EDUCAUSE | Security Awareness

2013 Security Awareness Video & Poster Contest Winners Announced

Mon, 22 Apr 2013 23:45:39 +0000

Nine winners of the 5th Annual Information Security Awareness Video and Poster Contest have been selected. The winning videos and posters are now available for colleges and universities to use in campus security awareness campaigns during National Cyber Security Awareness Month in October, student orientations, and throughout the year.

Security Smackdown: End-User Awareness Programs vs. Technology Solutions

Sat, 29 Dec 2012 00:03:09 +0000

How effective is end-user security awareness education? Would it be better to allocate our scarce resources to improving our technology? Two members of the same information security team at the University of Pennsylvania will square off on opposite sides: "They'll never learn and they shouldn't have to!" versus "We're only as strong as our weakest user!" In a point-counterpoint format, we will consider various types of end-user awareness tools (blogs, videos, etc.) and the sorts of problems they aim to solve. We'll debate whether we are effectively reaching our end users and if technological alternatives are within our reach that can accomplish similar ends.

Data Custodians, It's 11 p.m.: Do You Know Where Your Confidential Data Is?

Mon, 26 Nov 2012 20:02:21 +0000

Many campuses find that the proliferation and continued storage of confidential data on desktop and laptop computers to be one of their top security risks. In combination with policy and awareness programs, data loss prevention products can be used to proactively identify and directly notify end users of these sources of risk for proper remediation. Our panelists will share their experiences working with academic, administrative, and governance units to protect data—legally, ethically, and technically. Bring your experience and questions to this important session.

Advice from Lance Spitzner on Information Security Careers

Mon, 29 Oct 2012 19:46:59 +0000

I often get requests asking how to get started in information security. I can't blame people, it is an extremely exciting field. What I like most about it is that everything is so new; often there are no rules on how to do things. You make the rules up as you go along, almost like blazing a path in the wild jungle just as the explorers did hundreds of years ago.

Here are some suggestions on how to get started based on my experience. I feel these work regardless if you are an existing IT person or coming from a different field. Personally, my background was a History major that spent four years in the Army driving around in tanks, so if you have the passion anyone can get started in this field.

Advice from Lance Spitzner on Cybersecurity Careers

Mon, 29 Oct 2012 19:45:51 +0000

The Law of Scheduling (or The 5% Rule)

Mon, 22 Oct 2012 16:08:49 +0000

There are two ways to deliver security awareness training: Scheduled or On Demand. Scheduled is what you think of for traditional training. A specific time and specific place are set for people to attend the training, such as an onsite presentation or a scheduled webcast. On Demand is training that allows people to take it when they want to, such as with Computer Based Training (CBT).

Security and Privacy Sessions at EDUCAUSE 2012

Tue, 16 Oct 2012 19:47:48 +0000

The annual EDUCAUSE Conference (November 6-9) offers a variety of security and privacy-related sessions. Whether you plan to join us in Denver or participate online, we encourage you to attend as many of these presentations as possible. Also remember to mark your calendar for the upcoming Security Professionals Conference, which will be held April 15-17, 2013 in St. Louis, Missouri, and Online. A Call for Proposals is currently out, with a November 13, 2012 deadline.

Tuesday, November 6, 2012

Preconference Seminars (separate registration required)

The Real Reason the Human is the Weakest Link

Mon, 15 Oct 2012 14:35:29 +0000

Computers and mobile devices store, process, and transfer highly valuable information. As a result, your organization most likely invests a great deal of resources to protect them. Protect the end point and you protect the information. Humans also store, process, and transfer information. Employees are in many ways another operating system -- the HumanOS. Yet if you compare how much organizations invest in securing people compared to computers and mobile devices, you would be stunned at the difference. Let's take a look. Organizations typically invest the following in protecting an end device, including:

UploadsAttachments:

ncsam-sans-blog-sm.jpg

Security Awareness and Communication in the C-Suite

Thu, 04 Oct 2012 15:52:43 +0000

Drawing on more than 30 years of global experience, Dave Cullinane will share challenges that CISOs face while in the C-suite. This session will focus on how to advance executive understanding and awareness of recent challenges such as cloud security, privacy, compliance, BYOD, enterprise risk management, and other issues currently faced by campuses.

This webinar is part of National Cyber Security Awareness Month. Find out how you can participate in activities like this one throughout the month. Learn more >>

Free SANS Securing the Human Videos in October for NCSAM

Tue, 02 Oct 2012 16:18:27 +0000

In support of National Cyber Security Awareness Month, SANS is offering two free Securing The Human videos during the month of October. The first video on E-mail and Phishing is available through October 14. Another video will be offered starting on October 15. Please feel free to share this link.

The SANS Securing The Human program is a modular security awareness training program used by many colleges and universities.

National Cyber Security Awareness Month 2012 is HERE!

Mon, 01 Oct 2012 18:52:25 +0000

It’s that time of year again! October is National Cyber Security Awareness Month.

Help us raise awareness with your faculty, staff, and students this October by promoting National Cyber Security Awareness Month (NCSAM).

We will start the month off with an EDUCAUSE Live! webinar on October 4 (1-2 pm EDT). Register here and join Dave Cullinane, Chief Information Security Officer at eBay (retired) and Co-Founder of the Cloud Security Alliance, as he discusses “Security Awareness and Communication in the C-Suite.”

If you plan on holding an event in October, please share your plans and any applicable URL’s with this group or send an e-mail to security-council@educause.edu so your institution's activities can be included with our list of 2012 campus events.

Security Awareness on Social Media

Mon, 01 Oct 2012 14:23:38 +0000

Social media is one of the fastest growing areas of online activity, and one of the fastest growing areas for malicious cyber activity. Even if your organization blocks access to social media sites, there are a tremendous number of risks you have to make your faculty, staff and students aware of. Here are some of the key points we recommend in any awareness program concerning social media sites.

Guest Blogger for National Cyber Security Awareness Month

Tue, 18 Sep 2012 20:01:22 +0000

Lance Spitzner (Training Director, SANS Securing The Human Program) will be guest blogging for EDUCAUSE during National Cyber Security Awareness Month (NCSAM) this October.

Read more about security awareness, security metrics, and communication skills on Lance's Securing the Human blog.

National Cyber Security Awareness Month

Fri, 17 Aug 2012 21:35:40 +0000

National Cyber Security Awareness Month, held each October, is the perfect time to raise awareness among students, faculty, staff, and administrators about ways they can be safer and more secure online. No one person, company, or agency is responsible for the security of the Internet; everyone must do his or her part. Cybersecurity is our shared responsibility.

Prepare for National Cyber Security Awareness Month

Wed, 08 Aug 2012 20:00:04 +0000

Two Easy Ways to Increase Awareness

October is National Cyber Security Awareness Month (NCSAM). Below are two easy ways to increase information security awareness on your campus.

UploadsAttachments:

HEISC_FaceBookBanner2.jpg

twitterBG.jpg

NCSAM logo.jpg

Podcast: Larry Conrad on IT Security Then and Now

Tue, 17 Jul 2012 21:18:36 +0000

Larry D. Conrad serves as the vice chancellor for information technology and chief information officer at UNC Chapel Hill. He has over 40 years experience in the field of information technology with a diverse background in both university and corporate settings. In this conversation, Larry discusses IT security then and now.

Music: "New Pop Wave" by sebastian6

EDUCAUSE Podcast Sponsor

Software-as-a-Service Email Security: Risk vs. Trust

Tue, 29 May 2012 15:00:59 +0000

Many organizations would be interested in treating e-mail as a commodity—cutting costs and resource investments by outsourcing it to a software as a service (SaaS) provider. However, e-mail is a primary enterprise communication channel and often contains sensitive, proprietary content that needs to be protected. A significant amount of an enterprise's intellectual property is likely to be in the e-mail system's databases. Therefore, outsourcing e-mail to a third party raises important concerns about security and the risks associated with such an arrangement. This assessment provides enterprises with a framework to address these issues.

Citation for this Work: Gartner, Inc., Software-as-a-Service Email Security: Risk vs. Trust, by Bill Pray, Dan Blum, 27 March 2012.

ECAR Subscribers — You must be logged in to the EDUCAUSE website to access Gartner resources.

Access to the report expires on May 9, 2013.

Lapse in Cybersecurity Awareness Leads to Mistaken Plagiarism Charge

Wed, 09 May 2012 18:55:18 +0000

Cybersecurity awareness rarely receives the attention from higher education needed to institute appropriate training and prevent security lapses, including those afflicting student works.
University administration is responsible for ensuring that correct policies and procedures are in place, including information assurance awareness and periodic compliance training for everyone associated with the academic network.
Four lessons learned in this case of a mistaken plagiarism charge can help others on campus, especially students, apply the security steps that will prevent confusion in ownership of data.

House Homeland Security Subcmte. Hearing on Cyber Attacks

Tue, 24 Apr 2012 21:07:50 +0000

The Subcommittee on Oversight, Investigations, and Management of the House Homeland Security Committee held a hearing this afternoon entitled "America is Under Cyber Attack: Why Urgent Action is Needed" to highlight the extent of existing cyber threats to the nation and their impact, as well as the dangers of such threats expanding dramatically without a coherent national strategy. (Note that the hyperlink in the hearing title provides access to the archived video of the hearing as well as the written testimony of the witnesses and the opening statement of the subcommittee chair.)

