Higher Education ...
Follow
Find
4.9K views | +0 today
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cloud Security Alliance releases Mobile Device Management: Key Components, V1.0

Cloud Security Alliance releases Mobile Device Management: Key Components, V1.0 | Higher Education & Information Security | Scoop.it

The Cloud Security Alliance (CSA) has released a report outlining 17 specific elements that need to go into the security lifecycle of corporate mobile device policies. The whitepaper is one of six parts to the upcoming, "Security Guidance for Critical Areas of Mobile Computing."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The 10 Most Common Mobile Security Problems and How You Can Fight Them

The 10 Most Common Mobile Security Problems and How You Can Fight Them | Higher Education & Information Security | Scoop.it

When it comes to security, most mobile devices are a target waiting to be attacked. That's pretty much the conclusion of a report to Congress on the status of the security of mobile devices this week by watchdogs at the Government Accountability Office (GAO).

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Think Carefully Before Collecting Data

Think Carefully Before Collecting Data | Higher Education & Information Security | Scoop.it

"In this age of ever plummeting storage costs, some businesses are electing to "store it all" when it comes to consumer data. That is, businesses are storing data regardless of whether there is an actual need with the assumption that it might be of value in the future. This approach, however, can lead to liability from several sources.

 

First, cardholder information arising from credit card transactions is strictly controlled by the PCI Data Security Standards, as well as the card association rules. Storing and retaining more data than absolutely required by the transaction may run afoul of these requirements. Second, with the growing number of complex and conflicting state and federal (as well as international) laws and regulations governing personally identifiable data, businesses should be inclined to limit the data they collect to that which is required for the transaction, as opposed to retaining excess data that is not required. Possession of that data may, in and of itself, violate applicable law or simply increase the potential for liability because of the increased volume of data that must be secured."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Identity is the new perimeter

Identity is the new perimeter | Higher Education & Information Security | Scoop.it

"Cloud adoption, mobility and the consumerization of IT present the opportunity to transform the way enterprise employees, partners and customers do business. But as we move to leverage these new capabilities, we realize that the IT environment is quickly becoming more distributed.

 

The enterprise data center has become more of a virtual concept and is highly fragmented, quickly oozing around the comfortable security perimeter of firewalls and VPNs we so carefully constructed over the last decade. Protecting the cloud-based, mobile enterprise requires a new approach. While we cannot control the whole security stack for every SaaS application, we can leverage new identity standards to fill the gaps left by the disappearance of the traditional perimeter as we know it. Identity is the common denominator. Identity is the new security perimeter for the fragmented IT data center."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Questions loom about Obama's cybersecurity plans

Questions loom about Obama's cybersecurity plans | Higher Education & Information Security | Scoop.it

"With opposition growing to reported plans by President Obama to issue an Executive Order to bolster cybersecurity within the nation's critical infrastructure, the main question now is whether the White House will plow ahead with the idea or drop it quietly in an election year.

 

Last week, Techdirt published what it said was a leaked draft version of Obama's planned order for critical infrastructure protection. The 19-page document outlines broad security objectives for all government agencies.

 

Without offering many specifics, the draft order calls for a revised, more secure federal architecture and the development of a nationwide situational awareness capability for cybersecurity. The draft order also calls for the development of an information exchange network to speed up the sharing of threat information between private industry and the government."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

National Cyber Security Awareness Month (NCSAM) via EDUCAUSE Review

National Cyber Security Awareness Month (NCSAM) via EDUCAUSE Review | Higher Education & Information Security | Scoop.it

"National Cyber Security Awareness Month (NCSAM), held each October, is the perfect time to raise awareness among students, faculty, staff, and administrators about ways they can be safer and more secure online. No one person, company, or agency is responsible for the security of the Internet; everyone must do his or her part. Cybersecurity is our shared responsibility.

 

From implementing a large, coordinated campaign with collateral materials and events to simply sending out e-mail reminders, there are multiple ways to raise awareness..."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Privacy and Data Management on Mobile Devices [Pew Research Center Study]

Privacy and Data Management on Mobile Devices [Pew Research Center Study] | Higher Education & Information Security | Scoop.it

More than half of mobile application users have uninstalled or avoided certain apps due to concerns about the way personal information is shared or collected by the app, according to a nationally representative telephone survey conducted by the Pew Research Center’s Internet & American Life Project.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How Secure Are You Online: The Checklist

How Secure Are You Online: The Checklist | Higher Education & Information Security | Scoop.it

"Think you do enough to secure your passwords, browsing, and networking? Prove it.

 

Not all computer security is about tin foil hats and anonymous browsing. Everyone who uses a computer has a horse in the security race. For the purpose of this post, we're breaking down online security into four essential parts: passwords, browsers, at-home Wi-Fi and networking, and browsing on public Wi-Fi. Within those categories we'll give you a checklist of everything you should do, from the bare minimum to the tin-foil-hat best."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

$2.3 Million Gift From McAfee Fortifies RIT’s Information Security

"McAfee has donated $2.3 million in security hardware and software to enhance Rochester Institute of Technology’s information security, academic and research programs. The gift will serve as a core security component of RIT’s new data center, enhance the security of endpoints—such as desktops, laptops and mobile devices—and create the McAfee Interlock Lab within RIT’s B. Thomas Golisano College of Computing and Information Sciences.

