EDUCAUSE Submits Net Neutrality Reply Comments and Participates in FCC Roundtable

On September 15, EDUCAUSE and eleven other higher education associations submitted reply comments to the Federal Communications Commission (FCC) on the agency’s current Open Internet Order and network neutrality proposal. The reply comments further clarified some of the concepts introduced in the coalition’s original comments submitted to the FCC on July 18.

read more

EDUCAUSE Submits Letter to NIST on the Agency’s Cybersecurity Framework

On October 10, EDUCAUSE submitted a letter to the National Institute of Standards and Technology (NIST) in response to the agency’s Request for Information (RFI) on the implementation of its cybersecurity framework released on February 12, 2014. The letter did not raise new concerns with the cybersecurity framework but instead directed NIST to review EDUCAUSE’s previously submitted comments in response to NIST’s original RFI, which was published on February 26, 2013, and sought input from stakeholders on the development of the framework.

read more

Appellate Court Reverses Ruling on E-Reserves at Georgia State University

On October 18, a three-judge panel of the U.S. Court of Appeals for the 11th Circuit unanimously reversed a district court ruling in Cambridge University Press et al. v Carl V. Patton et al., a case in which Georgia State University was sued by Cambridge University Press, Oxford University Press, and SAGE Publications for 99 instances of copyright infringement.

read more

ED Delays Deadline for State Authorization Compliance for In-State Institutions

On June 24, the Department of Education (ED) published a notice in the Federal Register postponing state authorization compliance until July 1, 2015, for higher education institutions operating within a state where the institution has a physical presence. The rule would require postsecondary institutions gain authorization to operate in every state in which they are physically located. The rule was originally supposed to take effect on July 1, 2013, but implementation has now been delayed twice. While the federal government has put its authorization regulations on hold, each state still expects institutions to follow existing state authorization laws and regulations.

read more

Higher Ed Raises Concerns, Works with Proponents of the TEACH Act

In September, EDUCAUSE and a number of other higher education associations released an analysis of the Technology, Equality, and Accessibility in College and Higher Education (TEACH) Act. The proposed legislation, not to be confused with the already established TEACH Act on copyright issues (see the 2009 ECAR Research Bulletin on the topic for more information), is intended to improve the accessibility of “electronic instructional materials and related technologies” for persons with disabilities.

read more

Cybersecurity: The Industry That Keeps on Growing

By Kar Cheung

Kar Cheung is the Marketing Manager at ExpressVPN.

The cybersecurity market has grown at an amazing rate over the past decade, and will continue to experience rapid expansion in years to come, according to MarketsandMarkets’ latest report. According to the report, the global cybersecurity market will grow from $95.60 billion in 2014 to $155.74 billion by 2019.

Within an industry known for selling firewalls, intrusion detection systems, antivirus software, encryption and authentication tools, and a whole host of other tools, one thing is for sure: the hackers are — and always will be — one step ahead.

read more

Online Security and Higher Education: What's at Stake

By Rich Murphy

Rich Murphy is the Director of Technical Account Management at BlackStratus.

The diverse range of users accessing IT resources both on and off campus presents a number of security issues for higher education institutions. Potential risks can include:

read more

Using Information Security to Protect Intellectual Property

Joanna Grama is director of Data, Research, and Analytics Operations and the IT Governance, Risk, and Compliance Program and Cybersecurity Programs at EDUCAUSE.

When the topic of information security comes up, we often think first how it can protect an institution's operational data and information technology services. However, it also has an important role in protecting an institution's intellectual property — a person or organization's creative ideas, innovations, and inventions.

Intellectual property rights encourage innovation and discovery. The purpose of such rights is to give the legal owner of an invention or creative idea the exclusive opportunity to profit from it for a specified length of time. This means that the legal owner has the right to use the invention for personal profit and control how (or if) others can use it.

read more

Secure Development of Internet of Things Products for Education

By Vaughn Eisler and Renault Ross

Vaughn Eisler is a business development manager and Renault Ross is a national security architect at Symantec Corporation.

The Internet of Things (IoT) represents a major departure in the history of the Internet, as connections move beyond computing systems and begin to power billions of everyday devices, from smart meters to home thermostats to remote e-learning systems. The market demands that these devices and sensors have a multilayered security and data management approach to ensure they are properly identified, secured, and trusted and that the data they produce remains private, managed, and analyzed.

read more

Critical Infrastructure and the Internet of Things

Karen McDowell is an information security analyst at the University of Virginia.

The Internet of Things (IoT) interests and excites people for a number of reasons, not the least being that these Internet devices, ranging from industrial sensors to complex CT scanners, can make our lives easier, ensure more efficient delivery of goods and services, and give us more control over the environment than we ever thought possible. Businesses, "on the cusp of an explosion in the potential and adoption of IoT,"1 are also vitally interested in the IoT because of the great potential in revenue growth and innovation, and long term sustained value.

read more

Stop. Think. Connect. Everyone's a Target

By Shelby Cunningham, Marcelle Drakes-Ruffin, and Ashley Rae Tolbert

Shelby Cunningham, Marcelle Drakes-Ruffin, and Ashley Rae Tolbert are graduate students in the Master of Science in Information Security Policy and Management (MSISPM) program at Heinz College, Carnegie Mellon University.

