Higher Education & Information Security
5.1K views | +0 today
Follow
Higher Education & Information Security
Information Security and Cybersecurity in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

IBM's homomorphic encryption could revolutionize security

IBM's homomorphic encryption could revolutionize security | Higher Education & Information Security | Scoop.it

IBM has been granted a patent on an encryption method that, if implemented, could be revolutionary. It makes it possible to process encrypted data without having to decrypt that data first.

 

Known as "fully homomorphic encryption," this encryption method has long been something of a Holy Grail for computer scientists, and IBM in particular has been seeking this particular prize for years. The company's receipt of a patent is a strong hint it may be inching toward to a practical solution, rather than simply something that works on paper.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Digital-News on Scoop.it today
Scoop.it!

New Clef Plug-In Lets You Forget About Your Password

New Clef Plug-In Lets You Forget About Your Password | Higher Education & Information Security | Scoop.it
A new feature with the mobile app Clef allows users to forget their passwords and log into any site by pointing their mobile phones at their desktop computer. It was built by a 21-year-old who does not even work for the company.

Via Thomas Faltin
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Top 15 Indicators Of Compromise -- Dark Reading

Top 15 Indicators Of Compromise -- Dark Reading | Higher Education & Information Security | Scoop.it

Unusual account behaviors, strange network patterns, unexplained configuration changes, and odd files on systems can all point to a potential breach.

 

In the quest to detect data breaches more quickly, indicators of compromise can act as important breadcrumbs for security pros watching their IT environments. Unusual activity on the network or odd clues on systems can frequently help organizations spot attacker activity on systems more quickly so that they can either prevent an eventual breach from happening -- or at least stop it in its earliest stages. According to the experts, here are some key indicators of compromise to monitor (in no particular order)...

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Gluu Web Authentication / SSO Protocol Adoption Predictions

Gluu Web Authentication / SSO Protocol Adoption Predictions | Higher Education & Information Security | Scoop.it

Its hard to make accurate predictions about adoption for SSO protocols. Its impossible to make a detailed model when the known inputs are so vast. With that inherent disclaimer about the difficulty of forecasting, the following graph represents Gluu’s view about the likely adoption and un-adoption of three very important web authentication standards: SAML, CAS, and OAuth2 (specifically OpenID Connect).

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Governance, Risk, and Compliance: Why Now? (EDUCAUSE Review)

Governance, Risk, and Compliance: Why Now? (EDUCAUSE Review) | Higher Education & Information Security | Scoop.it

Governance, risk, and compliance (GRC) issues are increasingly pervading the IT space, with these concepts transcending silos such as central and distributed IT units, information security, and service management. As campus investment in information technology and campus reliance on information systems have grown, so has the need for reliable structures and measures to ensure success and minimize failure. GRC programs intend to do just that: they develop a framework for the leadership, organization, and operation of the institution's IT areas to ensure that those areas support and enable the institution's strategic objectives. As EDUCAUSE President and CEO Diana Oblinger notes, GRC programs are about "getting your ducks in a row." GRC programs align institutional activities with the larger institutional goals (i.e., governance) and allow the identification of challenges and opportunities (i.e., risk). When internal requirements and external mandates are lined up (i.e., compliance), institutional activities have the best chance for success—especially in stormy weather or where danger lurks.

 

This issue of EDUCAUSE Review is devoted to better understanding the role of GRC programs in higher education IT organizations.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How to create security awareness with incentives

How to create security awareness with incentives | Higher Education & Information Security | Scoop.it

One of the reasons many security awareness programs fail is that they rely on a "push" mentality, where they force employees to take awareness training and expect or, more likely, hope that employees will seek out additional training, because it is the right thing to do. While many there are programs that do this that are successful, they are relatively rare.

 

Recently, we began experimenting with helping our clients implement gamification techniques, which switches the whole awareness paradigm. Instead of employees being forced to take training or risk potential punishment, employees do the right things by default and seek out additional training, because they want to.

 

Too many people confuse the term gamification to mean that you create a game to do awareness training, and there are many companies who are developing such games. They can be useful, but much like a poster, newsletter, or phishing campaign, they are just a single component in what should be a well rounded security awareness program.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Twitter Implements Perfect Forward Secrecy in Order to Reduce Traffic Snooping

Twitter Implements Perfect Forward Secrecy in Order to Reduce Traffic Snooping | Higher Education & Information Security | Scoop.it

Twitter has implemented perfect forward secrecy on traffic to its website, in order to prevent communications from easily being captured and decrypted en masse. The new measure is one that clearly takes aim at the bulk data collection being done by the NSA.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Data Privacy Month 2014: January 28-February 28

Data Privacy Month 2014: January 28-February 28 | Higher Education & Information Security | Scoop.it

Did you know that Data Privacy Month (January 28-February 28, 2014) is just 2 months away? Use our free resources to start planning your campus activities and events.

 

Tip: Save the date for a free webinar with special guest speaker Robert Ellis Smith on January 30, 2014 (1-2 pm ET).

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Are Notice and Consent Possible with the Internet of Things?

Are Notice and Consent Possible with the Internet of Things? | Higher Education & Information Security | Scoop.it

Stakeholders met in Washington, DC, on November 19 to explore and hash out the privacy and security implications of the Internet of Things (IoT). The rapidly emerging landscape of connected sensors and embedded technology has garnered the attention of the Federal Trade Commission (FTC) of late, but the complexity of the IoT ecosystem was readily apparent during the proceedings. 

 

Called for and led by the FTC, the roundtable was broken into four main panels—the smart home, connected health and fitness, connected cars and connected privacy and security—and featured remarks from FTC Chairwoman Edith Ramirez, Commissioner Maureen Ohlhausen and Bureau of Consumer Protection Director Jessica Rich.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

3 good reasons to fix your job description now

3 good reasons to fix your job description now | Higher Education & Information Security | Scoop.it

Review can provide insights that benefit you and your security program. 

 

"Opportunities to think strategically and critically, and to take a long-term look at things both forward and back, are much rarer these days due to the constant bombardment of email, text, instant messages and phone calls.

 

One value of a job description review is that it provides a point from which to elevate oneself up to a high-level view of things, with consequent realizations and insights that can benefit you and your security program."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

People's ignorance of online privacy puts employers at risk

People's ignorance of online privacy puts employers at risk | Higher Education & Information Security | Scoop.it
People say they are responsible for their own online safety, yet do very little to protect the information they share on social media, which increases the risks to themselves and employers, a study shows.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder

Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder | Higher Education & Information Security | Scoop.it

Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

CryptoLocker Crew Ratchets Up the Ransom — Krebs on Security

CryptoLocker Crew Ratchets Up the Ransom — Krebs on Security | Higher Education & Information Security | Scoop.it

"Last week’s article about how to prevent CryptoLocker ransomware attacks generated quite a bit of feedback and lots of questions from readers. For some answers — and since the malware itself has morphed significantly in just a few day’s time — I turned to Lawrence Abrams and his online help forum BleepingComputer.com, which have been following and warning about this scourge for several months.


This message is left by CryptoLocker for victims whose antivirus software removes the file needed to pay the ransom.

To recap, CryptoLocker is a diabolical new twist on an old scam. The malware encrypts all of the most important files on a victim PC — pictures, movie and music files, documents, etc. — as well as any files on attached or networked storage media. CryptoLocker then demands payment viaBitcoin or MoneyPak and installs a countdown clock on the victim’s desktop that ticks backwards from 72 hours. Victims who pay the ransom receive a key that unlocks their encrypted files; those who let the timer expire before paying risk losing access to their files forever."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish

Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish | Higher Education & Information Security | Scoop.it
So you're traveling overseas, across borders or anywhere you're afraid your laptop or other equipment might be tampered with or examined. What's your new best friend? Glitter nail polish.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Gartner: 4 Disruptive Trends Changing the Future of IT -- Campus Technology

Gartner: 4 Disruptive Trends Changing the Future of IT -- Campus Technology | Higher Education & Information Security | Scoop.it
Gartner predicts a future full of disruptions. Will your institutional IT organization be ready to exploit the opportunities?
Higher Ed InfoSec Council's insight:

Page 3 begins to raise issues of privacy and data protection related to second disruption, Digital Business:


The digitization of the enterprise is also treading into issues of personal privacy. "You can go on Facebook and find out more about a person today than you could with months of study 40 years ago," Plummer said.


That leads to an interesting conjunction. On one hand, consumers will increasingly begin to "collect, track and barter their personal data" in exchange for cost savings, convenience and customized offerings. On the other hand, digital security of personal data is getting more difficult for organizations to guarantee.

