Security Awareness

The fifth annual National Cyber Security Awareness Month (NCSAM) was kicked off earlier today at an event held at the National Press Club in Washington, D.C. The event featured a panel including DHS Assistant Secretary for Cyber Security and Communications Gregory Garcia, National Cyber Security Alliance (NCSA) Executive Director Michael Kaiser, and Symantec Senior Director for Public Affairs Adam Rak.

Secretary Garcia described DHS efforts to improve cybersecurity and emphasize it as A Shared Responsibility. He cited increased government investment as a sign of the high priority given to cybersecurity by the federal government. The NCSA's Kaiser urged Americans to "keep up your defenses and hone your instincts". He explained that the NCSA will undertake a new "www" campaign in the coming months advising consumers to ask: who is asking for your information, what are they asking for, and why do they need it.

October is National Cyber Security Awareness Month (NCSAM). As we rely more on technology-based solutions in our everyday lives, cybersecurity becomes everyone's responsibility. We encourage you to consider ways you can raise awareness among your faculty, staff, and students and invite you to help promote NCSAM. For further suggestions, please consult the Resource Kit for National Cyber Security Awareness Month, developed by the EDUCAUSE/Internet2 Security Task Force. 

Additional EDUCAUSE resources include: 

October is National Cyber Security Awareness Month (NCSAM)...but it's never too soon to start planning your campus events!!! We encourage you to consider ways that you can raise awareness among your faculty, staff, and students, and invite you to help promote NCSAM. For further suggestions, please consult the Resource Kit for National Cyber Security Awareness Month, developed by the EDUCAUSE/Internet2 Security Task Force.

Help increase cybersecurity awareness among students, faculty, and staff by bringing October's National Cyber Security Awareness Month (NCSAM) activities to campus. Browse the EDUCAUSE/Internet2 Security Task Force Resource Kit for National Cyber Security Awareness Month. Learn more about NCSAM from the National Cyber Security Alliance.

Although phishing is not a new threat to the higher ed community, many schools have experienced an increasing number of targeted phishing attacks over the past several months. These phishing e-mails ask students, faculty, and staff to provide their institutional username and password. Once an account is compromised, it is typically used to send out more spam, which creates a new set of problems for the institution.

Many schools are working to combat these phishing attacks through education and awareness activities over the next few weeks as students return to campus. In an effort to assist institutions, EDUCAUSE has compiled a number of phishing resources that include websites on phishing, quizzes and games, and downloadable materials (e.g., posters, brochures, bookmarks, postcards, and videos). Please share any additional suggested resources with the Security Task Force.

In "Security Metrics: A Solution in Search of a Problem", a recent EDUCAUSE Quarterly article, Joel Rosenblatt (Manager of Computer and Network Security, Columbia University) describes how the creation and collection of appropriate metrics can enhance an institution's security program. Learn about some potential metrics in the following areas: policy and compliance, network and machine monitoring, outreach and education, legal compliance, authorization and authentication, asset protection, and privacy.

The EDUCAUSE/Internet2 Computer and Network Security Task Force, in cooperation with the ResearchChannel, is conducting its third annual contest in search of computer security awareness posters and short videos developed by college students for college students. The contest, which is co-sponsored by the National Cyber Security Alliance (NCSA) and CyberWATCH, offers cash prizes ($1,000, $800 and $400) to the winners in each of the four categories. It also provides an opportunity for students to gain experience by developing creative and effective short videos or posters. The deadline for submission of entries is April 30, 2009.

The EDUCAUSE/Internet Security Task Force provided a briefing to the CSIS Commission on Cyber Security for the 44th Presidency on March 12, 2008, during the event "Improving Cybersecurity: Recommendations from Private Sector Experts". A 1-page summary of the briefing is available, as well as the complete transcript.

During our last couple of conference calls in 2007 I offered to initiate a discussion on working with faculty on the topic of awareness, in particular, working through the faculty governing structure. My suggestion contains relatively simple steps, but it is based on what has worked in the past at UNH for other topics. When presenting important information to Faculty, and especially when hoping to receive constructive feedback on topics which typically may not be on their mind, one approach that worked was to work through the Faculty Senate and its chair and agenda commitee. The approach we took was to first speak with the chair and confirm that there is general support for taking the time at a future Senate meeting to cover the proposed topic. Next, we wrote up a brief proposal and shared it with the agenda commitee, and offered to meet with the commitee to discuss our objectives, answer their questions, and receive preliminary feedback. In preparing our presentation material for the actual Senate meeting, we took the agenda sub-commitee's input into consideration.

The Security Task Force has created a resource page that provides information about security certifications, including links to known security certifications (under the heading of "Community Resources"). Please contact us if we are missing any known security certifications.

According to the 2006 security survey conducted by the EDUCAUSE Center for Applied Research (Safeguarding the Tower: IT Security in Higher Education), the following information is available regarding security certifications by IT security staff at colleges and universities: