Higher Education ...
Follow
Find
4.9K views | +0 today
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Touch ID: Net Benefit or Net Loss?

Touch ID: Net Benefit or Net Loss? | Higher Education & Information Security | Scoop.it

EDUCAUSE Guest Blogger Joshua Wright (@joswr1ght) shares his thoughts on Touch ID, the Apple fingerprint authentication system. 

 

Stay tuned for more guest blogs in honor of National Cyber Security Awareness Month (NCSAM) 2013.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

With malicious attacks on the rise, universities seek security

With malicious attacks on the rise, universities seek security | Higher Education & Information Security | Scoop.it

Oct. 1 marked the first day of National Cyber Security Awareness Month, which this year celebrates its 10th anniversary. The number of threats colleges and universities face has grown exponentially during that period, and although breaches still occur, information security officials say institutions are more prepared than ever to protect their resources and the people who access them.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Why you need a tactical pause to build a successful security program

Why you need a tactical pause to build a successful security program | Higher Education & Information Security | Scoop.it

Successful leaders know that sometimes the way to maintain or regain momentum is to take a tactical pause. It's time to take a step back, survey the situation, and make sure available budget and resources are both aligned with the needs of the business and focused on producing the most value.

 

Consider if a tactical pause is necessary by asking and answering three often-overlooked, important questions:

Can you quickly list the top 3 priorities for the security team? Not 5, 10, or more. The top 3. How are those priorities aligned to the business?If established at the beginning of the year (or earlier, based on budgeting), are the priorities still the best place to focus between now and the end of the year?
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

CSOs face ongoing paradoxical challenges. Will collaboration help?

CSOs face ongoing paradoxical challenges. Will collaboration help? | Higher Education & Information Security | Scoop.it
As security perimeters continue to expand, the need to be flexible instead of locking down is as important as ever

 

The results of a recent CXO study that were released by (ISC)2 have painted a picture of just how paradoxical cybersecurity can be from the point of view of CSOs, aptly outlining the challenges that these industry leaders face.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

October is National Cyber Security Awareness Month 2013

October is National Cyber Security Awareness Month 2013 | Higher Education & Information Security | Scoop.it

Ten Years, Five Weeks, One Theme: Cybersecurity is Our Shared Responsibility


First launched in 2004 as a broad effort by government and industry to help all Americans stay safe and secure online, National Cyber Security Awareness Month (NCSAM) commemorates its 10th anniversary this October.

 

Read more about NCSAM in Michael Kaiser's guest blog post for EDUCAUSE.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cybersecurity should be seen as an occupation, not a profession, report says

Cybersecurity should be seen as an occupation, not a profession, report says | Higher Education & Information Security | Scoop.it

A panel from the National Academy of Sciences, commissioned by the U.S. Department of Homeland Security, says that cybersecurity should be seen as an occupation and not a profession.

 

After being commissioned by the U.S. Department of Homeland Security, a panel from the National Academy of Sciences reported that the cybersecurity field is too young, and the technologies, threats, and actions taken to counter them change too rapidly, for professionalization to be considered. Thus, cybersecurity is an occupation and not a profession.

 

For some organizations, making cybersecurity a profession may provide a useful degree of quality control, the report says, but at the same time, professionalization also imposes barriers, which would prevent talented workers from entering the field at a time when "demand for cybersecurity workers exceeds supply."

...

"Premature or blanket professionalization strategies will likely hinder efforts to build a national cybersecurity workforce of sufficient quality, size, and flexibility to meet the needs of this dynamic environment," concluded Diana Burley, co-chair of the committee that wrote the report and associate professor of human and organizational learning at the George Washington University in Washington, D.C.

Higher Ed InfoSec Council's insight:

Original NAS press release about the Professionalization of Cybersecurity Work Force: http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=18446

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Countdown to National Cyber Security Awareness Month Starts Today

Countdown to National Cyber Security Awareness Month Starts Today | Higher Education & Information Security | Scoop.it

National Cyber Security Awareness Month (NCSAM) is just one week away! 

 

Is your campus planning a cybersecurity related activity during the month of October? Please share your plans so we can include your institution's efforts in our comprehensive list of 2013 higher education events: https://wiki.internet2.edu/confluence/display/itsg2/NCSAM+Resource+Kit

 

Are you looking for resources as you update your website or prepare weekly communications? We have lots of free materials developed by institutions or students that can be repurposed:

*Cybersecurity Awareness Resource Library: http://tinyurl.com/NCSAMresourcelibrary ;

*Student Video & Poster Contest Winners (available to download or share): http://www.educause.edu/svc

*NCSAM Sample Kit: http://tinyurl.com/NCSAMsamplekit

 

Our partner, the National Cyber Security Alliance, also offers many free resources:

*Download posters, logos, and more: http://www.staysafeonline.org/ncsam/get-involved/promote-ncsam

*Pre-written social media posts (for Twitter, Facebook, and Google+): http://www.staysafeonline.org/ncsam/get-involved/social-media

*Tip sheets and studies: http://www.staysafeonline.org/ncsam/resources/

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

6 essential components for security awareness programs

6 essential components for security awareness programs | Higher Education & Information Security | Scoop.it
There's more to security awareness programs than just computer-based training and phishing exercises. Ira Winkler and Samantha Manke outline the six must-haves to ensure your program is effective
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them

7 Biggest IT Compliance Headaches and How CIOs Can Cure Them | Higher Education & Information Security | Scoop.it
IT, security and compliance experts discuss the biggest issues facing companies these days -- and what steps organizations can take to minimize potential regulatory compliance risks and security threats.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Hackers Unite: Student Cybersecurity Teams Get a Governing Body

Hackers Unite: Student Cybersecurity Teams Get a Governing Body | Higher Education & Information Security | Scoop.it

Student athletes have long had high-school sports associations and the National Collegiate Athletic Association. Now student hackers are getting their own governing body.

 

The newly created Cybersecurity Competition Federation will link existing but disparate cybersecurity competitions under shared rules, scoring metrics, and ethics. It will cover the secondary and postsecondary competitions, centralizing contests that are an increasingly important tool for the training and recruiting of the next generation of cybersecurity professionals.

 

“The Cybersecurity Competition Federation is a collaboration of stakeholders who believe in the value of cybersecurity competitions to work together to develop common metrics, a common pathway, and a common set of ethics that can apply to all competitions,” says Daniel P. Manson, chair of the computer-information-systems department at California State Polytechnic University at Pomona and principal architect of the federation. “It is what a sport has.”

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Researchers Struggle to Secure Data in an Insecure Age

Researchers Struggle to Secure Data in an Insecure Age | Higher Education & Information Security | Scoop.it

When it comes to protecting research from hackers, many universities' policies have changed little from the days when sensitive information was locked in a cabinet.

 

"Back in 2009, the technical staff of Chapel Hill's medical school discovered spyware on a server housing the medical records of some 180,000 women, participants in a study analyzing mammography results. Though no evidence existed that hackers copied the files, the breach caused a painful feud between the university and the project's principal investigator, each blaming the other for failing to secure the private information.

 

Turns out that they were both right: No one was doing enough."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Is the CISO role too big for one person?

Is the CISO role too big for one person? | Higher Education & Information Security | Scoop.it
Paul Groce, Global Head of CIO/Technology Operations for executive search firm CTPartners, says the CISO role has evolved beyond the scope of one position over the years, and suggests corporations change the way they approach security and risk leadership...
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Anonymity, Privacy, and Security Online | Pew Research Center

Anonymity, Privacy, and Security Online | Pew Research Center | Higher Education & Information Security | Scoop.it

A new survey finds that most internet users would like to be anonymous online, but many think it is not possible to be completely anonymous online. Some of the key findings:

86% of internet users have taken steps online to remove or mask their digital footprints—ranging from clearing cookies to encrypting their email.55% of internet users have taken steps to avoid observation by specific people, organizations, or the government.

The representative survey of 792 internet users also finds that notable numbers of internet users say they have experienced problems because others stole their personal information or otherwise took advantage of their visibility online.

more...
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Deciding Who Sees Students’ Data

Deciding Who Sees Students’ Data | Higher Education & Information Security | Scoop.it
Schools across the country are looking at new online ways to integrate and analyze information about their students. But privacy advocates remain wary.

---------

When Cynthia Stevenson, the superintendent of Jefferson County, Colo., public schools, heard about a data repository called inBloom, she thought it sounded like a technological fix for one of her bigger headaches. Over the years, the Jeffco school system, as it is known, which lies west of Denver, had invested in a couple of dozen student data systems, many of which were incompatible.

 

In fact, there were so many information systems — for things like contact information, grades and disciplinary data, test scores and curriculum planning for the district’s 86,000 students — that teachers had taken to scribbling the various passwords on sticky notes and posting them, insecurely, around classrooms and teachers’ rooms.

