Main Nav

Participate in this Group

Search This Group

August 19, 2013 | Alex Everett

At Chapel Hill, we recently opened three new positions for the Information Security Office.
For two of the positions, we are looking for someone with experience managing firewalls.
To find out more, there is a search at
or one can go directly to the job descriptions at:


Alex Everett, CISSP, CCNA
University of North Carolina
Chapel Hill, NC
August 19, 2013 | Listserv Anonymous User
Message from

Apologies for cross-postings.

Please send it to interested colleagues and students. Thanks!


World Congress on Internet Security (WorldCIS-2013)
Technically Co-Sponsored by IEEE UK/RI Computer Chapter
December 9-12, 2013
Venue: Thistle Hotel London Heathrow

The World Congress on Internet Security (WorldCIS-2013)
is Technically Co-Sponsored by IEEE UK/RI Computer Chapter.
The WorldCIS-2013 is an international forum dedicated to the
advancement of the theory and practical implementation of security
on the Internet and Computer Networks....
August 16, 2013 | Kevin Shalla

We’re in the midst of changing the process for assigning new netIDs, and one consideration is the length of usernames allowed in various systems. We’ve currently got a maximum length of 8, and given that our plan is to never reuse netIDs, that maximum causes challenges to maintaining uniqueness and having reasonable netIDs without embedded numerals. We’re considering increasing that to 24 characters.


What maximum length do you have for netIDs?


What is the maximum username length supported in most systems? Some cursory web searches gave me these numbers:

Windows 256

Linux 32

Oracle 30

MySQL 16

SQL Server 128


Kevin Shalla

August 14, 2013 | Valerie M. Vogel
Dear Security Discussion Group members, This year is the 10th anniversary of National Cyber Security Awareness Month (NCSAM). We are encouraging every institution to become a NCSAM champion. It's free and easy to sign up! As a champion, you may choose to provide your institution's logo, which will be featured on the National Cyber Security Alliance (NCSA) website: Let's have a strong showing of support from the higher education community as we celebrate a decade of NCSAM! Thank you, Valerie Valerie Vogel Program Manager EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374...
August 2, 2013 | Peter Setlak

I'm looking for a decent training course in crisis & incident management. It is an area I feel I am still weak in and would like to improve. Can anyone send me a recommendation?

Thank you,

Peter J. Setlak
Managing Director, Networks, Systems & Operations
Network Security Analyst, GSEC, GLEG
Colgate University
(315) 228-7151
Case-Geyer 180H (NSO Suite)
skype: petersetlak

Think Green! Please consider the environment before printing this email.

Engage with Colgate University: 
July 31, 2013 | Dennis Self
We are considering EventTracker for log analysis.  I would like to hear about your experiences with the product, please.  We are considering the Security Center version.  Any helpful feedback is appreciated.

Dennis Self, CISSP
Director, IT Security & Compliance
Technology Services
Samford University
(205) 726-2692
July 30, 2013 | Kevin Halgren
I was just reviewing material on the PCI Security Standards website and noticed they finally have something in the Point-to-Point Encryption Validated solutions section. I've only given it a cursory review and there are a lot of caveats yet. Unfortunately the solutions seem to be oriented toward non-US chip-and-pin card systems, but it's something and shows they are making progress, however slowly. More here: Kevin -- Kevin Halgren Assistant Director - Systems and Network Services Washburn University (785) 670-2341
July 27, 2013 | Gary Warner
I've had a few conversations lately regarding phishing sites against US-based universities that have been attacked using a very similar technique. This week we learned of a new set of phishing sites that make it even more evident that these sites may all be conclusively linked. If you are aware of a recent "university-as-victim" phishing attack, would you please reach out to me off-list? We are trying to determine how many of these cases are DEFINITELY the same bad guy and how many are merely similar. These seemed, at face value, to be similar . . . each has a similarly structured email. In fact, I found these by doing a google search phrase match of this phrase: "This is an automated message to notify you that we detected a login attempt" Each of these is a University web page warning it's users about a phish: University of Minnesota -...
July 26, 2013 | Andrea Di Fabio
One of our university units is building a lab which will be used as a dedicated testing center, possibly offering Pearson VUE, Prometric and other exam delivery vehicles. Can someone suggest a turnkey video surveillance system that they are using and are happy with? Thanks. The information in this email and any attachments is covered under the Freedom of Information Act (FOIA) and may be partially or fully disclosed.
July 24, 2013 | Gary Flynn
Anyone have a solution for Sharepoint they like? 