 

RIT’s new data center, which will be located in Institute Hall and operational in spring 2013, will provide much-needed computing capacity and services for the RIT community, such as high-speed networking and server management. By consolidating RIT’s data and computing services into an air-cooled facility leveraging the latest in processing, storage, virtualization and security technology, RIT will improve energy-efficiency, fortify security and advance computing capacity and capabilities."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Google To Beef Up Privacy Team: Will "White Hat Privacy Hackers" be a new trend?

Google To Beef Up Privacy Team: Will "White Hat Privacy Hackers" be a new trend? | Higher Education & Information Security | Scoop.it

"Faced with a series of high-profile privacy gaffes, Google intends to hire computer "ninjas" to flag potential snafus before they pose problems.

 

The company recently posted a job announcement seeking data privacy engineers for the "privacy red team." The company says in the job description that it's seeking candidates to "independently identify, research, and help resolve potential privacy risks across all of our products, services, and business processes in place today."

 

Google's move comes two weeks after the company agreed to pay $22.5 million to settle privacy charges brought by the Federal Trade Commission. The fine in that case resulted from Google's decision to circumvent the no-tracking settings on the Safari browser."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

BYOD: What Can We Learn from China?

BYOD: What Can We Learn from China? | Higher Education & Information Security | Scoop.it

"So how do Chinese companies handle Android's BYOD shortcomings? Chinese companies take a more heterogeneous, browser-based approach to bring a sense of order to a sea of BYOD smartphones. This might mean no VPN or multi-form factor authentication, says Li. 'Corporate infrastructure in the U.S. is more secure than in China.'

 

This might lend credence to the possibility that U.S. companies make too much out of the BYOD mobile security risk. "Yes, it's being blown way out of proportion," John Mensel, director of security services at Concept Technology, a 10-year-old IT consulting firm, told CIO.com.

 

Either way, Chinese companies do a better job of educating workers about using BYOD smartphones. Even U.S. companies say employee education is key to security. Li says many Chinese companies use short two-minute videos and animation to get their point across, whereas U.S companies expect employees to thumb through pages of policy documents.

 

And who reads those boring policies anyway? Many employees will sign the newly crafted BYOD policy without giving it much thought, which is a shame because they could be signing away their privacy rights."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Security Snags Loom Over Social Login

Security Snags Loom Over Social Login | Higher Education & Information Security | Scoop.it

"As people tie their social networking identities more closely with their in-real-life personas, the idea of cross-referencing social identity data to authenticate users on the Web and in the enterprise continues to gain steam. The Secretary of State in Washington offered a prime example of this drive earlier this month when it unveiled a new voter registration Facebook app developed by Microsoft that cross-references Facebook identity data with state information to confirm potential voters are who they claim to be before entering them in the voter rolls.


But the convenience of social login and social single sign on--even with the aid of standards like OAuth and OpenID--is largely offset by the security concerns inherent with bestowing non-security-focused organizations with the duty of ensuring integrity of a trusted chain of authentication."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

CISOs Need To CYA - 'Comprehend Your Assets'

Key points: Asset management ("know your assets") and thinking about "'security as a process' rather than a series of controls..."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

20 security and privacy apps for Androids and iPhones

20 security and privacy apps for Androids and iPhones | Higher Education & Information Security | Scoop.it
Encrypted storage, malware scanners, missing-phone-finders and more: Here are 20 apps to help protect your smartphone, your privacy and your data.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How to Find Happiness in a World of Password Madness

How to Find Happiness in a World of Password Madness | Higher Education & Information Security | Scoop.it

In early August, Wired reporter Mat Honan had his most precious passwords hacked via a complex series of social engineering exploits. The breach made headlines because it exposed security flaws in Apple and Amazon customer service policies; but let's not forget that the Honan saga capped a long summer full of server invasions that exposed millions of user passwords en masse.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cybersecurity scholarships to be offered by National Science Foundation

Cybersecurity scholarships to be offered by National Science Foundation | Higher Education & Information Security | Scoop.it

"The National Science Foundation has announced $2.3 million in scholarships to qualified U.S. students interested in becoming cybersecurity professionals.

 

The funds have been provided to Kansas State University's department of computing and information sciences for a scholarship program in conjunction with newly developed courses offered by the department, a university release said Tuesday."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Information Security Awareness Video & Poster Contest for students

Information Security Awareness Video & Poster Contest for students | Higher Education & Information Security | Scoop.it

The EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) is conducting its fifth contest in search of short information security awareness videos and posters developed by college students, for college students. The contest is sponsored by CyberWatch and the National Cyber Security Alliance (NCSA). Winners will receive cash prizes. The videos and posters will be featured on the EDUCAUSE website and may be used in campus security awareness campaigns. Winners will be notified in April 2013.

