EDUCAUSE | Mobile Security

Executive Summary: BYOD and Consumerization of IT in Higher Education Research, 2013

Thu, 07 Mar 2013 21:05:06 +0000

"What excites IT leaders in higher education most about BYOE are opportunities to diversify and expand the teaching and learning environment, while the greatest challenges are issues that pertain to faculty and staff use of their own devices for work-related purposes."

Privacy, Security, and Compliance: Strange Bedfellows, or a Marriage Made in Heaven?

Fri, 04 Jan 2013 18:00:24 +0000

The authors examine several campus issues lying at the intersection of privacy, security, and compliance and provide insight for institutional leaders planning strategic directions.

January 2013 is Data Privacy Month! Free Webinars and Easy Ways to Increase Awareness

Fri, 21 Dec 2012 19:05:38 +0000

Data Privacy Month is an annual effort to empower people to protect their privacy and control their digital footprint, as well as escalate the protection of privacy and data as everyone's priority. Spend the month helping to ensure your campus community is respecting privacy, safeguarding data, and enabling trust. This year’s Data Privacy Month Planning Task Force has selected weekly themes for the higher education community to focus on. Several free webinars will also be offered throughout the month of January.

UploadsAttachments:

PrivacyTower2.jpg

PrivacyHero2.jpg

Sensitive Regulated Data: Permitted and Restricted Uses

Tue, 07 Aug 2012 21:18:50 +0000

The University of Michigan engages in research, teaching, clinical, and business activities that encompass a variety of sensitive regulated data. This standard defines permitted and restricted uses of such university-owned data, including the IT environments in which these data are maintained by university faculty and staff.

AT&T Splits Phones into Work and Personal Partitions, on any Carrier

Tue, 07 Aug 2012 20:53:13 +0000

AT&T says it has the answer for corporations that want to let employees access work applications from personal phones without becoming a security threat. A new virtualization-style technology that works on both Android and iPhones creates a work container that is isolated from an employee's personal applications and data, letting IT shops manage just the portion of the phone related to work.

7 Ways BYOD Could Get You Sued

Tue, 07 Aug 2012 20:27:47 +0000

The author, Sam Narisi, discusses some of the biggest legal issues to consider when coming up with a BYOD policy and strategy.

Can Big Data Help Universities Tackle Security, BYOD?

Tue, 07 Aug 2012 19:35:10 +0000

Universities have some of the most complex IT infrastructures around, and BYOD is a reality they can't escape. Chief Security Officers at universities are increasingly turning to Big Data analytics technologies to mine the data in their logs and improve their security footing.

For BYOD Best Practices, Secure Data, Not Devices

Mon, 23 Jul 2012 15:41:00 +0000

Author, Thor Olavsrud, writes for CIO Magazine that "IT organizations are justifiably concerned about the security risks inherent in bringing your own device (BYOD). Many are turning to mobile device management (MDM) products and services to address the problem. But a number of mobile security vendors believe organizations are focusing the device when they should be focusing on the data."

Podcast: Tom Zeller on Dramatic Changes in Higher Ed IT

Wed, 11 Jul 2012 16:24:29 +0000

Tom Zeller has over 30 years of higher education IT experience. His current role as Senior Technology Analyst in the Applied Technology Laboratory at Indiana University involves projects in emerging technologies. In this conversation, Zeller discusses the changes he is seeing in higher education IT, the consumerization of IT, and IU's approach to security around mobile devices.

Music: "New Pop Wave" by sebastian6

EDUCAUSE Podcast Sponsor

Security Professionals Conference 2012 Recap

Thu, 07 Jun 2012 21:47:49 +0000

Security and IT professionals from the higher education community gathered to celebrate the 10th anniversary of the Security Professionals Conference in Indianapolis, May 15-17, 2012. This year's face-to-face event had a record-breaking 438 attendees (an increase of almost 100 participants from the 2011 conference in San Antonio). The online security conference, offered for the second year in a row, was a great success with over 100 registered attendees (estimated exposure to the full online event was approximately 250 participants).

Rolling Out a BYOD (Bring Your Own Device) Program

Tue, 29 May 2012 18:32:24 +0000

Use of personally owned devices continues to grow on campuses. If we don’t support these devices, community members will find their own way to support them, which could put our networks and information at risk. A “bring your own device” program is about supporting your community in the ways they want to work, teach, and learn by allowing them to use the most appropriate tool for the job, while on the IT side, we keep acquisition and support costs, information privacy, and security—including network security—in check. This session will offer ideas, sample policy statements and guidelines, and lessons learned for campuses interested in implementing a BYOD strategy for mobile devices.

NOTE: We experienced an Adobe Connect failure at 1:40 p.m. ET. on June 5th. This webinar was held again on Thursday, June 14 at 1 p.m. The first speaker, Carol Kondrach, gave a five-minute recap, and the second speaker, Steve deFilipio, gave his full presentation

Multiple Devices and Platforms: Institutional Strategies

Fri, 18 May 2012 14:55:55 +0000

This CNI’s Executive Roundtable on multiple devices and platforms discussed institutional strategies concerning BYOD. Faculty, staff, and students in our institutions continue to use laptops and desktop computers but now also bring a variety of mobile devices – notably smartphones and tablets – to campus. They have increasing expectations for the seamless use of a variety of devices to access all types of content and services. With the growing popularity of platform-specific apps and proprietary formats for some types of information resources, we may be moving away, at least temporarily, from the gains achieved by the focus on interoperability that marked the earlier years of the development of networked information. Teams from 11 higher education institutions described their experiences, concerns, strategies, and future plans on these issues.

Cybercrime Threats: How Criminals Bypass Security Measures to Steal Your Sensitive Data and Money and Ruin Your Reputation

Fri, 02 Mar 2012 20:54:18 +0000

Data breaches and credential/PII theft incidents are becoming more prevalent, and recent red flag rules require heightened data security procedures. Meanwhile, BYOD, social media proliferation, and a growing reliance on cloud and SaaS applications only increase the chance that your users' devices will be compromised. Cybercriminals have created malicious software specifically designed to bypass your existing security controls and network and application protection measures by infecting end-user devices directly. This malware evades standard antivirus and antimalware solutions. We'll describe these cybercrime techniques, review lessons learned from recent incidents, and present possible solutions.

Field Research: Mobility in the Age of Consumerization

Mon, 13 Feb 2012 23:06:53 +0000

This 31-page report analyzes the results of a recent Gartner research study performed between August and October of 2011. The study focused on enterprise mobility and was designed to generate qualitative data using in-depth conversations and qualitative analysis. Trends, observations, and recommendations are the core of this research. The report includes recommendations that are appropriate to colleges and universities today.

Citation for this Work: Gartner, Inc., Field Research: Mobility in the Age of Consumerization, by Michael Disabato, 22 January 2012.

EDUCAUSE Center for Applied Research (ECAR) higher education subscribers have access to specialized research reports from Gartner, a leading independent research and advisory company, at no additional charge. Learn more about ECAR at http://www.educause.edu/ecar.

ECAR Subscribers ? You must be logged in to the EDUCAUSE website to access Gartner resources.

Access to the report expires on February 10, 2013.

Lions and Tigers and Mobile Devices: Removing the Fear Factor from Securing Smart Devices

Tue, 31 Jan 2012 20:17:39 +0000

The dramatic increase of smart devices across campus has presented security professionals with some interesting opportunities and challenges. Two Texas state institutions will review where they are in this process and share experiences such as building mobile device security awareness into the training program and managing technology implementation options. This session will offer ideas, security awareness content, an implementation checklist, and sample policy statements for those campuses just embarking on developing and implementing a smart device security strategy.

Lions and Tigers and Mobile Devices: Removing the Fear Factor from Securing Smart Devices

Tue, 31 Jan 2012 16:48:36 +0000

Tweet your thoughts and reflections using this unique session hashtag: #MobileLions

Tools, Techniques, and Practices: Lightning Round

Mon, 30 Jan 2012 15:48:51 +0000

Discover the tools, techniques, and practices that are already working in higher education and how you can adapt these at your institutions.

