Higher Education ...
Follow
Find
4.9K views | +0 today
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cybersecurity 101 from Harvard Law Scholars

"For those of you who want to delve deeper in your understanding of cybersecurity, the Berkman Center for Internet & Society and the Harvard Law School Library have made a set of materials on cybersecurity available to TAP readers.

 

Cybersecurity 101: Three-Part Introductory Section provides a foundational overview to be utilized in cybersecurity courses. However, you don’t need to be enrolled in a research program at Harvard Law School in order to understand and gain knowledge from this robust set of content."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Sharing personal data anonymously with Crowd Blending Privacy

Sharing personal data anonymously with Crowd Blending Privacy | Higher Education & Information Security | Scoop.it

"A new mathematical technique developed at Cornell University could offer a way for large data sets of personal data to be shared and analyzed while guaranteeing that no individual’s privacy will be compromised...

 

The Cornell group proposes an alternative approach called crowd-blending privacy. This method involves limiting how a data set can be analyzed to ensure that any individual record is indistinguishable from a sizeable crowd of other records and removing a record from the analysis if this cannot be guaranteed."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How to Secure Data by Addressing the Human Element

How to Secure Data by Addressing the Human Element | Higher Education & Information Security | Scoop.it
Your sensitive data is only as secure as the weakest link in your organization, and in many cases the weak link is your employees. A properly established security awareness and training program can pay huge dividends.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

9 Popular IT Security Practices That Just Don't Work

9 Popular IT Security Practices That Just Don't Work | Higher Education & Information Security | Scoop.it

"When it comes to IT security, FUD (fear, uncertainty, and doubt) is more than just the tool of overhyping vendors hoping to sell their next big thing. It is the reality that seasoned IT security pros live in, thanks in large part to the -- at times gaping -- shortcomings of traditional approaches to securing IT systems and data.


The truth is most common IT security products and techniques don't work as advertised, leaving us far more exposed to malicious code than we know. That's because traditional IT security takes a whack-a-mole approach to threats, leaving us to catch up with the next wave of innovative malware, most of which rolls out in plain view on the Internet."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Wired Reporter Hack Spotlights Cloud Security Risks

Wired Reporter Hack Spotlights Cloud Security Risks | Higher Education & Information Security | Scoop.it

"Cloud computing means surrendering control of your data. It means security is out of your hands. Your cloud-computing provider may have the best set of security policies ever, but that doesn’t mean it has the best set of security practices. More than 80 percent of organizations already transfer, or plan to transfer, sensitive or confidential data into the cloud, according to a report out today from Thales e-Security and The Ponemon Institute."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Updated NIST Guide is a How-To for Dealing With Computer Security Incidents

Updated NIST Guide is a How-To for Dealing With Computer Security Incidents | Higher Education & Information Security | Scoop.it

"The National Institute of Standards and Technology (NIST) has published the final version of its guide for managing computer security incidents. Based on best practices from government, academic and business organizations, this updated guide includes a new section expanding on the important practice of coordination and information sharing among agencies."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Obama weighs executive order on cybersecurity

Obama weighs executive order on cybersecurity | Higher Education & Information Security | Scoop.it

"President Barack Obama is signaling that if Congress won't act on cybersecurity legislation, he will implement the elements he considers essential by executive order. That prospect gets mixed reviews from cybersecurity experts."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

What Are The Pros and Cons of BYOD (Bring Your Own Device)? [Infographic]

What Are The Pros and Cons of BYOD (Bring Your Own Device)? [Infographic] | Higher Education & Information Security | Scoop.it

"Thousands of schools and companies around the nation are going "BYOD" to save big bucks by allowing students and employees to use their own personal mobile devices in the classroom and office."

 

This infographic gives some reasons to go BYOD, associated user costs, who's testing it out, as well as the pros and cons.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Security Awareness: Want Organizational Buy-in? Get People Talking

Security Awareness: Want Organizational Buy-in? Get People Talking | Higher Education & Information Security | Scoop.it

Lance Spitzner (SANS) shares a blog from Janet Roberts at Progressive Insurance as part of a new series to get insight from other security awareness professionals.

"When I was challenged with building our security awareness program two years ago, I went out and benchmarked with a number of other companies, wrote a white paper complete with information on how much data we needed to protect, how many attempts were made on our system from the outside, and much more. I elevated the report to our CSO and he took it to other execs. I was asking for a budget. I got interest and an OK to move forward, but I needed to show something more to get what I was requesting. So I decided while I was asking the CSO to evangelize from the top, I'd try to create a groundswell of grassroots interest at the bottom.