Gary Flynn
Security Engineer
James Madison University
July 24, 2013 | Jodi-Ann Ito
October is National Cyber Security Awareness Month (NCSAM) and is coming up quickly!

Please let us know if your campus is planning any events or activities in October. We are creating a list of 2013 campus events and we'd like to include as many of your institutions as possible:

Feel free to share the URL or your NCSAM plans with this list, or send an e-mail directly to<>

The Higher Education Information Security Council (HEISC) has also compiled a number of FREE educational materials that can be adapted for use at your institution: ...
July 18, 2013 | Charles Scott
We have published these international travel guidelines: Some departments do have managed loaner devices for faculty to take abroad, which is what we strongly recommend. Thanks, Charlie
July 17, 2013 | Glenn Thorpe
Anyone else get hit by this attack this morning?  We got it pretty good…

At the time we started seeing it it wasn't being detected, but now the AV's are catching up.

Asst. Director, Information Security
University of North Texas System
T: 940.369.8884

July 17, 2013 | Theresa Rowe
Educause's Rodney Petersen is quoted in the article.

Universities Face a Rising Barrage of Cyberattacks

The hacking attempts, many thought to be from China, are forcing universities to spend more to prevent and detect intrusions and to constrict their culture of openness.

Theresa Rowe
Chief Information Officer
Oakland University
July 16, 2013 | Kevin Wilcox
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 16, 2013 at 04:51:24PM +0000, Kain, Jennifer wrote: > We have identified employee training and awareness as one of the areas we > want to improve on, particularly around privacy and security of personal > information (which is governed by privacy laws here in Vancouver, BC). > > We have decided to do some sort of Poster & Sticker Campaign to help raise > awareness and I was wondering if anyone had done something similar and > wouldn't mind sharing what worked, what didn't, lessons learned, etc. Jennifer - We haven't done one (yet - it's in the works). A resource we're going to use heavily is the National Cyber Security Awareness Month Resource Kit:
July 5, 2013 | Cathy Hubbs
American University is moving to require passphrases, 16 character minimum, with upper and lower case requirement for standard users (staff, students, and faculty).

I would love to hear from anyone that has gone down this path and experiences from their customers.



Chief Information Security Officer
Office of Information Technology
American University

July 5, 2013 | Chris Green



You probably are looking for the EDUCAUSE IDM mailing list where those folks tend to hang out more.  There’s some cross pollinations but you the deeper “I made it work!” conversations are there.


June 19, 2013 | Cheryl O'Dell



We use Touchnet hosting services and have limited our PCI scope.  We’ve had no problems.  We’ve been using it for several years.  If you need further info from me – contact me directly.






Cheryl O’Dell, CISSP

Emporia State University

Information Technology

Director, Information Security and Compliance

1200 Commercial, Campus Box 4018, Emporia, Kansas 66801    620-341-5969



June 18, 2013 | Listserv Anonymous User
Message from

We do have a document specifically for that purpose. Contact me offline and I'll get you a copy of it. There's nothing sensitive about the document, I just don't have an electronic copy. (There are only 2 people with that level of authority at our University.)

Drew Perry
Security Analyst
Murray State University
(270) 809-4414

***MSU Information Systems staff will never ask for your password or other confidential information via email.***

June 7, 2013 | Kevin Halgren
For those of you already using Google or Microsoft cloud e-mail solutions, I'll be curious to hear the reactions on your campuses to this news. I believe the tech companies are telling the truth when they say they don't provide direct backdoor access into their systems and that the PRISM presentation may overstate the cooperation and capabilities of the system, however that doesn't preclude the government from abusing existing systems and capabilities e.g. those under CALEA lawful intercept capabilities. Kevin -- Kevin Halgren Assistant Director - Systems and Network Services Washburn University (785) 670-2341
November 1, 2013 | Allan Nelson



My institution is currently reviewing its firewall strategy with the aim of upgrading/replacing our current firewall infrastructure.   We are currently a Checkpoint shop, with devices providing both Advanced Networking and firewalling (UTM) capabilities.  We recently met with reps from Palo Alto and Fortinet and on the surface they both seem to provide viable, possibly even cheaper alternatives.   I just wanted to hear from the group of any experiences with Palo Alto and/or Fortinet to help us in our decision making.   We currently have a combination of CP 9075s, 5075s and 576s deployed at our main and satellite campuses.




