Higher Education & Information Security
5.1K views | +0 today
Follow
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Personal data on 72,000 staff taken in University of Delaware hack

Personal data on 72,000 staff taken in University of Delaware hack | Higher Education & Information Security | Scoop.it

The University of Delaware has joined the long line of recent data breach victims, with a compromised university system yielding personal information on 72,000 past and present employees.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Terms and Conditions: A movie about privacy policies you’ll actually want to watch

Terms and Conditions: A movie about privacy policies you’ll actually want to watch | Higher Education & Information Security | Scoop.it

An 80 minute documentary makes the case for data access and privacy rights.

 

The documentary, released last week, will particularly interest your smart (but less tech-savvy) friends who shrug at things like the most recent NSA metadata surveillance scandal. American technology law and policy can often feel too niche, despite the fact that the issues in question apply in some way to nearly everyone on the Internet, as American companies are so dominant online. But this film might just be the most fun and accessible way to learn about what’s been happening to all of us, online, over the last 15 years.

Filmmaker Cullen Hoback adeptly uses a combination of cutesy animation, archival footage, and even guerilla journalism to make a movie that’s informative, frightening, and compelling to watch. 

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

eWave: Is privacy dying? ‘Technology is pervasive and invasive’

eWave: Is privacy dying? ‘Technology is pervasive and invasive’ | Higher Education & Information Security | Scoop.it
We have gathered here today to discuss our old and ailing friend, Privacy. Please be advised that someone may be watching.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Increasing number of universities are creating international health, safety and security-related positions

Increasing number of universities are creating international health, safety and security-related positions | Higher Education & Information Security | Scoop.it


DeRomaña is one of the leading voices in a growing sub-profession within study abroad and international programs: the health and safety analyst or international risk manager. Although such a position is still a relative rarity, the number of full-time staff members dedicated to health and safety in international university travel has swelled from three in 2007 (including DeRomaña) to 27 today, according to those in the field who maintain something of an informal association. Gary Langsdale, president of the University Risk Management and Insurance Association and the university risk officer for Pennsylvania State University – which is among those institutions that has created an international risk analyst position – argued that the number of such positions is in practice closer to 100, “although you may not see it as a job title. There are a growing number of institutions where this is the primary responsibility of somebody.”

....

 

The institutions that have created risk management positions are large universities or study abroad provider organizations; at a smaller institution, the responsibility for health and safety in study abroad might typically be assumed by a director or assistant director in the study abroad office or be shared among several study abroad personnel. But it does seem likely that more institutions will consider creating these specialized international health, safety and security-related positions as they grow or centralize their global programs.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

World's Biggest Data Breaches & Hacks [Visualization]

World's Biggest Data Breaches & Hacks [Visualization] | Higher Education & Information Security | Scoop.it

Data visualization of the world biggest data breaches, leaks and hacks. (Selected losses greater than 30,000 records. Constantly updated.)

 

Note that this visualization allows you to filter by organization (e.g, academic, financial, government, healthcare) and method of leak (e.g., hacked, accidentally published, poor security).

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The Hacking Article (IHE blog by Tracy Mitrano)

The Hacking Article (IHE blog by Tracy Mitrano) | Higher Education & Information Security | Scoop.it

Sometimes what is most interesting about attention to an issue is not the attention itself but what it spurs and stimulates subsequently.  That has been my experience since the NYT published the article about hacking on university networks. Discussion within Cornell and on national list services raises a number of questions and illuminates aspects of our work that may not have been present to us in such bold relief.  Here are some specifics:

A couple of CIOs and a few security specialists found “hyperbole” in the article.  I am not exactly sure what they mean by that term but here are some thoughts of my own.  This issue for colleges and universities is not new, for sure!  We have been addressing it financially, administratively, technically and collectively for at least ten years now.  Mark Luker, when Vice President at EDUCAUSE, created working groups, the SECURITY list service and Security Professionals Conference that remain living examples of that effort.  Together with Jack Suess, they also formed the Internet2/EDUCAUSE Security Task Force that provided valuable guidance and resources for colleges and universities around the country.  Moreover, that collaboration has morphed into the Cloud Alliance that supports the important work that Net+ is doing.  It just might be that some CIOs and IT Security experts who have been tending these vines for a long time now are surprised that the issue is raised as if it were new.   So granted, it is not new, but it remains important.