 

Google is a proud supporter of this Information Security Awareness Video and Poster Campaign for students.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Permanent cybersecurity team established for EU institutions

Permanent cybersecurity team established for EU institutions | Higher Education & Information Security | Scoop.it

"European institutions beefed up their cybersecurity by establishing a permanent Computer Emergency Response Team (CERT-EU).

 

The decision was made following a one-year test for the team, which works closely with the internal IT security teams of the European Union institutions -- the European Commission, the Council, the European Parliament and the Committee of the Regions."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Mobile (Post-PC) in Higher Education
Scoop.it!

PhoneID Lets You Login To Websites Without A Username Or Password - From Your Phone | TechCrunch

PhoneID Lets You Login To Websites Without A Username Or Password - From Your Phone | TechCrunch | Higher Education & Information Security | Scoop.it

"On the web, we have a host of user names and passwords we have to remember, whether for news sites or apps or Netflix. So Michael Thomas and Vahur Roosimaa of Los Angeles-based startup Scopely have hacked together PhoneID, which lets you login to websites without a username and password.

 

As its name would imply, PhoneID turns your phone into your identity. You don’t need plug-ins or widgets, just your phone. And it works on iOS, Android and Windows Phone, while keeping your Facebook account, email and phone number completely private."


Via Stephen diFilipo
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Mobile (Post-PC) in Higher Education
Scoop.it!

Mobile Security 101 [Infographic]

Mobile Security 101 [Infographic] | Higher Education & Information Security | Scoop.it

Half a decade ago the first version of the Apple iPhone smartphone was released, revolutionalizing the way the world sees and utilizes smartphones.


Via Stephen diFilipo
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

California Raises the Bar on Social Media Privacy

California Raises the Bar on Social Media Privacy | Higher Education & Information Security | Scoop.it

"California residents can keep their passwords to themselves, in school and in the workplace, thanks to a bill passed by the state Assembly on Wednesday.

 

The Golden State became to the first to pass comprehensive social media privacy legislation, with support of a bill that protects employers, employees and job applicants from having or granting access to social media websites, the Recorder noted.

 

As Law Blog reported here, last week California passed a social privacy bill prohibiting colleges and universities from requesting access from students and applicants. Taken together, the laws make California the first state to issue protections for both schools and the workplace."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

12 IT Certifications That Deliver Career Advancement

12 IT Certifications That Deliver Career Advancement | Higher Education & Information Security | Scoop.it

"Certifications play an important part of any IT professional's career, although there will always be some debate on how important. Certifications are, like most things in life: The more you put into them, the more you will get out. While the actual knowledge you gain on the journey is the true reward, certifications also indicate to employers that you take your job seriously and that you are knowledgeable on the respective technology."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

How Facebook Design Is Tricking You Into Sharing Info

How Facebook Design Is Tricking You Into Sharing Info | Higher Education & Information Security | Scoop.it

"You already know that Facebook and privacy don't really get along, but many "improvements" to the service are making it easier and easier to share everything without even knowing. Avi Charkham rounded a bunch of these tricks up over at TechCrunch, and they're as subtle as they are sketchy.

 

Some of the changes seem to play on psychology, like swapping out the old pair of "Allow, Don't Allow" buttons for just one that says "Play game" that you either click, or don't. Others, are sort of flagrant once you've noticed them. One Charkham describes as the "The Tiny Hidden Info Symbol Trick" is of those ones."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

GRC: Trying to take the bite out of risk

GRC: Trying to take the bite out of risk | Higher Education & Information Security | Scoop.it

"These days, organizations are facing increasingly sophisticated information security attacks from multiple sources. At the same time, they're struggling to comply with a growing number of government and industry regulations, and they're facing pressure to put in place better corporate controls.

 

One way to address this group of challenges is with a relatively new concept that has a variety of definitions in the marketplace: governance, risk management and compliance (GRC) technology.

 

GRC software tools—those designed specifically for IT-related data (IT GRC) and broader enterprise issues (EGRC), first appeared about 10 years ago. The software is designed to automate GRC processes, enable companies to integrate and manage operations that are subject to regulation, and implement an organized approach to managing GRC-related activities.

...

Before a company gets involved with GRC software, its executives need to understand that the products are essentially designed to automate existing processes that should already be proven and effective. This is the single most critical success factor in building an effective GRC program. People first (buy-in), process second, and only then technology."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

US boardrooms wake up to data security

US boardrooms wake up to data security | Higher Education & Information Security | Scoop.it

"An annual survey of 11,000 public company directors and 2,000 general counsels shows that data security, for the first time, is now the top corporate fear...

 

Organisations that operate in the European Union may soon be searching for data protection officers (DPOs), a position mandated by law as part of the European Commission's proposed data protection proposals."

more...
No comment yet.