I created this quirky little program we call PIE — Personal Protection, Identity Theft, Electronic Data. It's a lunch-and-learn, in-person, workshop program and .....yes!....we serve pie. Each employee gets a slice of pie, a folder filled with tip sheets and screenshots on how to reach our Intranet site, and a chance to talk to a security professional."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Is Security Awareness Time and Money Wasted? A Different Perspective - The Security Skeptic

Is Security Awareness Time and Money Wasted? A Different Perspective - The Security Skeptic | Higher Education & Information Security | Scoop.it

"Dave Aitel recently published an article that generated a fair bit of controversy. In Why You Shouldn't Train Employees for Security Awareness, David claims that money spent on security training for employees would be better spent on securing networks and assets, concluding that "organizations will be much better off if the CSO/CISO focuses instead on preventing network threats and limiting their potential range. Employees can't be expected to keep the company safe; in fact it is just the opposite. Security training will lead to confusion more than anything else.

 

Aitel makes many valid points. These should not be discounted or ignored because he's arguing against a seemingly prevailing opinion regarding security awareness. One important argument Aitel raises is that users are overmatched, outgunned, and out numbered. This argument is hard to dispute, and no awareness program I know of can prepare users for the diverse and constantly changing threat landscape they face. Combine this with the "trajedy of the URL", where we often teach users to be secure at the expense of making use of the very convenience hyperlinks offer, and I'll admit that, in this context, it is hard to argue that awareness makes a difference.

 

Aitel explains that the efficacy of security awareness programs is not corroborated by "broad statistical evidence", and offers anecdotal data suggesting that on average, organizations with security programs still see "a click-through rate on client-side attacks of at least 5 to 10 percent."

 

Here is where my perspective on security awareness programs begins to differ from Dave Aitel's. His conclusions are not wrong, but Security awareness programs ought to do more than teach users how to avoid click-through and client-side attacks."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cyber Bill Blocked in Senate

Cyber Bill Blocked in Senate | Higher Education & Information Security | Scoop.it

"Senate Fails to End Filibuster on Cybersecurity Bill

Cloture vote to end debate on the Cybersecurity Act of 2012 was 52-46, with 60 needed to advance the bill."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Information Systems Risk Assessment (ECAR Spotlight Bulletin)

Information Systems Risk Assessment (ECAR Spotlight Bulletin) | Higher Education & Information Security | Scoop.it

"This Spotlight bulletin focuses on 2011 CDS survey results related to information systems (IS) risk assessments. Research findings and industry experience demonstrate that conducting a security risk assessment helps increase an institution’s security posture and also helps prioritize the allocation of limited IT resources. A growing percentage of institutions across all Carnegie Classifications have conducted a campus IS security risk assessment, and this research looks at the data by institution size to provide an alternative view of IS risk."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

New NIST Encryption Guidelines May Force Federal Agencies to Replace Old Websites

New NIST Encryption Guidelines May Force Federal Agencies to Replace Old Websites | Higher Education & Information Security | Scoop.it

"Next month the National Institute of Standards and Technology (NIST) plans to put out for public review its draft for a new government encryption standard that, when finalized, is going to compel federal agencies with older websites to replace them.

 

NIST's current standard calls for federal agencies to support Transport Layer Security 1.0 encryption, but the updated version is going to require TLS 1.1 and 1.2, says Tim Polk, computer scientist and group manager for NIST's cryptology technology group. Since websites and browsers support secure communications through TLS, government agencies that haven't already moved to TLS 1.1 and 1.2 need to be aware that they are going to have to in the future, Polk advises."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Your Security Executive Dashboard

Your Security Executive Dashboard | Higher Education & Information Security | Scoop.it

"...the dashboard is a powerful communication vehicle and must match the political tone each CISO wants to set. That’s why I titled this “your” dashboard. There’s a whole menu of stories to tell. The trick is identifying the four or five stories that support your organization best."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Startup envisions CISO collective to share cyberattack information

Startup envisions CISO collective to share cyberattack information | Higher Education & Information Security | Scoop.it

"A startup called SecurityStarfish intends to become the central point where chief information security officers (CISO) can discretely share information about cyberattacks and obtain anonymized real-time information from others in order to deter cybercrime against their organizations.