Georgia Tech—Fighting Backlinks: Identifying and Mitigating Unauthorized Ads on Your Webserver
University at Albany–SUNY—Netflow-Indexer: Indexing Your Existing Netflow Data for Lightning Fast Searches
Drexel University—Security Issues Related to Smart Phone Applications
Indiana University—InCommon Silver Compliance Validation Developed by the Big 10 IT Auditors

Mobile and Cloud Security: Practical Applications of the Information Security Guide

Mon, 30 Jan 2012 15:48:25 +0000

As a security professional, have you been asked to evaluate or provide input on security for cloud computing or mobile technologies when neither is really your area of expertise? Don't panic! Use the Information Security Guide, sponsored by the EDUCAUSE/Internet2 Higher Education Information Security Council. We'll discuss practical security considerations for cloud computing and mobile devices. All references are from the Information Security Guide.

Mobile and Cloud Security: Practical Applications of the Information Security Guide

Wed, 25 Jan 2012 22:18:42 +0000

Have you been asked to evaluate or provide input on security for cloud computing or mobile technologies, but neither of these is really your area of expertise? Don't panic! Use the Information Security Guide, sponsored by the EDUCAUSE/Internet2 Higher Education Information Security Council. We'll discuss practical security considerations for cloud computing and mobile devices. All references are from the Information Security Guide.

Podcast: Jodi Ito on the Information Security Program at the University of Hawaii

Fri, 20 Jan 2012 20:32:23 +0000

Jodi Ito is the Information Security Officer at the University of Hawaii. She is responsible for the development and implementation of the university's new information security program, investigations and analyses of cyber incidents and attacks, coordination of any remediation and response efforts including coordination with any law enforcement agencies, awareness and training of information security issues and enforcing university policy with respect to the university's technology resources.

Music by Jane Aubourg

Higher Education Information Security Council Releases 2012-13 Strategic Plan

Wed, 04 Jan 2012 23:18:08 +0000

The Higher Education Information Security Council 2012-13 Strategic Plan is now available online. This strategic plan is intended to set forth a vision for the higher education information security community and provide a concise roadmap to guide the efforts of the HEISC in 2012 and 2013. If you missed the Town Hall webinar on January 9, where we discussed the council's vision, mission, goals, objectives, and current working group activities, an archived recording is now available.

2012 Planning Guide: Identity and Privacy

Fri, 09 Dec 2011 22:25:35 +0000

After two years of rapid and disruptive change in the identity market, 2012 promises even more of the same. Intensifying policy battles, increased levels of fraud and privacy intrusion, continuing adoption of cloud services, explosive adoption of mobile devices, and architectural innovations in the market will drive an accelerating evolution of privacy architectures and services this year.

Citation for this Work: Gartner, Inc., 2012 Planning Guide: Identity and Privacy, by Bob Blakley, 1 November 2011.

ECAR Subscribers ? You must be logged in to the EDUCAUSE website to access Gartner resources.

HEISC Town Hall Webinar (1/9/12 archived recording available)

Thu, 08 Dec 2011 20:43:39 +0000

Now available: A recording of the Higher Education Information Security Council (HEISC) Town Hall webinar held on January 9, 2012. Council co-chair Larry Conrad presented the 2012-2013 HEISC strategic plan to the higher ed community. Participants had a chance to share feedback regarding the goals and objectives. Access the recording or download the presentation slides.

UploadsAttachments:

HEISC Town Hall Jan2012 slides.pdf

January is Data Privacy Month: Free Webinars and Easy Ways to Increase Awareness

Wed, 07 Dec 2011 15:37:27 +0000

You know the importance of protecting personal identities and the effects social media can have on privacy, but does everyone on your campus? During the month of January, EDUCAUSE is expanding on Data Privacy Day to provide an entire month’s worth of activities and resources to help raise data privacy awareness. You can participate by attending the upcoming webinars and creating a plan to increase awareness on your campus with the easy-to-implement suggestions listed below. You can also visit the EDUCAUSE Data Privacy Month page for additional resources and information or read more about the history of Data Privacy Day.

January 2012 Webinars

EDUCAUSE hosted several webinars on data privacy throughout the month of January:

UploadsAttachments:

dataPrivacyMonth.png

January is Data Privacy Month: Free Webinars and Easy Ways to Increase Awareness

Wed, 07 Dec 2011 14:19:24 +0000

January 2012 Webinars

EDUCAUSE hosted several webinars on data privacy throughout the month of January:

UploadsAttachments:

DataPrivacyMonth.png