 

There must be a more effective way, Dr. Stevenson felt.

 

InBloom, a nonprofit corporation based in Atlanta, seemed to offer a solution: it could collect information from the district’s many databases and store it in the cloud, making access easier, and protect it with high-level encryption.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Five Habits IT Security Professionals Need To Break

Five Habits IT Security Professionals Need To Break | Higher Education & Information Security | Scoop.it

In a panel, entitled "Cyber Security -- Where the Industry Is Headed Next Year and Beyond," seven industry leaders said security is sometimes stuck in a continuous loop because professionals continue to make the same mistakes and sometimes have trouble thinking in new ways.


Five examples of bad habits that security pros need to break, according to the panel:

1. Treating IT security as something that's separate from the business

2. Saying "no"

3. Preaching to the choir

4. Confusing security and compliance

5. Failing to reach out to students and young professionals.


more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How Good Are Your Cybersecurity Practices?

How Good Are Your Cybersecurity Practices? | Higher Education & Information Security | Scoop.it

The Higher Education Information Security Council is calling on colleges and universities to mark the 10th annual National Cyber Security Awareness Month, which kicked off on Tuesday, by promoting best practices in information security.

 

The council, part of the larger education-technology organization EDUCAUSE, held its own information-awareness video and poster contest to engage students. It also developed a resource kit for colleges and a calendar of related events on campuses across the country.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Universities learn to deal with hacking

Universities learn to deal with hacking | Higher Education & Information Security | Scoop.it

Coders like to tell a joke. There are two types of people, it goes: those who have been hacked, and those who are about to be hacked.

 

The quip is telling: cyber attacks, from Nigerian email scams to sophisticated Chinese phishing operations, are a fact of life online.

 

Whether you're a teen with a laptop or a big bank with complicated servers, you likely are not immune to hacking.

 

Post-secondary institutions are particularly and increasingly targeted by hackers, according to IT specialists, intelligence agencies and university officials.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Federal Agencies Revamp Standards for College Cybersecurity Program

Federal Agencies Revamp Standards for College Cybersecurity Program | Higher Education & Information Security | Scoop.it

Nearly 200 college and university cybersecurity programs will have to reapply for a coveted federal designation under new curriculum standards being rolled out by the National Security Agency and the U.S. Department of Homeland Security.

 

The retooling of the joint National Centers of Academic Excellence program includes the elimination of dated, controversial federal training standards. They are being replaced with curricular blocks, dubbed "knowledge units," that officials say will enable colleges to develop cybersecurity focus areas while also allowing them to respond to employers' needs in a fluid marketplace.

 

There are currently 181 cyber­security programs with the designation at two- and four-year institutions, teaching everything from introductory programming to offensive hacking techniques. The label can be a game changer, attracting money, students, and prestige, according to some college officials.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Yahoo Responds To Recycled Email Security Problem

Yahoo Responds To Recycled Email Security Problem | Higher Education & Information Security | Scoop.it

Yahoo will launch a "Not My Email" button to return old account-holders' email and help former users reclaim their accounts.

 

According to Kevin Casey, Yahoo's senior director of platforms, the company monitored systems for claims about mistaken deliveries and were able to identify the problem with some of the accounts. The email bounce method, he said, was insufficient for senders to see that the email was no longer valid. Casey maintained that the email problem has affected only a small number of Yahoo users.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

'It's a BYOD World' With a Catch -- At New York Law School

'It's a BYOD World' With a Catch -- At New York Law School | Higher Education & Information Security | Scoop.it

The "Bring Your Own Device" trend can cause a lot of disruption, but not at New York Law School, the downtown Manhattan college where students, faculty and visitors have always been allowed to use any mobile device they want on the wireless network. But that doesn't mean anything goes.

 

"It a BYOD world," says Peter Trimarchi, the technical director at New York Law School (NYLS), whose job includes making sure all those BYOD smartphones, tablets and laptops are truly authorized to use the campus wireless network and that they don't bring in computer viruses.

 

Trimarchi says he's learned over the years that it's much simpler to do all this without having to install agent software. And on the main campus, which houses a bright and modern building where students in libraries pore over thick legal volumes, A BYOD security is enforced primarily through a ForeScout Technologies hardware appliance called CounterACT that can tackle network access control in an agentless fashion.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

I Spy With My Corporate Eye: The Employee Services Conundrum

I Spy With My Corporate Eye: The Employee Services Conundrum | Higher Education & Information Security | Scoop.it

It’s a conundrum: Companies want employees to be satisfied with their corporate services, but great user experiences in this context can require a certain amount of employee tracking that could affect employees’ views about workplace privacy. Even M doesn’t really want to know whether James Bond prefers his martini shaken, not stirred, but it may be incidental to the CCTV cameras in the MI6 café that keep assassins at bay! Companies have to manage potentially complex trade-offs between employee privacy, company security and user experience, including services such as BYOD programs, context-aware apps and even call monitoring for quality assurance.

