Higher Education ...
Follow
Find
4.8K views | +0 today
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

How Colleges and Universities Can Support NCSAM

How Colleges and Universities Can Support NCSAM | Higher Education & Information Security | Scoop.it

Colleges and universities play an essential role in ensuring students, faculty and staff stay safe and secure online. A great place to start is by participating in National Cyber Security Awareness Month this October. Whether you are able to show your support for just one day or every day this October, consider the following ways you can make a difference to raise cybersecurity awareness.

 

What you can do...in one minute, one hour, one day, all month long, and all year round.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

BYOD security challenges are old mortarboard for universities

BYOD security challenges are old mortarboard for universities | Higher Education & Information Security | Scoop.it

Businesses coping with security issues stemming from employee use of personal devices for company work are only experiencing what universities have grappled with for years.

 

Many of us in higher ed find it very funny when we see how BYOD has dominated so much of the security press lately," Mike Corn, chief privacy and security officer at the University of Illinois (UI) at Urbana-Champaign, said in an interview. "We view that with amusement because Bring Your Own Device has defined our environment almost since the beginning of personal computing.

 

The magnitude of BYOD at a university the size of UI would likely give a corporate security administrator fits. Not only is there a large annual turnover rate -- some 10,000 new students arrive on campus each year -- but each has an average of 3.5 personal devices in tow.

 
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

ISO 27002:2013 - Main changes in the structure

ISO 27002:2013 - Main changes in the structure | Higher Education & Information Security | Scoop.it
See the main differences in control structure between the old ISO/IEC 27002 standard (published in 2005) and the new draft version from 2013.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cybersecurity And Privacy Specialists In Short Supply

Cybersecurity And Privacy Specialists In Short Supply | Higher Education & Information Security | Scoop.it

A cover story in the Los Angeles Daily Journal (subscription required) reported that the need for privacy and cybersecurity legal specialists has exploded in California, yet general counsel say there is a shortage of qualified practitioners who can do the job.  LinkedIn Corp.’s General Counsel Erika Rottenberg was featured in the story, she speculated that technology companies in Silicon Valley were hiring most of the qualified attorneys, leaving less talent for law firms.  Amidst a legal job market in which law graduates are clamoring to find jobs, the demand for privacy and cybersecurity specialists may present an opportunity for the law schools that are nimble enough to respond to the demand.

 

The demand for lawyers who understand technology isn’t limited to general counsel positions, even sophisticated technology companies say they need outside counsel.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Sept. 23 deadline looms for business compliance with HITECH Act on patient privacy

Sept. 23 deadline looms for business compliance with HITECH Act on patient privacy | Higher Education & Information Security | Scoop.it
Organizations handling protected health information have until Sept. 23 to comply with new security and privacy requirements that were included as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

 

After Sept. 23, all covered entities, including online storage vendors and cloud service providers, will be subject to new breach notification standards and limitations on how they can use and disclose PHI. They will also be required to ensure that their business associates and subcontractors are compliant with the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA). The HITECH Act amended portions of HIPAA by adding new security and privacy provisions on patient information.

 

In addition, covered entities will be required to have updated patient privacy notices in place that state the patient's rights over the data and how the data can be used and shared.

 

Unlike the original HIPAA privacy and security rules, which primarily applied to healthcare organizations and insurance companies, the new HIPAA Omnibus rules apply to business associates and their subcontractors. Under the omnibus rules, a business associate of a healthcare provider, such as a cloud service provider, is directly liable for protecting any patient data it handles, even if the vendor is just storing the data.

 

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Why Protecting the Internet is a Shared Responsibility #NCSAM [Infographic]

Why Protecting the Internet is a Shared Responsibility #NCSAM [Infographic] | Higher Education & Information Security | Scoop.it

Here's what you can do to stay safe online for National Cyber Security Awareness Month in October, and all year long (from the National Cyber Security Alliance and Stop. Think. Connect.)

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Hacked Email | OnGuard Online

Hacked Email | OnGuard Online | Higher Education & Information Security | Scoop.it

What can you do when it looks like someone has taken over your account? The FTC offers a new article with steps you can follow if your email or social media account is hacked — and what to do before this ever happens. This article covers: How you know you've been hacked, What to do when you've been hacked, and What to do before you're hacked.

 

Subscribe to the OnGuardOnline.gov blog to receive timely online safety tips. The FTC also encourages you to cross-post blogs and send their free resources to other partners and friends. 

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Former DHS Secretary Launches Council on Cybersecurity

Former DHS Secretary Launches Council on Cybersecurity | Higher Education & Information Security | Scoop.it
A former deputy secretary of the US Department of Homeland Security has announced the launch of the nonprofit Council on Cybersecurity, devoted to both encouraging the adoption of cybersecurity best practices and addressing the lack of skilled cyber-experts in the workforce.

Jane Holl Lute, who shepherded President Obama’s executive order on cybersecurity before stepping down from the DHS earlier in the year, will serve as the president and CEO of the organization, according to the Hill.

 

"The council's main focus is to accelerate the widespread availability and adoption of effective measures in cybersecurity and practice in technology, with respect to workforce and policy to achieve and sustain security in cyberspace," Lute said during a speech at a SANS Institute event this week.

 

To further that end, the council will work with the SANS Institute to develop its 20 critical security controls (CSCs), which is a comprehensive set of best practices and processes. Operational silos within the IT security organization and between IT and other business departments are still the greatest impediment to implementing repeatable processes based on the controls, SANS recently found in a survey. And only 10% of respondents said they felt they've done a complete job of implementing all of the controls that apply to their organizations.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Rise in Data Breaches Drives Interest in Cyber Insurance

Rise in Data Breaches Drives Interest in Cyber Insurance | Higher Education & Information Security | Scoop.it

Growing awareness of cyber threats and reporting requirements by regulators are driving a newfound interest in insurance products covering data breaches and other computing risks.

 

Almost a third of companies (31 percent) already have cyber insurance policies, and more than half (57 percent) that don't have policies say they plan to buy one in the future, a recent study by the Ponemon Institute and Experian Data Breach Resolution found.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Hype or reality: Which security trends concern CSOs today?

Hype or reality: Which security trends concern CSOs today? | Higher Education & Information Security | Scoop.it
Security executives weigh in on what security trends, threats and technology are still pain points, and which are turning out to be mostly hoopla
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Organizations ignore social media when it comes to business continuity planning

Organizations ignore social media when it comes to business continuity planning | Higher Education & Information Security | Scoop.it

According to a new study from PriceWaterhouseCoopers says that many companies are not leveraging social media when it comes to business continuity management, but documentation processes are being coming more pragmatic, and vendor resiliency is starting to take hold.

 

The Business Continuity Insights Survey, from PriceWaterhouseCoopers (PwC), says that many companies are not leveraging social media when it comes to business continuity management, even though they're making progress in their business continuity planning by re-thinking their approach to crisis management.

 

"We are seeing more and more companies using business continuity management (BCM) to address items in their risk portfolio, and are spending more time integrating BCM into their enterprise risk management program, versus seeing it as an insurance exercise or IT responsibility," said Phil Samson, PwCs Business Continuity Management service leader, in a statement.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Reputation Risk Management -- It's Time to Build Trust and Resilience at the Top

Who would have imagined? At a time when the Dow Jones Industrial Average climbs above 15,000 for the first time and investor euphoria persists, trust in companies and their CEOs ranks near or at record lows. In this case, "rank" can serve as an adjective, too. Investors even have turned against the CEO who once could do no wrong, JP Morgan Chase's Jamie Dimon, urging him to surrender one of his roles as chairman and CEO because of some celebrated gaffes.

 

These corporate governance issues and crises have sparked a steep rise in reputational risk as trust in business continues a decade-long erosion. And good business practices alone won't remedy it. Challenges to a company's reputation arise from a specific business decision or practice. To manage that reputation successfully requires the active leadership of the CEO with the board of directors serving as avid monitors.

 

They must ensure that the reputation risk-management process becomes integrated deeply within the business. This requires an enterprise-wide capability. What triggered the unusual paradox we're in? Four principle factors have contributed to the sharp increase in reputational risk:

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cylance PrivateDetect takes a unique approach to security

Cylance PrivateDetect takes a unique approach to security | Higher Education & Information Security | Scoop.it

Cylance is breaking the mold on endpoint security by tossing out the signature-based model and relying on math and science to find new threats.