 

In that regard, noted Plummer, Gartner predicts that by 2020 enterprises and governments will fail to protect three quarters of sensitive data and will therefore "declassify and grant broad and public access to it." While that prospect may be considered "blasphemy" in the IT world, he stated, it's backed up by current practice. IT departments are in the habit of calling much of the data under their care and management "sensitive." The reality is that "we treat all of it as sensitive because we don't have the money or time to separate it out."

more...
Higher Ed InfoSec Council's curator insight, December 20, 2013 6:36 PM

Page 3 begins to raise issues of privacy and data protection related to second disruption, Digital Business:

 

The digitization of the enterprise is also treading into issues of personal privacy. "You can go on Facebook and find out more about a person today than you could with months of study 40 years ago," Plummer said.

 

That leads to an interesting conjunction. On one hand, consumers will increasingly begin to "collect, track and barter their personal data" in exchange for cost savings, convenience and customized offerings. On the other hand, digital security of personal data is getting more difficult for organizations to guarantee.

 

In that regard, noted Plummer, Gartner predicts that by 2020 enterprises and governments will fail to protect three quarters of sensitive data and will therefore "declassify and grant broad and public access to it." While that prospect may be considered "blasphemy" in the IT world, he stated, it's backed up by current practice. IT departments are in the habit of calling much of the data under their care and management "sensitive." The reality is that "we treat all of it as sensitive because we don't have the money or time to separate it out."

Scooped by Higher Ed InfoSec Council
Scoop.it!

State of the CSO in 2013 shows an improved outlook

State of the CSO in 2013 shows an improved outlook | Higher Education & Information Security | Scoop.it

"Our exclusive research into the current condition of the CSO role
reveals big progress is being made, but the outlook is far from rosy..."

 

On paper, in many ways, the state of the CSO appears to be improving. Budgets in many enterprises appear to be headed in the right direction: up. So is staffing. CSOs are also getting to do what they've wanted to do for a decade and are spending more time with the top executives in their organizations.

 

Yet the question remains, are enterprises getting the results they need? That's tough to say. Attacks are becoming more sophisticated, which in turn requires more complex strategies for securing data. For instance, the most recent Verizon Data Breach Investigations Report found that financially motivated cybercrime and state-affiliated espionage campaigns comprise 95 percent of all attacks. And breaches remain undetected for weeks, months and even years.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

An Open Letter Urging Universities To Encourage Conversation About Online Privacy

An Open Letter Urging Universities To Encourage Conversation About Online Privacy | Higher Education & Information Security | Scoop.it

When a group of students from Iowa State University (ISU) contacted us earlier this month about forming an ISU Digital Freedom group, they were facing an unexpected problem: despite their simple goal of fostering a healthy conversation around freedom-enhancing software, the university administration denied them official recognition. The university has since granted the Digital Freedom group the green-light to meet on campus, but under unduly restrictive conditions. These students’ story is instructive to students around the country and the world who are concerned about online privacy.

 

The administration initially denied the Digital Freedom Group's proposal because it did not want ISU students either to advocate for or participate in the “secrecy network” Tor, and would not permit the student group to use any “free software designed to enable online anonymity.” The students had not proposed that a Tor node be established on campus. Rather they asked that they be able to provide a forum to “discuss, learn and practice techniques to anonymize and protect digital communication.”

 

The students were told they had to gain clearance from the Iowa State University attorneys and security clearance from the university's Chief Information Officer. They were ultimately successful, and Iowa State University is now home to its very own Digital Freedom Group.

Higher Ed InfoSec Council's insight:

Related article from Inside Higher Ed: http://www.insidehighered.com/news/2013/12/10/digital-freedom-groups-road-recognition-sparks-legal-debate-iowa-state-u

more...
Scooped by Higher Ed InfoSec Council
Scoop.it!

IT Pros Share Blame for 'Shadow IT' Problem, Survey Shows

IT Pros Share Blame for 'Shadow IT' Problem, Survey Shows | Higher Education & Information Security | Scoop.it

When end users circumvent the IT department and start using software-as-a-service (SaaS) applications without permission, the IT pros complain about the plague they call "shadow IT." But it would seem the professionals are also operating in the shadows, according to a survey out today.

 

The report entitled "The Hidden Truth behind Shadow IT," was a collaboration of consultancy Frost & Sullivan and McAfee. The survey asked 300 IT pros and 300 line-of-business employees whether they used SaaS applications in their jobs without official approval. Eighty percent admitted they did, with only 19% of the business employees and 17% of IT claiming to be innocent.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Cal Poly joins national cybersecurity educational effort

Cal Poly joins national cybersecurity educational effort | Higher Education & Information Security | Scoop.it

California Polytechnic State University has launched an educational initiative that places the school among the scores of universities starting programs to graduate cybersecurity pros.


The Cal Poly Cybersecurity Center, funded by a grant from Northrop Grumman Foundation, aims to educate "thousands of students in cybersecurity awareness and readiness." Students and faculty will collaborate in research with other academic institutions, the defense industry, private companies and government agencies and research labs.

 

In launching the center, Cal Poly joins scores of schools that have started cybersecurity programs to meet the talent needs of government and private industries. In 2012, the number of cyberattacks against U.S. critical infrastructure alone rose more than 50 percent to 198, according to the Department of Homeland Security.


more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Two-factor authentication: why Twitter and Google need to educate users

Two-factor authentication: why Twitter and Google need to educate users | Higher Education & Information Security | Scoop.it

Most social media users across the globe are not aware of two-factor authentication or how it operates, a survey reveals.

 

"Recent events can validate that online security breaches of social media accounts are becoming more frequent and extreme. In an effort to combat security threats, many internet companies such as Facebook, Google, LinkedIn and Twitter have upped the priority level to integrate a method of security to protect their users.

 

Of the solutions available, many are turning to SMS-based mobile authentication to augment their existing systems. An obvious choice, SMS-based two-factor authentication (2FA) is so appealing because of its user friendly nature, economic cost structure and security effectiveness."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Privacy
Scoop.it!

Have We Taken Exam Security Too Far?

Have We Taken Exam Security Too Far? | Higher Education & Information Security | Scoop.it

What’s the difference between a medical student and a convict? The answer: A convict doesn’t pay $50,000 a year for the privilege of being fingerprinted and patted down.

 

I am referring, of course, to the increasingly stringent security measures that have come to characterize modern educational testing. As student-evaluation techniques have migrated from face-to-face assessment to computer-based exams administered in dedicated testing centers, evaluators have become less and less likely to know examinees, leading to heightened precautions around exam security.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Overview of Bro | EDUCAUSE.edu

Overview of Bro | EDUCAUSE.edu | Higher Education & Information Security | Scoop.it

An increasing number of institutions are recognizing the need to log network data in large volume and to analyze the data efficiently to detect sophisticated network intrusion attempts affecting their network space. Bro is extremely well suited for these purposes. This new white paper from HEISC describes the basics you need to know if your institution is considering a Bro deployment.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Raising awareness quickly: What happens after a breach?

Raising awareness quickly: What happens after a breach? | Higher Education & Information Security | Scoop.it

What happens to all of the data taken during a breach? Here are some basic answers.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Information Security ECAR Research Bulletin (CDS Spotlight Series)

Information Security ECAR Research Bulletin (CDS Spotlight Series) | Higher Education & Information Security | Scoop.it

This Spotlight focuses on data from the 2012 Core Data Service (CDS) to better understand how higher education institutions approach information security activities. Information provided for this Spotlight was derived from Module 7 of CDS, which asked several questions regarding IT security. Responses from 636 institutions were analyzed. Only U.S. institutions with a designated Carnegie class (AA, BA, MA, DR) were analyzed for this bulletin.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Western Union: Their bold new approach to awareness training (and why it's working)

Western Union: Their bold new approach to awareness training (and why it's working) | Higher Education & Information Security | Scoop.it

John Schroeter recently sat down with Alex Yokley and Kim Hickman of Western Union to discuss their unorthodox approach to security training.

----------

"I've been involved with security awareness training for several years now, and I can't remember one single compliment on any of our previous courses," sighed Alex Yokley, Director of Corporate Information Security at Western Union.

 

Sound familiar? Probably so, as too many people involved in training employees on information security are singing the same song. And who can blame the bored employees? The fact is most compliance training programs are incredibly dull. User surveys consistently report that the only reason people take the courses is because they have to.

 

It turns out that employees taking required courses are just checking a box—just like the many information security people who administer the training. It seems that "checking the box" rolls downhill. The only difference is, when the course takers check the box, they also check out, forgetting what they learned only minutes after completion.

 

But Yokley, together with information security engineer Kim Hickman, decided it was time to take a different approach—a radically different approach. An approach that would mean escaping from the box of traditional, yet ineffective and uninspiring training that ultimately yields nothing but annoyance and dissatisfaction. Did their departure from the well-worn path work?

more...
No comment yet.