 

Why do companies track employee data and behaviors?

 

In some instances, they have legal obligations to do so—safety and security, for example. But companies also want to prevent data/IP loss, improve productivity (are we cyberloafing AGAIN? Of course we are!), set appropriate cost standards, avoid liability for employee malfeasance, investigate misconduct and improve—or even predict—user experiences. In addition, a recent study by Aruba Networks states that 40 percent of Middle Easterners, 45 percent of Europeans and 66 percent of Americans fear loss of personal data from their employer, which leads them to try and hide their use of personal devices at work, and fail to report data loss or breaches. So we can’t necessarily trust all employees to appropriately manage their own behaviors.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Help teens prepare for digital drama with new ebook

Help teens prepare for digital drama with new ebook | Higher Education & Information Security | Scoop.it

October is National Cyber Security Awareness Month—a great time to check in with your family about their online safety habits. Are everyone’s devices and apps up to date with the latest security? When was the last time you reviewed your children’s online profile, or helped them update the privacy settings on their social networks?

 

For teens in particular, it’s important to help them prepare to deal with the “drama” that can unfold within their online social circles. While teen conflict is nothing new, today’s gossip, jokes, and arguments often play out through social media like Formspring, Twitter, and Facebook. Teens often refer to this as “drama.”

 

We’ve asked Linda McCarthy, online safety expert and author, to share insights about her new digital book, Digital Drama: Staying Safe While Being Social Online. [Download the book at no cost between September 24-27. English and Spanish versions of the ebook are available.]

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Envisioning the security team of tomorrow

Envisioning the security team of tomorrow | Higher Education & Information Security | Scoop.it

Certain skill sets may be a commodity in the IT field these days, but EMC's Security for Business Innovation Council's latest report may have some solutions for building an effective security team.

 

"According to the SBIC report, information security is no longer just about implementing and operating security controls, but the mission has evolved to "include advanced technical and business-centric activities such as: business risk analysis, asset valuation, IT supply chain integrity, cyber intelligence, security data analytics, data warehousing, and process optimization.

 

This mission growth translates into a need for specific skill sets, but the shortage of such talent makes building an effective team a monumental task. However, with this problem comes an opportunity.

 

In many organizations, personnel outside of security are starting to realize that they — not security — own the risks to their information assets and they need to actively partner with security to manage those risks," the SBIC report states.

 

To be successful, the information security function is a cross-organizational endeavor, with security processes deeply embedded into business processes."

more...
Frank Martin's curator insight, September 18, 2013 7:22 AM

Some thought provoking stuff about how the security field is moving forward and what it means to business

Scooped by Higher Ed InfoSec Council
Scoop.it!

Share your knowledge to be more successful in security

Share your knowledge to be more successful in security | Higher Education & Information Security | Scoop.it
When faced with the decision to share or hold knowledge about security, successful professionals learn to teach what they know.

 

"When you share what you know, sometimes the other person knows a different part. Or they actually know more. With an open mind, it's a fantastic opportunity to learn. Blending our knowledge and experience leads to more understanding and better solutions.

 

The practice of sharing (and learning) tends to reinforce itself, too. People are smart. Security, especially now, is top of mind for a lot of people. Sharing our knowledge with them creates the environment for them to share what they know with us.

 

It's broader than teaching security courses. This same strategy works with colleagues and clients. It works in any organization, and in most situations.

The more we share, the more we learn. It surfaces new challenges, but also provides new and different solutions."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

A firsthand look at why user awareness training works

A firsthand look at why user awareness training works | Higher Education & Information Security | Scoop.it

CSO was targeted by a phishing attempt late last week, but proper awareness training kept the site from falling victim to the attack.

 

The editorial team at CSO recently had an unexpected lesson in Phishing attacks on Friday. They were fortunate however, that their user awareness training paid off. Thus, they were spared the pain of dealing with a malware outbreak. Since there is a lesson to learn by sharing, here's an after action report on the entire incident, including how their awareness training worked.

more...
No comment yet.