It is important because it touches on three larger policy issues...

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The Dangers of Unsecured USB Drives

The Dangers of Unsecured USB Drives | Higher Education & Information Security | Scoop.it

Savvy CIOs have policies in place to protect their networks against infected USB flash drives. That’s because most IT professionals know the amount of damage that can be caused by plugging in such a device.

 

For instance, Stuxnet, one of the world’s most sophisticated cyberweapons, is said to have gained access to its target system through a USB drive that someone found.

 

Yet having policies—and making sure they are followed—can be two very different things.

 

In a recent study of 300 IT professionals—many of whom are security experts—conducted at the RSA Conference 2013, 78% admitted to having plugged in a USB flash drive that they’d found lying around. To make matters worse, much of the data discovered on those drives included viruses, rootkits and bot executables.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Want Your Data Back? Pay Me

Want Your Data Back? Pay Me | Higher Education & Information Security | Scoop.it
Hmm. If the government can spy on my online life, maybe I should be able to profit.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

3 Reasons Why America's Security Model is Broken

3 Reasons Why America's Security Model is Broken | Higher Education & Information Security | Scoop.it

Securing important corporate or personal information has never been more challenging. Every day, new vulnerabilities are discovered, more breaches are reported and we all become less secure.

 

...

 

We need a new approach or paradigm shift, that is not radical, but rather one that offers the hope of changing the information security equation. This change in approach to security can be broken down into three distinct areas: embracing a different approach to legislation, focusing on nailing the basics, and establishing transparency about overall security posture. This approach will not be embraced by everyone as many have motivation and economic interests that conflict with maintaining good basic security practices. However, addressing these three areas are our best hope to changing the momentum toward improving security and privacy from our current trajectory.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Yahoo ID Recycling Plan Raises Security Concerns | 41st Parameter

Yahoo ID Recycling Plan Raises Security Concerns | 41st Parameter | Higher Education & Information Security | Scoop.it

Yahoo is taking action to clean up inactive accounts, but some fear they may be opening up a new door to clever attackers.


On July 15, any Yahoo email account or Yahoo ID that has not been logged into for more than a year will be freed up to be acquired by another user. The idea is to give Yahoo's ‘‘loyal users and new folks’‘ the chance to sign up for the Yahoo ID they want.

 

------

 

‘‘If Yahoo reuses inactive ID, the most damage will be done through the password reset feature which is implemented on many sites on the Internet,’‘ said Tommy Chin, technical support engineer at CORE Security. ‘‘To steal an account, register a yahoo account that’s inactive which is already being used as a registered e-mail address on a third party site. Then, search for a variety of popular third party website and utilize the password reset feature to send the password to a reused yahoo account.’‘

 

‘‘Accounts around the web will get owned in very little time once a script gets developed to automate this attack,’‘ he said.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from IT Security
Scoop.it!

Colleges Want BYOD to Work But Are Struggling to Keep Networks and Data Secure

Colleges Want BYOD to Work But Are Struggling to Keep Networks and Data Secure | Higher Education & Information Security | Scoop.it

An impressive 85 percent of educational institutions allow students, teachers and faculty to use personal devices on school networks. This is a huge opportunity for professors and students to engage in new learning styles — and for hackers and criminals to gain access to networks and potential sensitive data.

 

Mobile computing has created a new demand for access and bandwidth that colleges are struggling to meet. Almost no organizations can afford to supply devices quickly enough for voracious mobile consumers. As a result, students and professors have resorted to bringing their own devices on campus. When managed properly, BYOD can solve a number of problems, but when BYOD goes wrong, universities can find themselves in real trouble.

 

Bradford Networks recently released a survey of K–12 and higher education IT and network professionals, focusing on BYOD technologies and policies. The results indicate that there is great opportunity for students and professors as well as enormous risk...


Via IS Decisions
more...
IS Decisions's curator insight, June 11, 2013 4:10 AM

How to make BYOD work? Organizations need to secure their wireless networks and offer security to BYOD. Software that allows you to secure network access across all sessions types - including Wi-Fi and VPN permit an organization to control their wireless networks and offer security to BYOD.

 

Happy to say the new UserLock 7 offers Wi-Fi session control to mitigate BYOD risk and strengthen the first line of defense in a Windows Network.

Scooped by Higher Ed InfoSec Council
Scoop.it!

9 tips, tricks and must-haves for security awareness programs

9 tips, tricks and must-haves for security awareness programs | Higher Education & Information Security | Scoop.it
What are the essential ingredients for making a security awareness program successful? Check out these 9 tips from CSO contributors on how to make awareness work in your organization.
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from IT Security Unplugged
Scoop.it!

The malicious plug-in: A charger that can hack any Apple iOS device

The malicious plug-in: A charger that can hack any Apple iOS device | Higher Education & Information Security | Scoop.it
Researchers from the Georgia Institute of Technology have created a “malicious charger” able to hack any iOS device simply by plugging it in.

Via IT Security Unplugged
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

ERM: Old concept, new ideas

ERM: Old concept, new ideas | Higher Education & Information Security | Scoop.it
Enterprise risk management may be old hat, but some CSOs are using it in innovative ways. Here's how it can bring your security program into the future
more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

The Internet of Things: The Good, the Bad and the Ugly

The Internet of Things: The Good, the Bad and the Ugly | Higher Education & Information Security | Scoop.it

A few months back, the Federal Trade Commission called for public commentary on the nascent phenomenon otherwise known as the Internet of Things (IoT). The inevitable move toward a vast set of sensors, RFID chips and machine-to-machine communications (M2M) that are connected to the Internet—made possible, in part, by opening up IPv6—is fully underway and the FTC wants to know what, if anything, to do about it.

 

Last week, in anticipation of a roundtable discussion on IoT, the FTC released 27 comments, ranging from industry associations to government regulators to privacy advocacy groups to academics. Set with the knowledge that I’ll be attending said roundtable this November, I perused these comments to get a better understanding of the many benefits, concerns and possible outcomes of IoT.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

8 Tips to Enhance Your Online Privacy

8 Tips to Enhance Your Online Privacy | Higher Education & Information Security | Scoop.it

Everybody wants a measure of privacy. As some experts on the topic have pointed out, even those who declare they have "nothing to hide" generally have curtains on the windows of their homes and don't invite everybody over to have a look at their credit card statements.

...

Even nation-states are taking the Luddite approach in some cases. Just recently, it was reported that the Russian equivalent of the U.S. Secret Service is using typewriters again, to avoid generating digital copies of highly sensitive documents.

But experts say there are ways both individuals and businesses can remain in the wired world and at least make it difficult for anyone, including the government, to monitor their activities. Those who are really serious about it will have to take some time-consuming and in some cases complicated steps to do so. The following list includes some of the more common recommendations.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Insider threat: Balancing security with privacy

Insider threat: Balancing security with privacy | Higher Education & Information Security | Scoop.it

Data loss prevention (DLP) systems, encryption, internet monitoring tools and other restrictive controls are failing to deliver total security, with a growing number of data breaches linked to insiders.

 

But how can organisations increase security without affecting productivity or encroaching on employees’ right to privacy?

 

The challenge is an important one to tackle, with insider-related fraud up 43% in 2012, according to the latest report from the UK’s fraud prevention service Cifas, and 14% of all data breaches linked to insiders, according to The Verizon 2013 Data Breach Investigations Report.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Will CSOs become CROs in the future?

Will CSOs become CROs in the future? | Higher Education & Information Security | Scoop.it
Is the chief security officer title destined to evolve into one that is about more than just security?

 

Few would deny the chief security officer role has evolved quite a bit in recent years. At many large companies, the heads of both physical and information security now report in to the same person, an enterprise CSO. The pace of change for the function is accelerating along with the ever-changing nature of threats.

 

Today, many believe CSOs will morph, sooner rather than later, into chief risk officers (CROs), monitoring and mitigating enterprise risks, including those relating to information security and facilities (but excluding financial risks, which are covered by the more traditional CRO function in large companies). At a high level, the new responsibilities include understanding your company's risk profile and risk appetite and then mitigating the risks accordingly.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Lloyd's Risk Index 2013 - Cybersecurity moves from 12th to 3rd place

Lloyd's Risk Index 2013 - Cybersecurity moves from 12th to 3rd place | Higher Education & Information Security | Scoop.it

Cyber security now sits squarely towards the top of the agenda for boards around the world with cyber risk  moving from 12th to 3rd place in the index. Business leaders have woken up to the importance of cyber security following a series of high profile incidents since 2011.

 

The Lloyd’s Risk Index 2013 is based on a global survey of over 500 C-suite and board level executives conducted by Ipsos MORI for Lloyd’s during April and May 2013.

 

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

UVa Students SSN Numbers Accidentally Exposed via Mail

UVa Students SSN Numbers Accidentally Exposed via Mail | Higher Education & Information Security | Scoop.it

Around 18,700 University of Virginia (UVa) student social security numbers have been exposed by mistake due to a mailing error.

 

Aetna Student Health, the university's insurance provider, mailed open-enrolment brochures to students' homes through a third party vendor, informing them about health insurance options for the 2013-14 academic year. The students' confidential numbers appeared on the outside of the envelopes. The numbers were printed above their names on the address labels.

Higher Ed InfoSec Council's insight:

Paper-based data breaches may not occur often, but they can still happen. Security and privacy awareness campaigns should always include data protection tips for electronic and paper records.

more...
Higher Ed InfoSec Council's curator insight, July 18, 2013 11:52 AM

Paper-based data breaches may not occur often, but they can still happen. Security and privacy awareness campaigns should always include data protection tips for electronic and paper records.

Scooped by Higher Ed InfoSec Council
Scoop.it!

Universities Face a Rising Barrage of Cyberattacks

Universities Face a Rising Barrage of Cyberattacks | Higher Education & Information Security | Scoop.it
The hacking attempts, many thought to be from China, are forcing universities to spend more to prevent and detect intrusions and to constrict their culture of openness.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Missouri man sentenced for hacking university computer

A former student at the University of Central Missouri will spend three years in federal prison for taking part in a conspiracy to hack into the school's computer network.

 

The U.S. Attorney's office says 29-year-old Joseph A. Camp, of Kansas City, must also pay more than $61,000 in restitution under the sentence he received Wednesday.

 

Camp pleaded guilty in April to scheming with another student to hack the computer system at the Warrensburg school from March 2009 to March 2010.

 

The conspiracy involved downloading large amounts of data containing faculty, alumni and student information. Prosecutors said Camp and co-defendant Daniel Fowler also attempted to change grades and transferred money to their student accounts.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

5 ways to create a collaborative risk management program

5 ways to create a collaborative risk management program | Higher Education & Information Security | Scoop.it
Natalie Runyon gives advice for breaking down the security and risk silos in your organization for a more collaborative enterprise risk management approach
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

CSA and (ISC)2 Collaborate to Create New Cloud Security Certification

CSA and (ISC)2 Collaborate to Create New Cloud Security Certification | Higher Education & Information Security | Scoop.it

(ISC)2 (“ISC-squared”), the world’s largest not-for-profit information security professional body and administrators of the CISSP and the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, today announced they have signed an agreement to collaborate on a new professional certification for information security. The combined initiative will address a significant concern over the security of modern business systems by establishing a common global understanding of professional knowledge and best practices in the design, implementation and management of cloud computing systems. 


The new credential will build on existing certifications offered by both organizations, including (ISC)⊃2;’s Certified Information Systems Security Professional (CISSP) and CSA’s Certificate of Cloud Security Knowledge (CCSK), by examining the depth of technical knowledge required in architecting business systems, based on cloud computing. 

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Report: NSA PRISM program spied on Americans' emails, searches | PCWorld

Report: NSA PRISM program spied on Americans' emails, searches | PCWorld | Higher Education & Information Security | Scoop.it
The National Security Agency's PRISM program tapped directly into the servers of most of the web's largest companies, monitoring our search history, the content of emails, file transfers, and live chats, The Guardian alleges.
more...
No comment yet.