 

Cylance is striving to make cyber security more of a science than an art by leveraging concepts of math and big data to proactively identify threats.


Another interesting aspect of PrivateDetect is the incorporation of social media. First, Cylance has users register by connecting a Facebook, Twitter, Google, or LinkedIn account because they’d rather not have you create yet another username and password to manage. Second, Cylance recognizes that your friends and family—your extended social network—has a direct impact on your security. Those are the people you trust and interact with. PrivateDetect integrates your social network to let you see how secure (if at all) your friends are, so you know whether you should think twice before clicking links or opening attachments from them.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Mobile (Post-PC) in Higher Education
Scoop.it!

Your Heartbeat Is Your New Password

Your Heartbeat Is Your New Password | Higher Education & Information Security | Scoop.it

As the password makes its slow fade towards extinction, many technologies are jockeying for position as the next method for securing online accounts. We’ve told you about brain waves, fingerprints, even magic rings, but a new technique is literally getting to the heart of the matter.


A wristband dubbed Nymi confirms a user’s identity via electrocardiogram (ECG) sensors that monitor the heartbeat and can authenticate a range of devices, from iPads to cars. Developers at Bionym, the Toronto-based company that makes the device, say the peeks and valleys of an individual’s heartbeat are harder to imitate than the external features of biometric systems, like fingerprints or facial recognition.


Via Stephen diFilipo
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Mobile (Post-PC) in Higher Education
Scoop.it!

Apple Patents iOS Unlocking Methods That Determine Level Of User Access To Device Features And Software | TechCrunch

Apple Patents iOS Unlocking Methods That Determine Level Of User Access To Device Features And Software | TechCrunch | Higher Education & Information Security | Scoop.it
A big request from parents regarding iOS has been that Apple implement user accounts on its mobile devices, in order to make it so that a parent can sign in with greater access to device features and apps than a child, for instance.

Via Stephen diFilipo
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Share Your Plans for NCSAM 2013

Share Your Plans for NCSAM 2013 | Higher Education & Information Security | Scoop.it

If your campus is hosting an event or activity in October, please share your plans and links to additional info. We will include your college or university's activities in our list of 2013 Campus Events.

 

Last year we collected over 120 links from institutions and we hope to increase that number in 2013 for the 10th anniversary of National Cyber Security Awareness Month (NCSAM)!

 

Looking for FREE events to host? Several webinars are scheduled during the month of October, including an EDUCAUSE Live! on October 1.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How to fix the looming shortage of skilled security professionals

How to fix the looming shortage of skilled security professionals | Higher Education & Information Security | Scoop.it
Faced with a perceived shortage of skilled talent, it's time change the approach, distribute the workload, and get people to pitch in so we can focus on the valuable security work that demands our attention...
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Website Security and WordPress Attacks - ProfHacker - The Chronicle of Higher Education

Website Security and WordPress Attacks - ProfHacker - The Chronicle of Higher Education | Higher Education & Information Security | Scoop.it

"Many of us at ProfHacker rely on WordPress. I use it for everything frommanaging my academic web presence to hosting online course materials and communities. This means I have a lot of out-of-date sites that serve their purpose for one semester and live on only as archives. Ever since WordPress 3.6 came out (ok, and for a year before that) I’ve been planning on taking a day to update all these installations and manage my server. Last week, I opened my email to find a message from my hosting provider entitled “WordPress Attack.” I checked my website and realized the scripts had been shut down entirely. Thankfully, it was before the semester started

 

Amy’s written in the past about securing your online life, which can be quite involved for people like me who live “in the cloud.” Here are a few tips for securing your website."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Join the #HigherEd #NCSAM Conversation!

Join the #HigherEd #NCSAM Conversation! | Higher Education & Information Security | Scoop.it

Ways to get social with us this National Cyber Security Awareness Month (NCSAM): Update your social media profiles & cover images, share daily tips, and support our community by following other campus InfoSec or IT department social media pages.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Simple passwords rule the day in mobile world

Simple passwords rule the day in mobile world | Higher Education & Information Security | Scoop.it

Nearly 80 percent of smartphone and tablet users choose simple pass codes to protect their devices from unauthorized use, according to an analysis released recently by a maker of mobile device management solutions.