Allan Nelson

Manager, Security and Governance


September 30, 2013 | Chirstopher Bohlk

Hi All,


I was wondering what secure web gateway solutions universities are using to help mitigate/block web sites that contain malware?


What solution do you use and what has been your experience?  Has this substantially reduced the amount of computers infected with malware associated with web browsing? 





Chris Bohlk, CISSP, C|EH

Pace University

Information Security Officer

Information Technology Services (ITS)

235 Elm Road, West Hall 212A

Briarcliff Manor, NY 10510

(914)923-2649  Office


August 30, 2013 | Robert Bayn
My overnight collection of new phishing links has put jimdo(.)com well ahead of webs(.)com as the host of choice for phish links today.  Here's my overnight list:




I have reported all of them to their respective services.  Webs(.)com is getting real good about acting on abuse reports quickly - often within a few minutes.

Our whole list of known...
August 22, 2013 | Andrea Di Fabio

I apologize for cross posting, but in the interest of information sharing and to ensure the safety of those who may be affected, we though it prudent to send this.


We received a call from our one of our professors earlier today.  She detailed how she received an email inviting her to speak at a conference in China.  She checked the site that accompanied the message and found that she knew several of the speakers listed.  The site looks like any other conference web site.  It is detailed and organized with care.  The email was well written, both professionally and grammatically. 


She went ahead and approached her department and received approval to be sponsored for the trip. She contacted “emma at wcmfcon . com” and was scheduled for a session.  During the process of getting...

August 19, 2013 | Carlos S. Lobato

Hello All,


Here at New Mexico State University we are thinking in evaluating IdentityFinder, but we would like to hear from those of you who are using another similar tool.


If you are using a tool similar to IdentityFinder please let us know the name of the tool, how long you have had it and if you are satisfied.


Thanks in advance,


Carlos S. Lobato, CISA, CIA <?xml:namespace prefix = "o" ns = "urn:schemas-microsoft-com:office:office" />

IT Compliance Officer


New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003-8001

July 31, 2013 | Dennis Self
We are considering EventTracker for log analysis.  I would like to hear about your experiences with the product, please.  We are considering the Security Center version.  Any helpful feedback is appreciated.

Dennis Self, CISSP
Director, IT Security & Compliance
Technology Services
Samford University
(205) 726-2692
March 11, 2013 | Edward Zawacki
I'm curious as to whether anyone has taken advantage of their campus' Microsoft licensing agreement to switch from say McAffee or Symantec's endpoint solution to Microsoft's? If so, how are you feeling about the Microsoft solution? Or, if you thought about it and decided not to do it, I'm also interested in the rationale/any documentation you might have on that decision. (Obviously, the cost savings would be nice, but I'm not too impressed by what I see from MS. Just wondering if I'm missing something) Thanks -- Ed Zawacki Chief Information Security and Privacy Officer Academic Computing and Communications Center University of Illinois at Chicago (312) 996-0658 General Security Line: (312) 432-0074
February 25, 2013 | Mark Reboli

Does anyone have a mobile phone disclaimer for a university app that they would be kind enough to share?


Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753


February 21, 2013 | David A. Curry
As those of you at schools using Banner know, Ellucian has still not certified Banner to run on Java 7; Java 6 (including the browser plug-in) must be installed on end users' desktops. Java 6, of course, has reached the end of its public update period, which means any future updates after the end of this month will come through Ellucian rather than Oracle (or so they tell us).

Aside from the increased difficulty of trying to keep a down-rev version of Java installed on systems used by Banner users, especially since our users have admin rights and are therefore free to update Java when they want and will do so if another application asks them to, we are of course concerned that maintaining a down-rev version of the Java plug-in will expose these systems to increased risk of compromise because of security vulnerabilities. This is particularly worrying because, of course, the people who use Banner are also the people who work with lots of personally...
November 13, 2012 | Andrew Scott



I am looking at improving the integration of information security in IT processes (project development, maintenance, etc.). I am interested on what others have successfully done to improve the integration of security.