Lions and Tigers and Mobile Devices: Removing the Fear Factor from Securing Smart Devices

Tue, 31 Jan 2012 20:17:39 +0000

The dramatic increase of smart devices across campus has presented security professionals with some interesting opportunities and challenges. Two Texas state institutions will review where they are in this process and share experiences such as building mobile device security awareness into the training program and managing technology implementation options. This session will offer ideas, security awareness content, an implementation checklist, and sample policy statements for those campuses just embarking on developing and implementing a smart device security strategy.

Lions and Tigers and Mobile Devices: Removing the Fear Factor from Securing Smart Devices

Tue, 31 Jan 2012 16:48:36 +0000

Tweet your thoughts and reflections using this unique session hashtag: #MobileLions

Capture the Flag as a Tool for Training and Teaching

Mon, 30 Jan 2012 15:48:15 +0000

Augmenting classroom-based technical security training with hands-on capture the flag (CTF) environments enables participants to develop information security skills and to put theoretical knowledge to use in a controlled, purpose-built environment. Learning-by-doing, also known as experiential learning, is proven to be a very effective method to train technically inclined staff members, as concepts are put into practice immediately and consequences are demonstrated clearly. This presentation will provide an overview of using CTF as a teaching tool and show how system administrators and software developers alike have taken an immediate liking to it.

Phishing Ourselves to Raise Awareness

Mon, 30 Jan 2012 15:48:12 +0000

Emory University and Healthcare changed phishing awareness approaches in 2010 from using traditional e-mail and web-based awareness messages to employing a third-party service to send phishing e-mails to everyone on campus. We've tracked the results of these efforts both over time and between a number of different demographic variables. We'll discuss notable trends and what level of value we feel we obtained from this approach. We'll also cover the technical and nontechnical challenges we encountered and how we addressed them.

Seminar 02Z - Engage! Creating a Meaningful Security Awareness Program
PLEASE NOTE: Separate registration and fee are required to attend this seminar.

Mon, 23 Jan 2012 23:19:08 +0000
This session will help attendees identify available resources and tools and determine the steps needed to create an engaging security awareness program. We'll share how to integrate social media, video, and other resources in an effort to reach a variety of audiences. We'll also discuss how to leverage security incidents to create opportunities for engagement with your community. We'll conclude the session by helping you plan a series of targeted activities for a high-profile event such as the National Cyber Security Awareness Month (October).
read more

HEISC Town Hall Webinar: 2012-2013 Strategic Plan

Thu, 12 Jan 2012 16:37:39 +0000

In this webinar, the Higher Education Information Security Council (HEISC) discussed the following topics;

Information security changes in the past 10 years

Ongoing challenges for security practitioners

HEISC strategic plan (2012-2013)

Vision

Mission

Goals & objectives

HEISC working group updates

What can you do?
read more

EDUCAUSE | Security Awareness

2013 Security Awareness Video & Poster Contest Winners Announced

Security Smackdown: End-User Awareness Programs vs. Technology Solutions

Data Custodians, It's 11 p.m.: Do You Know Where Your Confidential Data Is?

Advice from Lance Spitzner on Information Security Careers

Advice from Lance Spitzner on Cybersecurity Careers

The Law of Scheduling (or The 5% Rule)

Security and Privacy Sessions at EDUCAUSE 2012

Tuesday, November 6, 2012

The Real Reason the Human is the Weakest Link

Security Awareness and Communication in the C-Suite

Free SANS Securing the Human Videos in October for NCSAM

National Cyber Security Awareness Month 2012 is HERE!

Security Awareness on Social Media

Guest Blogger for National Cyber Security Awareness Month

National Cyber Security Awareness Month

Prepare for National Cyber Security Awareness Month

Two Easy Ways to Increase Awareness

Podcast: Larry Conrad on IT Security Then and Now

Software-as-a-Service Email Security: Risk vs. Trust

Lapse in Cybersecurity Awareness Leads to Mistaken Plagiarism Charge

House Homeland Security Subcmte. Hearing on Cyber Attacks

Lions and Tigers and Mobile Devices: Removing the Fear Factor from Securing Smart Devices

Lions and Tigers and Mobile Devices: Removing the Fear Factor from Securing Smart Devices

Capture the Flag as a Tool for Training and Teaching

Phishing Ourselves to Raise Awareness

Seminar 02Z - Engage! Creating a Meaningful Security Awareness ProgramPLEASE NOTE: Separate registration and fee are required to attend this seminar.

HEISC Town Hall Webinar: 2012-2013 Strategic Plan

Seminar 02Z - Engage! Creating a Meaningful Security Awareness Program
PLEASE NOTE: Separate registration and fee are required to attend this seminar.