 

This ambitious effort is being led by one of the most influential security professionals in the industry, Dave Cullinane, former CISO at eBay and a founding member and chairman of the Cloud Security Alliance, the group working on security best practices and standards related to cloud-based services."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The iPhone Has Passed a Key Security Threshold

The iPhone Has Passed a Key Security Threshold | Higher Education & Information Security | Scoop.it
Does society really want extremely private mobile devices if they make life easier for criminals? Apple's newly toughened standards sharpen the focus on that question.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Recent Cloud Critics, Including Wozniak, Intensify Debate

Recent Cloud Critics, Including Wozniak, Intensify Debate | Higher Education & Information Security | Scoop.it

" Cloud computing has taken some heat this week. First, over the weekend Apple co-founder and tech icon Steve Wozniak said he's worried about the "horrendous" problems cloud computing could cause as users yield control of their data to service providers.
Then, early this week, Mat Honan, a reporter at Wired magazine, revealed how hackers manipulated the customer service departments of Apple and Amazon to ultimately compromise his Google and Twitter accounts. This led to all of his personal and professional data being lost and bigoted updates to be aired from his social media accounts...
But what exactly is the problem Wozniak is warning about and who was really at fault in Honan's situation? In response to the flurry of criticism being spread about the cloud, a variety of service providers have come out passionately defending their industry, pointing out that the cloud can potentially be a haven for hackers, but that if architected properly with the right protections in place, it can be as safe as users make it."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Survey: About Half of Organizations Use Cloud-based Services for Sensitive Data

Survey: About Half of Organizations Use Cloud-based Services for Sensitive Data | Higher Education & Information Security | Scoop.it

"The "Encryption in the Cloud" survey done by Ponemon Institute sought the opinions of more than 4,000 IT professionals in seven countries, including the U.S. About 38% of the respondents said their organizations rely on encryption of data as it's transferred, typically over the Internet, to the cloud. Another 35% said their organizations encrypt data before it's transmitted to the cloud provider so that it remains encrypted within the cloud. 27% answered their organizations perform encryption within the cloud environment, with 16% of those selectively encrypting at the application layer, and 11% letting the cloud provider encrypt stored data as a service."

"One finding in the survey poses a surprising contrast to the usual accepted notions of cloud services and security. "Companies with the characteristics that indicate a strong overall security posture appear to be more likely to transfer sensitive or confidential information to the cloud environment than companies that appear to have a weaker overall security posture," the survey report states. "In other words, companies that understand security appear to be willing and able to take advantage of the cloud. This finding appears to be at odds with the common suggestion that more security-aware organizations are the more skeptical of cloud security and that it is the less security-aware organizations that are willing to overlook a perceived lack of security."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How Not To Get Hacked: The Four Things You Need to Do Right Now to Avoid the Fate of Tech Writer Mat Honan

How Not To Get Hacked: The Four Things You Need to Do Right Now to Avoid the Fate of Tech Writer Mat Honan | Higher Education & Information Security | Scoop.it

"Last Friday evening, a hacker got into Mat Honan’s Apple account, remotely erased the data on his iPhone, iPad, and MacBook, deleted his Google account, commandeered his Twitter account, and then posted a string of nasty stuff under Honan’s name."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How to Secure Sensitive Files and Documents

How to Secure Sensitive Files and Documents | Higher Education & Information Security | Scoop.it

"The data suggests that IT and security practitioners are well aware of the problem, but seem to be at a loss when it comes to getting it under control. The Ponemon Institute found that 71 percent of IT and security practitioners believe that controlling sensitive or confidential documents is more difficult than controlling records in databases, and 70 percent believe documents accessed by mobile data-bearing devices like smartphones and tablets present a significant security risk.


Furthermore, 70 percent say that employees, contractors or business partners have frequent access to sensitive or confidential documents, even though access to that information is not a job or role-related requirement. Fifty-nine percent say their organizations' controls are ineffective at monitoring employees, contractors or other insiders who access confidential documents."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

NCSAM Graphics now available for campuses!

NCSAM Graphics now available for campuses! | Higher Education & Information Security | Scoop.it

National Cyber Security Awareness Month (NCSAM) graphics are now available for colleges and universities to use as they prepare for back-to-school and NCSAM events.

more...
Higher Ed InfoSec Council's comment, August 3, 2012 6:27 PM
More (free) promotional materials for NCSAM are available at: http://www.staysafeonline.org/ncsam/promote-ncsam
Scooped by Higher Ed InfoSec Council
Scoop.it!

Can Big Data Help Universities Tackle Security, BYOD?

Can Big Data Help Universities Tackle Security, BYOD? | Higher Education & Information Security | Scoop.it

"Universities have some of the most complex IT infrastructures around, and BYOD is a reality they can't escape. Chief Security Officers at universities are increasingly turning to Big Data analytics technologies to mine the data in their logs and improve their security footing."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Howard Schmidt's replacement Michael Daniel unknown to many -- Federal Computer Week

"Howard Schmidt's successor will take over during the period when getting anything done in Washington is at its hardest: Just before an election. Daniel, who joined the Office of Management and Budget in 1995, currently heads the agency’s intelligence branch in the National Security Division. That branch has oversight of budget and management responsibilities for the intelligence community, including the National Intelligence Program, the Military Intelligence Program, and other classified activities. He has been tapped to take over from Howard Schmidt, who is stepping down as White House cybersecurity coordinator."

more...
No comment yet.