On September 15, EDUCAUSE and eleven other higher education associations submitted reply comments to the Federal Communications Commission (FCC) on the agency’s current Open Internet Order and network neutrality proposal. The reply comments further clarified some of the concepts introduced in the coalition’s original comments submitted to the FCC on July 18.
On October 10, EDUCAUSE submitted a letter to the National Institute of Standards and Technology (NIST) in response to the agency’s Request for Information (RFI) on the implementation of its cybersecurity framework released on February 12, 2014. The letter did not raise new concerns with the cybersecurity framework but instead directed NIST to review EDUCAUSE’s previously submitted comments in response to NIST’s original RFI, which was published on February 26, 2013, and sought input from stakeholders on the development of the framework.
On October 18, a three-judge panel of the U.S. Court of Appeals for the 11th Circuit unanimously reversed a district court ruling in Cambridge University Press et al. v Carl V. Patton et al., a case in which Georgia State University was sued by Cambridge University Press, Oxford University Press, and SAGE Publications for 99 instances of copyright infringement.
On June 24, the Department of Education (ED) published a notice in the Federal Register postponing state authorization compliance until July 1, 2015, for higher education institutions operating within a state where the institution has a physical presence. The rule would require postsecondary institutions gain authorization to operate in every state in which they are physically located. The rule was originally supposed to take effect on July 1, 2013, but implementation has now been delayed twice. While the federal government has put its authorization regulations on hold, each state still expects institutions to follow existing state authorization laws and regulations.
In September, EDUCAUSE and a number of other higher education associations released an analysis of the Technology, Equality, and Accessibility in College and Higher Education (TEACH) Act. The proposed legislation, not to be confused with the already established TEACH Act on copyright issues (see the 2009 ECAR Research Bulletin on the topic for more information), is intended to improve the accessibility of “electronic instructional materials and related technologies” for persons with disabilities.
By Kar Cheung
Kar Cheung is the Marketing Manager at ExpressVPN.
The cybersecurity market has grown at an amazing rate over the past decade, and will continue to experience rapid expansion in years to come, according to MarketsandMarkets’ latest report. According to the report, the global cybersecurity market will grow from $95.60 billion in 2014 to $155.74 billion by 2019.
Within an industry known for selling firewalls, intrusion detection systems, antivirus software, encryption and authentication tools, and a whole host of other tools, one thing is for sure: the hackers are — and always will be — one step ahead.
By Rich Murphy
Rich Murphy is the Director of Technical Account Management at BlackStratus.
The diverse range of users accessing IT resources both on and off campus presents a number of security issues for higher education institutions. Potential risks can include:
Joanna Grama is director of Data, Research, and Analytics Operations and the IT Governance, Risk, and Compliance Program and Cybersecurity Programs at EDUCAUSE.
When the topic of information security comes up, we often think first how it can protect an institution's operational data and information technology services. However, it also has an important role in protecting an institution's intellectual property — a person or organization's creative ideas, innovations, and inventions.
Intellectual property rights encourage innovation and discovery. The purpose of such rights is to give the legal owner of an invention or creative idea the exclusive opportunity to profit from it for a specified length of time. This means that the legal owner has the right to use the invention for personal profit and control how (or if) others can use it.
By Vaughn Eisler and Renault Ross
Vaughn Eisler is a business development manager and Renault Ross is a national security architect at Symantec Corporation.
The Internet of Things (IoT) represents a major departure in the history of the Internet, as connections move beyond computing systems and begin to power billions of everyday devices, from smart meters to home thermostats to remote e-learning systems. The market demands that these devices and sensors have a multilayered security and data management approach to ensure they are properly identified, secured, and trusted and that the data they produce remains private, managed, and analyzed.
Karen McDowell is an information security analyst at the University of Virginia.
The Internet of Things (IoT) interests and excites people for a number of reasons, not the least being that these Internet devices, ranging from industrial sensors to complex CT scanners, can make our lives easier, ensure more efficient delivery of goods and services, and give us more control over the environment than we ever thought possible. Businesses, "on the cusp of an explosion in the potential and adoption of IoT,"1 are also vitally interested in the IoT because of the great potential in revenue growth and innovation, and long term sustained value.
By Shelby Cunningham, Marcelle Drakes-Ruffin, and Ashley Rae Tolbert
Shelby Cunningham, Marcelle Drakes-Ruffin, and Ashley Rae Tolbert are graduate students in the Master of Science in Information Security Policy and Management (MSISPM) program at Heinz College, Carnegie Mellon University.
When Target fell victim to hackers seeking credit-card numbers, we were shocked to learn that it started with a social engineering attack against an HVAC company they used. Surely, nobody would try to breach a retail giant through people who personally held nothing of value. But the teenager who fell for a fake MySpace login in 2006 could have grown up to become an employee who gives information to a fake colleague. Social engineering — manipulating human nature to get sensitive data — can expose anyone to attack. The good news? Simple strategies offer protection against attackers.
By Nigel P. Melville
Nigel P. Melville is associate professor of Information Systems in the Stephen M. Ross School of Business at the University of Michigan.
MOOCs are the latest in a long line of socio-technical systems to alter everyday work practices. One semester, a professor is teaching 85 MBA students in a large lecture hall, and the next, she's appearing in short online videos on Coursera viewed by thousands of students the world over. Overnight she's a household name. But what should we make of this?
Nelson Cicchitto is chairman and CEO of Avatier Corporation, a company he founded in 1997.
It amazes me that, despite all the money being spent on security measures, from endpoints to data leak prevention to database security, the single largest vulnerability continues to be passwords. To be specific, 76% of all breaches over the past few years were based on weak or stolen password credentials according to one of the industry's annual studies.
Developing a usable and secure password management system shouldn't be difficult. I have seen countless implementations of password management solutions that achieved major success in a short time.
An organizational password management implementation involves a number of key elements consisting of a blend of technology and internal business processes, including:
Lance Spitzner is the training director for SANS Securing the Human.
A common misconception, including among security professionals, is that if someone is technical, they must be secure. If someone knows how to code in Python, configure a Unix server, or maintain a network of routers, then they must be secure. Unfortunately, that is not the case. In fact, technical individuals often pose a greater risk to an organization than general users because of their privileged access. They develop the code that faces the Internet, the servers that maintain databases, or the routers that transfer information. Often these individuals not only require security awareness training but advanced security training designed specifically for their roles.
Raechelle Clemmons is vice president and chief information officer at St. Norbert College.
October is right around the corner, and with it comes fall (or is fall here already?) and National Cyber Security Awareness Month (NCSAM), a month dedicated to raising awareness about online security.
Now in its 11th year, NCSAM was created by the U.S. Department of Homeland Security and the National Cyber Security Alliance to “ensure every American has the resources they need to stay safer and more secure online.”
Daniel J. Solove is the founder of TeachPrivacy and John Marshall Harlan Research Professor of Law, George Washington University Law School.
Today marks the beginning of National Cyber Security Awareness Month (NCSAM), celebrated every October since 2004. NCSAM began as a collaborative effort between government and industry to provide people with the resources they need to stay safer and more secure online. Since its inception, the U.S. Department of Homeland Security and the National Cyber Security Alliance have led NCSAM, and these efforts have grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions, and young people across the United States and internationally. NCSA, APWG, and DHS also co-lead STOP. THINK. CONNECT., the global cyber security education and awareness campaign.