' is Still the Worst Password, But Watch Out for 'Ninja' | Higher Education & Information Security | Scoop.it

"Although the tech world is always changing, one thing remains the same: A lot of people use terrible passwords.


Splashdata, a security software developer, released its annual list of the most common passwords on the Internet. Once again, "password," "123456," and "12345678" are the three most popular, in that order. 

 

...most importantly, don't use the kind of password an idiot would have on his luggage (thank you, Mel Brooks!)."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

7 ways to prevent theft on campus

7 ways to prevent theft on campus | Higher Education & Information Security | Scoop.it
One of the biggest threats on college campuses today is theft, as students have more personal electronics to keep tabs on these days and their financial information is vulnerable.

 

"Here are some tips for college students heading off to school to help minimize their chances of becoming a victim of theft on campus..."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

FTC Recommends Best Practices for Companies Using Facial Recognition Technologies

FTC Recommends Best Practices for Companies Using Facial Recognition Technologies | Higher Education & Information Security | Scoop.it

"The Federal Trade Commission [recently] released a staff report "Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies" for the increasing number of companies using facial recognition technologies, to help them protect consumers’ privacy as they use the technologies to create innovative new commercial products and services.

 

Facial recognition technologies have been adopted in a variety of contexts, ranging from online social networks and mobile apps to digital signs, the FTC staff report states. They have a number of potential uses, such as determining an individual’s age range and gender in order to deliver targeted advertising; assessing viewers’ emotions to see if they are engaged in a video game or a movie; or matching faces and identifying anonymous individuals in images.

 

Facial recognition also has raised a variety of privacy concerns because – for example – it holds the prospect of identifying anonymous individuals in public, and because the data collected may be susceptible to security breaches and hacking."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cybersecurity business, jobs expected to grow through 2016

Cybersecurity business, jobs expected to grow through 2016 | Higher Education & Information Security | Scoop.it

"Cybersecurity industry analysts expect the market to grow more than 50 percent in the next four years even as other types of defense spending are expected to flatten or decline, creating new opportunities for workers and businesses in Maryland."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Inside Intel, part 2: The future IT security workforce

Inside Intel, part 2: The future IT security workforce | Higher Education & Information Security | Scoop.it

"The future workforce will look somewhat different than the current workforce, according to Alan Ross, senior principal engineer at Intel. IT security functions will likely change because computing itself is changing so much—and Intel is at work preparing for the new security landscape."


"Intel is preparing for these changes in the workforce by developing a security data scientist curriculum, and will begin training interested employees in making the transition. "We are also cross-training technologists on privacy so they can begin to make the change for us toward a privacy-technologist competency," Ross says."

...

"Security has often been seen as a disabler or [as] hindering development. This means that our business groups will start to look outside of the organization to deliver if we cannot move fast enough and exceed their expectations."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Using security metrics to measure human awareness

Using security metrics to measure human awareness | Higher Education & Information Security | Scoop.it

"It's been said that security is hard to measure. Producing measurable results around a lack of problems or incidents is challenging. But the field of security metrics has evolved considerably in recent years, giving security managers more resources to make the case for investing in security programs and technologies.

 

Now the SANS Institute, through their Securing the Human Program, is offering a set of free metric tools designed to give security leaders the ability to track and measure the impact of their own security awareness programs."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Do Not Track: an uncertain future for the web's most ambitious privacy initiative

Do Not Track: an uncertain future for the web's most ambitious privacy initiative | Higher Education & Information Security | Scoop.it

"Following months of relative quiet on the subject of Do Not Track — an HTTP header that tells advertisers and other third parties not to follow you around the internet — the controversial browser signal is being thrust back into the limelight. After the W3C's recent face-to-face meeting in Amsterdam, the the Digital Advertising Alliance plainly said that it "does not require companies to honor DNT," effectively saying it intends to stick to its own self-regulatory approach to user privacy. Much of the renewed interest stems from Microsoft's controversial decision to turn Do Not Track on by default in Windows 8's Internet Explorer 10, and Adobe engineer Roy Fielding's subsequent decision to take a sledgehammer to the Apache web server, patching it in a way that explicitly overwrites the DNT signal coming from Microsoft's newest browser.

 

With the fate of our beloved internet economy allegedly at stake, perhaps it's a good time to examine what Do Not Track is. How did the standard come to be, what does it do, and how does it stand to change online advertising? Is it as innocuous as privacy advocates make it sound, or does it stand to jeopardize the free, ad-supported internet we've all come to rely on?"

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Higher Ed Information Security Council Contest Seeks Student Videos -- Campus Technology

Higher Ed Information Security Council Contest Seeks Student Videos -- Campus Technology | Higher Education & Information Security | Scoop.it

"Malware dressed like ninjas; a talking computer that warns its owner not to walk away, leaving it behind; a lone guy in a cavernous room using social engineering by phone to obtain private information from an unsuspecting student. These are the topics of a few of last year's winners in a video competition hosted by the EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC). The latest contest was announced as part of October's National Cyber Security Awareness Month (NCSAM), an event promoted by Homeland Security and intended to draw attention to information security, data protection, and privacy programs.

 

The deadline for entries is March 8, 2013. Rules are available at educause.edu and last year's winners may be viewed on YouTube, Facebook, and Pinterest."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Facebook to exclude phone numbers from reverse lookup (for users of 2-factor authentication)

Facebook to exclude phone numbers from reverse lookup (for users of 2-factor authentication) | Higher Education & Information Security | Scoop.it
Facebook's SMS-based login security was a Catch-22. You had to give Facebook your phone number to improve security. But that exposed your phone number to the vagaries of the Facebook search system....

 

"The good news is that Facebook announced yesterday that it will exclude numbers given to it for 2FA purposes from black-page searches. The less good news is that this is almost certainly only temporary..." 

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cybercriminals Increasingly Attacking University Networks

Cybercriminals Increasingly Attacking University Networks | Higher Education & Information Security | Scoop.it

"Universities face unique challenges keeping their servers and networks secure from cyber-criminals while accommodating the influx of student and faculty-owned devices each year. A recent analysis of online transaction data highlighted to what extent some universities have already been compromised."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cyber Competitions Prepare the Cyber Security Professionals of Tomorrow

Cyber Competitions Prepare the Cyber Security Professionals of Tomorrow | Higher Education & Information Security | Scoop.it

"As a country we are coming to understand how important it is that we train real-world and high-tech warriors. With Congress currently debating the best approach to cyber security, it is clearly urgent that we quickly learn how to safeguard our virtual information. Anyone who has suffered identity theft can attest: as a nation, as individuals, we need protection from crime and espionage online.

 

And who will provide this protection? Today’s youth — the very warriors who are engaged in learning through cyber sport. You’ll find these warriors doing battle on such playing fields as National Collegiate Cyber Defense Competition, the United States’ Air Force Association’s CyberPatriot, the U.S. Cyber Challenge, and the Global CyberLympics. Such landmark events are raising national awareness about the need for increased education and ethical understanding within the field of information security. And these events also offer the perfect environment for students to put the theories and skills they have learned in their coursework to practical use."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Delaware CSO Elayne Starkey on Information Security Fire Drills

Delaware CSO Elayne Starkey on Information Security Fire Drills | Higher Education & Information Security | Scoop.it

"Delaware state ISOs recently convened for a day of meetings and training to better prepare for incidents in their individual agencies, an event state CSO Elayne Starkey compares to fire drills.

 

Aside from being a networking opportunity and a chance to connect with peers, information security officers in Delaware took part in a half-day meeting to take part in training scenarios to learn new methods in order to respond to incidents more efficiently, says Starkey."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Verizon Report on Data Breaches is a Depressing Page Turner

Verizon Report on Data Breaches is a Depressing Page Turner | Higher Education & Information Security | Scoop.it

"It's becoming easier and easier for the Bad Guys to access organizations' sensitive data because many companies fail to use simple safeguards, according to a report from Verizon Business. Most data breaches also take weeks or longer to discover, the report says.

 

...Verizon looked at a lot of data: 855 incidents involving 174 million compromised records–an astounding increase compared to last year's four million compromised records.
The report is filled with notable information and recommendations..."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Want to avoid the next big data breach? Expert says use cash - Chicago Sun-Times

Want to avoid the next big data breach? Expert says use cash - Chicago Sun-Times | Higher Education & Information Security | Scoop.it

"Customers jarred by news that credit and debit card devices at seven Chicago-area Barnes & Noble stores and 63 nationwide have been tampered with have at least one option for defending themselves, an expert said.

 

'The simple answer is pay cash,' said Jacob Furst, a professor at DePaul University specializing in information security."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Universities and Microsoft write standard privacy agreement for cloud services

Universities and Microsoft write standard privacy agreement for cloud services | Higher Education & Information Security | Scoop.it

"After several years of negotiating, a dozen colleges have reached an agreement with Microsoft that could inspire more institutions to outsource their internal communications and data storage systems to the company and its far-flung servers — even when those systems hold sensitive student and research data...

 

Microsoft on Friday announced that it had signed up Duke, Emory and Thomas Jefferson Universities and the Universities of Iowa and Washington for its new, cloud-based e-mail and work software, Office365. The deals will save the universities on infrastructure costs by migrating various internal communication and data systems to Microsoft’s servers — a move that would have been virtually impossible without resolving FERPA and HIPAA concerns."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The Law of Scheduling (or The 5% Rule)

The Law of Scheduling (or The 5% Rule) | Higher Education & Information Security | Scoop.it

Lance Spitzner (SANS) discusses the challenges of Scheduled training for organizations and shares examples of successful On Demand training options.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

School Ties: Security Challenges at Universities

School Ties: Security Challenges at Universities | Higher Education & Information Security | Scoop.it

Sanjeev Sah has been CISO of UNC Charlotte for just over a year, and he's already well versed on the unique circumstances that make securing colleges unlike any other vertical.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Inside Intel, part 1: Evolution of IT security

Inside Intel, part 1: Evolution of IT security | Higher Education & Information Security | Scoop.it

"Like many other companies, processor manufacturer Intel Corp. is having to evolve its information security focus to meet the changes underway in the technology landscape—particularly with the rapid growth of mobile devices and applications and the rise in cloud computing services."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Google Throws Open Doors to Its Top-Secret Data Center

Google Throws Open Doors to Its Top-Secret Data Center | Higher Education & Information Security | Scoop.it

"If you're looking for the beating heart of the digital age--a physical location where the scope, grandeur, and geekiness of the kingdom of bits become manifest--you could do a lot worse than Lenoir, North Carolina. This rural city of 18,000 was once rife with furniture factories. Now it’s the home of a Google data center."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

CIOs and CSOs Have a Costly Disconnect

CIOs and CSOs Have a Costly Disconnect | Higher Education & Information Security | Scoop.it
Companies stand to lose millions when CIO-CSO priorities aren’t in sync, according to this year’s Global Information Security Survey, conducted by PricewaterhouseCoopers and CSO magazine.

 

"Frank Cervone, vice chancellor for information services and CIO at Purdue University Calumet, says many security professionals focus more on specific risks and not on how those risks stack up against other pressing issues. 'There is a difference in scope as to what the CIO has to look at as opposed to the CSO. The CSO doesn't always see the larger issues and needs to do a better job relating IT risks to overall business risk,' says Cervone."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Verizon draws fire for monitoring app usage, browsing habits

Verizon draws fire for monitoring app usage, browsing habits | Higher Education & Information Security | Scoop.it
'We're able to view just everything that they do,' Verizon Wireless exec has boasted. Privacy groups say initiative -- including linking databases showing whether customers own pets -- may violate wiretap law.

 

"Verizon Wireless has begun selling information about its customers' geographical locations, app usage, and Web browsing activities, a move that raises privacy questions and could brush up against federal wiretapping law.

 

The company this month began offering reports to marketers showing what Verizon subscribers are doing on their phones and other mobile devices, including what iOS and Android apps are in use in which locations. Verizon says it may link the data to third-party databases with information about customers' gender, age, and even details such as 'sports enthusiast, frequent diner or pet owner'."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

New security threat at work: Bring-your-own-network

New security threat at work: Bring-your-own-network | Higher Education & Information Security | Scoop.it
Employees who access corporate networks and download data onto their mobile devices may not be as much of a security risk as those who bring consumer hotspots into the corporate environment.

 

"Even as IT pros wrestle with the bring-your-own-device (BYOD) trend, corporate security is being further complicated by another emerging trend: bring your own network (BYON).

 

BYON is a by-product of increasingly common technology that allows users to create their own mobile networks, usually through mobile wireless hotspots. Security professionals say BYON requires a new approach to security because some internal networks may now be as insecure as consumer devices."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Top 8 things CSOs wish they had a solution for

Top 8 things CSOs wish they had a solution for | Higher Education & Information Security | Scoop.it
What's keeping you up at night - complexity, data deluge, BYOD?

 

"After a challenging day at the office, many CSOs and CISOs spend their harried nights wishing for a better and easier way to accomplish the tough tasks they face at work. I know I have. I've spoken with a lot of my peers this year and thought I'd compile a list of these wishes and pain points—and provide an opportunity for us to share recommendations on how to tackle these tough tasks. Here are the top eight wishes I've heard in the last year..."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Information Security Industry Must Fix Skills Gap says (ISC)2

"Speaking to Infosecurity at RSA Europe on 09 October 2012, John Colley - managing director of (ISC)2 EMEA – declared the skills gap in the information security industry a “big problem” and suggested that entrance into the industry for graduates is dangerously difficult.

 

'Evoking their interest is one issue', he said, 'but knowing what to do with them once they have shown interest and intent is an even bigger problem. There is no phase two.'

 

Information security departments are reluctant to take on trainees – even those with academic qualifications - because they need so much supervision at the beginning, said Colley. “Sometimes trainees have a negative impact on productivity.”

more...
No comment yet.