 

While 85 percent of some 200,000 mobile devices analyzed by Fiberlink had their pass code feature turned on as required by company policy, most of those devices (93 percent) were using simple pass codes to protect the devices.

 

Fiberlink defined a simple pass code or PIN as a password made up of all numbers or all letters. Of the mobile devices using simple pass codes, almost three quarters (73 percent) had one with a length of four to five characters.

 

Only 7 percent of the devices analyzed by the company had a complex or alphanumeric pass code. Fiberlink defines a complex password as one made up of letters, numbers and special characters.

 
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

NSF invests $20 million in large projects to keep the nation's cyberspace secure and trustworthy

NSF invests $20 million in large projects to keep the nation's cyberspace secure and trustworthy | Higher Education & Information Security | Scoop.it

With researchers from more than a dozen universities, three large "Frontier" collaborative projects highlight efforts to tackle fundamental challenges in cybersecurity and privacy.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Prepare for National Cyber Security Awareness Month 2013

Prepare for National Cyber Security Awareness Month 2013 | Higher Education & Information Security | Scoop.it

Did you know that National Cyber Security Awareness Month (NCSAM) is less than two months away?

 

We are celebrating the 10th anniversary of NCSAM this October.

 

Here are a few ways you can show your support and help us make NCSAM 2013 the most successful yet!

 

We look forward to celebrating with you this October!

Higher Ed InfoSec Council's insight:

Don't forget to check out our National Cyber Security Awareness Month Resource Kit for a list of 2013 NCSAM campus events: https://wiki.internet2.edu/confluence/display/itsg2/NCSAM+Resource+Kit

 

You'll also find free, adaptable materials in our Cybersecurity Awareness Resource Library: https://wiki.internet2.edu/confluence/display/itsg2/Cybersecurity+Awareness+Resource+Library ;

 

Let us know how your institution is celebrating NCSAM by sending a message to security-council@educause.edu 

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Podcast: Randy Marchany on Virginia Tech's Cybersecurity Strategy

Podcast: Randy Marchany on Virginia Tech's Cybersecurity Strategy | Higher Education & Information Security | Scoop.it

The Twenty Critical Security Controls for Effective Cyber Defense are quick wins that allow you to rapidly improve your cybersecurity without major procedural or technical change. In this podcast, IT Security Officer Randy Marchany discusses the list, the tension between privacy and security, and Virginia Tech's overall cybersecurity strategy.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

6 Ways Employees Are Putting Your Company's Data at Risk

6 Ways Employees Are Putting Your Company's Data at Risk | Higher Education & Information Security | Scoop.it
With the growth of mobile devices, the ways we connect to the Internet at work has grown significantly. With that flexibility come security risks associated with intellectual property and company data.

 

Sanjib Sahoo, CTO, tradeMONSTER: "Make employees understand the goals and risks to the company, which in turn will encourage them to act accordingly. "Entrust" not "Enforce" works like a charm. Ignorance is avoided with training, and intentional violations are avoided by creating a culture of trust and respect within the organization."

 

That said, security like many aspects of the tech market is a moving target. You've got to understand the inherent risks and put policies in place to minimize risk. "With technology changing so much, it is very difficult to constantly scope all aspects of securities for employees, hence it is an evolving process," says Sahoo.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

White House considers incentives for cybersecurity

White House considers incentives for cybersecurity | Higher Education & Information Security | Scoop.it

The White House is considering incentives, including cybersecurity insurance, grants, and liability limits, in order to get organizations in the private sector onboard with investing in cybersecurity.

 

The goal of the initiative, and the program itself, is information sharing and the establishment of best practices and guidelines that will ensure organizations (both public and private) are better prepared to deal with cybersecurity issues.

 

While all of this takes place, the underlying goal of maintaining clear privacy policies that protect the information held by most of these organizations from external and internal risks, forms the third layer of the program — one that government watchdogs say is the most important.

more...
Higher Ed InfoSec Council's comment, August 8, 2013 11:25 AM
Here is a link to the White House blog mentioned in the article: Incentives to Support Adoption of the Cybersecurity Framework, http://m.whitehouse.gov/blog/2013/08/06/incentives-support-adoption-cybersecurity-framework