When Target fell victim to hackers seeking credit-card numbers, we were shocked to learn that it started with a social engineering attack against an HVAC company they used. Surely, nobody would try to breach a retail giant through people who personally held nothing of value. But the teenager who fell for a fake MySpace login in 2006 could have grown up to become an employee who gives information to a fake colleague. Social engineering — manipulating human nature to get sensitive data — can expose anyone to attack. The good news? Simple strategies offer protection against attackers.

read more

How to Think About MOOCs?

By Nigel P. Melville

Nigel P. Melville is associate professor of Information Systems in the Stephen M. Ross School of Business at the University of Michigan.

MOOCs are the latest in a long line of socio-technical systems to alter everyday work practices. One semester, a professor is teaching 85 MBA students in a large lecture hall, and the next, she's appearing in short online videos on Coursera viewed by thousands of students the world over. Overnight she's a household name. But what should we make of this?

read more

Improving Password Security Shouldn't Be Rocket Science

Nelson Cicchitto is chairman and CEO of Avatier Corporation, a company he founded in 1997.

It amazes me that, despite all the money being spent on security measures, from endpoints to data leak prevention to database security, the single largest vulnerability continues to be passwords. To be specific, 76% of all breaches over the past few years were based on weak or stolen password credentials according to one of the industry's annual studies.

Developing a usable and secure password management system shouldn't be difficult. I have seen countless implementations of password management solutions that achieved major success in a short time.

An organizational password management implementation involves a number of key elements consisting of a blend of technology and internal business processes, including:

read more

Security Awareness for IT Staff and Developers

Lance Spitzner is the training director for SANS Securing the Human.

A common misconception, including among security professionals, is that if someone is technical, they must be secure. If someone knows how to code in Python, configure a Unix server, or maintain a network of routers, then they must be secure. Unfortunately, that is not the case. In fact, technical individuals often pose a greater risk to an organization than general users because of their privileged access. They develop the code that faces the Internet, the servers that maintain databases, or the routers that transfer information. Often these individuals not only require security awareness training but advanced security training designed specifically for their roles.

read more

'Online Security' Need Not Be an Oxymoron

Raechelle Clemmons is vice president and chief information officer at St. Norbert College.

[Thanks to Raechelle Clemmons and the Green Bay Press Gazette for allowing EDUCAUSE to republish this column for National Cyber Security Awareness Month. —Editor]

October is right around the corner, and with it comes fall (or is fall here already?) and National Cyber Security Awareness Month (NCSAM), a month dedicated to raising awareness about online security.

Now in its 11th year, NCSAM was created by the U.S. Department of Homeland Security and the National Cyber Security Alliance to “ensure every American has the resources they need to stay safer and more secure online.”

read more

Control vs. Education: How Should We Change Human Behavior on Privacy and Data Security?

Daniel J. Solove is the founder of TeachPrivacy and John Marshall Harlan Research Professor of Law, George Washington University Law School.

read more

Thursday's Hawkins Leadership Roundtable Agenda

On Thursday morning roundtable members and participants will convene together at 7:30am in room 209 A/C in the Orlando Conference center. This is the last meeting of the roundtable for 2014 and we hope that you have found our time together extremely beneficial. Our breakfast meeting will include remarks and some question time with Nancy Zimpher, the Chancellor of the State University of New York System, who will also be delivering the final keynote of the conference at 10:15 am.
Participants are asked to please fill out the evaluation form for the roundtable. Your feedback is essential to improving the roundtable for next year’s participants. We look forward to receiving your comments and suggestions.
About the Hawkins Leadership Roundtable: The Hawkins Leadership Roundtable is a leadership development program for new CIOs and individuals actively seeking a CIO role.

read more

Wednesday's Hawkins Leadership Roundtable Agenda

Tomorrow’s Hawkins Leadership Roundtable activities will continue to connect participants with council members in ways that focus on developing participants’ leadership capabilities and elevating the work of their organizations.
The links for Tuesday’s slide presentation can be found here:
Wednesday’s lunch will begin at 11:30 am in room W209 A/B in the Orlando conference center. During this session the council will focus on the topic of “conversations with presidents or senior executives.” During this session, each council member will play the role of an institutional president and role-play with participants using questions commonly asked of CIOs by senior executives.

read more

National Cyber Security Awareness Month 2014 Is Here!

Today marks the beginning of National Cyber Security Awareness Month (NCSAM), celebrated every October since 2004. NCSAM began as a collaborative effort between government and industry to provide people with the resources they need to stay safer and more secure online. Since its inception, the U.S. Department of Homeland Security and the National Cyber Security Alliance have led NCSAM, and these efforts have grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions, and young people across the United States and internationally. NCSA, APWG, and DHS also co-lead STOP. THINK. CONNECT., the global cyber security education and awareness campaign.

read more

Tuesday's Hawkins Leadership Roundtable Agenda

EDUCAUSE 2014 is here and the first meeting of the entire Hawkins Leadership Roundtable kicks off today at 12:30pm in room W209 A/B in the Orlando Conference center. Though this is the first time that the council will meet together as a group, participants should have already scheduled some time with their assigned Council members who will act as their mentors for the program. Many participants will have met with their mentor yesterday or today before the first lunch. As a council member myself I am meeting with my first protégé before Tuesday's lunch.
It’s up to the participants in the program to contact their assigned Council member for mentoring activities. This one-on-one collaboration is one of the most important benefits of the Hawkins Leadership Roundtable.

read more