Cybersecurity and Crime

This week of National Cyber Security Awareness Month centers on law enforcement and looks at the criminal issues surrounding cybersecurity. What follows are three parts aimed at giving you a strategic and tactical understanding of crime committed across the world using networks. Questions to enrich your understanding appear at the end of the blog.

read more

Cyberbullying in Higher Education

By Navika Mahal and Vikram Kulothungan

Navika Mahal and Vikram Kulothungan are graduate students in the Master of Science in Information Security Policy and Management (MSISPM) program at Heinz College, Carnegie Mellon University.

read more

7 Ways to Boost Your Tech Skills without Going Back to School

By Sameer Bhatia

Sameer Bhatia is founder and CEO of ProProfs.

In the rapidly changing tech world today, it is hardly an exaggeration to say that the skills you learned even just a year or so ago are fast on their way to becoming obsolete. Over the past few years, it has become essential for tech workers to engage in education as a lifelong pursuit — a constant cycle of learning, unlearning, and relearning — as new technologies become available and new knowledge and skills become in demand.

read more

Podcast: Effective Video for MOOCs

Elizabeth Evans is production lead at the Duke Digital Initiative. In this podcast interview, she explains how to produce effective video for instructors and why video is such an important component for connecting with students.

read more

Policy Presentation at the EDUCAUSE Annual Conference

At EDUCAUSE’s 2014 Annual Conference in Orlando, Florida, Jarret Cummings, the association’s director of policy and external relations, and its policy and government relations advisors, Josh Ulman and Jennifer Ortega, reported on the status of several public policy issues of importance to EDUCAUSE and its members. These issues included:

read more

EDUCAUSE Submits Net Neutrality Reply Comments and Participates in FCC Roundtable

On September 15, EDUCAUSE and eleven other higher education associations submitted reply comments to the Federal Communications Commission (FCC) on the agency’s current Open Internet Order and network neutrality proposal. The reply comments further clarified some of the concepts introduced in the coalition’s original comments submitted to the FCC on July 18.

read more

EDUCAUSE Submits Letter to NIST on the Agency’s Cybersecurity Framework

On October 10, EDUCAUSE submitted a letter to the National Institute of Standards and Technology (NIST) in response to the agency’s Request for Information (RFI) on the implementation of its cybersecurity framework released on February 12, 2014. The letter did not raise new concerns with the cybersecurity framework but instead directed NIST to review EDUCAUSE’s previously submitted comments in response to NIST’s original RFI, which was published on February 26, 2013, and sought input from stakeholders on the development of the framework.

read more

Appellate Court Reverses Ruling on E-Reserves at Georgia State University

On October 18, a three-judge panel of the U.S. Court of Appeals for the 11th Circuit unanimously reversed a district court ruling in Cambridge University Press et al. v Carl V. Patton et al., a case in which Georgia State University was sued by Cambridge University Press, Oxford University Press, and SAGE Publications for 99 instances of copyright infringement.

read more

ED Delays Deadline for State Authorization Compliance for In-State Institutions

On June 24, the Department of Education (ED) published a notice in the Federal Register postponing state authorization compliance until July 1, 2015, for higher education institutions operating within a state where the institution has a physical presence. The rule would require postsecondary institutions gain authorization to operate in every state in which they are physically located. The rule was originally supposed to take effect on July 1, 2013, but implementation has now been delayed twice. While the federal government has put its authorization regulations on hold, each state still expects institutions to follow existing state authorization laws and regulations.

read more

Higher Ed Raises Concerns, Works with Proponents of the TEACH Act

In September, EDUCAUSE and a number of other higher education associations released an analysis of the Technology, Equality, and Accessibility in College and Higher Education (TEACH) Act. The proposed legislation, not to be confused with the already established TEACH Act on copyright issues (see the 2009 ECAR Research Bulletin on the topic for more information), is intended to improve the accessibility of “electronic instructional materials and related technologies” for persons with disabilities.

read more

Competition and Control

Diana G. Oblinger and Joanne Dehoney

This is the fifth in a blog series describing five “metatrends,” drawn from a review of articles in industry IT press, that affect CIOs in all IT sectors:


Each post in the Future Slant blog will describe one of these trends, suggesting implications for higher education.


read more

Cybersecurity: The Industry That Keeps on Growing

By Kar Cheung

Kar Cheung is the Marketing Manager at ExpressVPN.

The cybersecurity market has grown at an amazing rate over the past decade, and will continue to experience rapid expansion in years to come, according to MarketsandMarkets’ latest report. According to the report, the global cybersecurity market will grow from $95.60 billion in 2014 to $155.74 billion by 2019.