Andy Scott, CISSP

Information Security Officer, IT Services

British Columbia Institute of Technology

3700 Willingdon Ave, Burnaby, BC, V5G 3H2


Tel: 604-432-8683  Mobile: 778-928-2444

Email:  Web:


September 12, 2012 | Martin Manjak
MS will release their Update for Minimum Certificate Key Length to WSUS next month. I'm curious about any special preparations anyone may have taken to identify certs within their domains that may not meet the new minimum key length standard (1024). Embedded devices, if using SSL, come to mind as a potential source of problems. Also, is anyone briefing their Help Desk staff on how to respond to callers who report that they can't connect to sites because of the new requirement? It's hard to tell how much is going to break with this update. Marty -- Martin Manjak CISSP, GIAC GSEC-G Information Security Officer University at Albany MSC 209 518/437-3813 The University at Albany will never ask you to reveal your password. Please ignore all such requests.
July 2, 2012 | Michael Fox
I am looking to purchase the SANS security awareness CBT and I would like to host it within our LMS system here (Skillport). Has anyone ported the CBTs into SkillPort specifically?

I'll also take any experience anyone has had porting the CBTs into any SCORM compliant LMS.

Mike Fox 
Georgia Southern University
Information Security Office

Jeremiah 29:11-16

May 15, 2012 | Paul Kern

We are looking for a good hard disk degausser, and possibly a shredder as well.  Does anyone have any suggestions?  I am looking at the Garner TS-1 Degausser, and it looks interesting.


Paul Kern

Associate Security Officer

South Dakota Board of Regents (RIS)



March 19, 2012 | Robert Yoka
I have noticed from some of the EDUCAUSE archives that there are some institutions who have the policy of disallowing the storage, processing, or transmission of credit card information for any system on their network.  For those who have been successful with this, how are you enabling credit card transactions on-campus at places like the bookstore, cafes, or any other point-of-sale?

Robert J. Yoka
Information Security Administrator
Information Technology
York College of Pennsylvania
441 Country Club Road
York, PA 17403

Voice: 717-815-1784
Cell: 717-577-0737

This information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution or use of this e-mail communication by others is strictly prohibited. If...
February 9, 2012 | Listserv Anonymous User
Message from

I’m just curious to see how many of you have enabled SPF filtering on your email systems?


We recently enabled this, and the result is that we have many support tickets from users who no longer receive mail from rejected senders. These senders are legitimate, however, they have “bad” SPF records.


We’re wondering how other institutions are handling this, and if SPF checking is really worth it.


If I’ve posted this on the wrong list, please let me know.





Jan S. Dye

Messaging Services

Division of...

January 20, 2012 | Nathan Hay
We are looking for a recommendation for a PCI DSS compliance consultant. Do you have any consultants you would recommend? Or any you would stay away from? Thank you, Nathan Nathan P. Hay Network Engineer | Information Technology Cedarville University | 937-766-7905 twitter: @nathanphay
January 19, 2012 | Listserv Anonymous User
Message from

On Thu, 19 Jan 2012 09:10:27 CST, Brandon Payne said: > Do you use any type of security software that allows your security staff > keeps track of individuals (students) that have caused problems? Examples - > committed crimes on campus, Wow. That sounds like a civil rights lawsuit just waiting to happen...
January 12, 2012 | Listserv Anonymous User
Message from

Hi guys,

I am doing masters in computer science and I would like to write my master thesis on any subject related to Penetration Testing.
First I would like to know if any of you are academics, then ask you what you know about the subject of Penetration Testing on the academic world.

Thank you for your time,
Leandro Quibem Magnabosco.
March 6, 2014 | James H. Moore
I was just reading about Unetbootin and say that it could boot a menu of live CDs, and thought AV standalones.  Anyone try this? 

- - - -
Jim Moore, CISSP, IAM, ITIL Foundations
Senior Information Security Forensic Investigator
Rochester Institute of Technology
151 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 255-0809 (Cell - Incident Reporting & Emergencies)
(585) 475-7920 (fax)

Speaking to risks of biometric authentication … 'it's obviously "hard" to "reissue" new irises to
people if theirs have been "compromised" '  Joe St Sauver, 2014

The first duty of the university is to teach wisdom, not a trade; character, not technicalities.  We want a lot...
February 28, 2014 | Chirstopher Bohlk

Hi All,


I was wondering if you have determined how you will handle any XP machines that have not been removed or upgraded after the EOL?  Do you plan on denying them access to the network using technical controls?  If so, how long a period after the EOL are you planning on implementing such controls?





Chris Bohlk, CISSP, C|EH

Pace University

Information Security Officer

Information Technology Services (ITS)

235 Elm Road, West Hall 212A

Briarcliff Manor, NY 10510

(914)923-2649  Office


Group Leaders

University of Florida
University of Maryland, Baltimore

Related to this Group...


View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.