Within an industry known for selling firewalls, intrusion detection systems, antivirus software, encryption and authentication tools, and a whole host of other tools, one thing is for sure: the hackers are — and always will be — one step ahead.

read more

Online Security and Higher Education: What's at Stake

By Rich Murphy

Rich Murphy is the Director of Technical Account Management at BlackStratus.

The diverse range of users accessing IT resources both on and off campus presents a number of security issues for higher education institutions. Potential risks can include:

read more

Using Information Security to Protect Intellectual Property

Joanna Grama is director of Data, Research, and Analytics Operations and the IT Governance, Risk, and Compliance Program and Cybersecurity Programs at EDUCAUSE.

When the topic of information security comes up, we often think first how it can protect an institution's operational data and information technology services. However, it also has an important role in protecting an institution's intellectual property — a person or organization's creative ideas, innovations, and inventions.

Intellectual property rights encourage innovation and discovery. The purpose of such rights is to give the legal owner of an invention or creative idea the exclusive opportunity to profit from it for a specified length of time. This means that the legal owner has the right to use the invention for personal profit and control how (or if) others can use it.

read more

Secure Development of Internet of Things Products for Education

By Vaughn Eisler and Renault Ross

Vaughn Eisler is a business development manager and Renault Ross is a national security architect at Symantec Corporation.

The Internet of Things (IoT) represents a major departure in the history of the Internet, as connections move beyond computing systems and begin to power billions of everyday devices, from smart meters to home thermostats to remote e-learning systems. The market demands that these devices and sensors have a multilayered security and data management approach to ensure they are properly identified, secured, and trusted and that the data they produce remains private, managed, and analyzed.

read more

Critical Infrastructure and the Internet of Things

Karen McDowell is an information security analyst at the University of Virginia.

The Internet of Things (IoT) interests and excites people for a number of reasons, not the least being that these Internet devices, ranging from industrial sensors to complex CT scanners, can make our lives easier, ensure more efficient delivery of goods and services, and give us more control over the environment than we ever thought possible. Businesses, "on the cusp of an explosion in the potential and adoption of IoT,"1 are also vitally interested in the IoT because of the great potential in revenue growth and innovation, and long term sustained value.

read more

Stop. Think. Connect. Everyone's a Target

By Shelby Cunningham, Marcelle Drakes-Ruffin, and Ashley Rae Tolbert

Shelby Cunningham, Marcelle Drakes-Ruffin, and Ashley Rae Tolbert are graduate students in the Master of Science in Information Security Policy and Management (MSISPM) program at Heinz College, Carnegie Mellon University.

When Target fell victim to hackers seeking credit-card numbers, we were shocked to learn that it started with a social engineering attack against an HVAC company they used. Surely, nobody would try to breach a retail giant through people who personally held nothing of value. But the teenager who fell for a fake MySpace login in 2006 could have grown up to become an employee who gives information to a fake colleague. Social engineering — manipulating human nature to get sensitive data — can expose anyone to attack. The good news? Simple strategies offer protection against attackers.

read more

How to Think About MOOCs?

By Nigel P. Melville

Nigel P. Melville is associate professor of Information Systems in the Stephen M. Ross School of Business at the University of Michigan.

MOOCs are the latest in a long line of socio-technical systems to alter everyday work practices. One semester, a professor is teaching 85 MBA students in a large lecture hall, and the next, she's appearing in short online videos on Coursera viewed by thousands of students the world over. Overnight she's a household name. But what should we make of this?

read more

Improving Password Security Shouldn't Be Rocket Science

Nelson Cicchitto is chairman and CEO of Avatier Corporation, a company he founded in 1997.

It amazes me that, despite all the money being spent on security measures, from endpoints to data leak prevention to database security, the single largest vulnerability continues to be passwords. To be specific, 76% of all breaches over the past few years were based on weak or stolen password credentials according to one of the industry's annual studies.

Developing a usable and secure password management system shouldn't be difficult. I have seen countless implementations of password management solutions that achieved major success in a short time.

An organizational password management implementation involves a number of key elements consisting of a blend of technology and internal business processes, including:

read more

Security Awareness for IT Staff and Developers

Lance Spitzner is the training director for SANS Securing the Human.

A common misconception, including among security professionals, is that if someone is technical, they must be secure. If someone knows how to code in Python, configure a Unix server, or maintain a network of routers, then they must be secure. Unfortunately, that is not the case. In fact, technical individuals often pose a greater risk to an organization than general users because of their privileged access. They develop the code that faces the Internet, the servers that maintain databases, or the routers that transfer information. Often these individuals not only require security awareness training but advanced security training designed specifically for their roles.

read more