Monthly Archives: April 2011

  • 29
    Apr 11
  • 0

Secure Mobile-an Oxymoron? (Redux)

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Risk,Uncategorized Tags : 

Responses to the #1 topic on IdeaScale, “Consumers dictate device usage, not IT,” indicate that MANY of you believe consumers will drive smartphone adoption in Higher Education, while the sentiment around the topic, “Get rid of the walls around your enterprise data,” indicates that quite a few of you believe that core university data should be accessible to smartphone users.

However, yesterday’s polls have shown that not even all of the attendees of yesterday’s webinar use PINS or swipe patterns on their smartphones. The inherent difficulties in entering a complex password on a smartphone increase the likelihood that users will rely on simple passwords, if any, to access their devices. At the same time, users are expecting access to more and more university resources through their smartphones, increasing the risk of a data breach.

Where does security fit into this picture?

In Thursday’s webinar, “Smartphone Privacy & Security, What Should We Teach Our Users?“, the speaker, Norman Sadeh, indicated that mobile users are three times more likely to fall for phishing attempts. That statistic implies that spear phishing against university communities, which already demonstrates more success than we’re comfortable with, will be even more effective against smartphone users. As we find ourselves more and more hurried, making quick decisions just to handle the ever-increasing stream of information flowing at us, we’re more prone to fall for these attacks.

I would guess that many of us who own smartphones are using them to access our university e-mail, if not other university resources. Most of us don’t have any control over whether someone may e-mail us private or confidential information. If our smartphones become the weakest link in protecting data, they will be targeted.

How many of us have misplaced our smartphones or left them sitting on our desk in an unsecured office? Have you left your smartphone in a taxi or on a shuttle bus?

Increased access to university data is a desirable convenience. Will we be able to get the right combination of security controls, user training, and policies in place to allow smartphone access without it leading to a security breach resulting in a notification event or embarrassment to the university? What kinds of security controls are you using to prevent this? What security apps do you recommend to your users?

Lots of troublesome questions. Where are the answers?

Ben Woelk
Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council
Policy and Awareness Analyst
Rochester Institute of Technology
ben.woelk@rit.edu
https://security.rit.edu/dsd.html
Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645
Follow me on Twitter: https://twitter.com/bwoelk
Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

This blog entry is part of the EDUCAUSE Mobile Computing Sprint and is cross-posted at https://www.educause.edu/blog/bwoelk/SecureMobileanOxymoron/227983

  • 26
    Apr 11
  • 4

Mobile Devices: Paradigm Shift or Just Another Content Delivery Mechanism?

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,Internet Safety,mobile device,Privacy,Social Networking Tags : 

I’m curious about whether you think the integration of mobile devices into curricula is a “game changer/paradigm shift” or whether you regard it as just another content delivery mechanism. As a technical communicator, I’ve looked at the mobile device primarily as an additional delivery vehicle; a channel that can be used to reach others. As an educator, I’m thinking of the possibilities of a course structured around mobile devices as the main education platform. As an information security practitioner, I’m wary of the privacy risks and potential cyberstalking.

Will mobile devices be a boon or a bane? Will they cause a profound change in learning? Are they just a stepping stone to the next big thing?

I’m not sure. Let’s look at a few recent game changers:

  • Personal computing has been and will continue to become ubiquitous. We have access to immense amounts of information. That has changed how we research practical information. Do any of you use printed maps? What about calling 411 for someone’s phone number?
  • The growth of E-readers may eventually sound the death knell of traditional print. Newspapers are scrambling to adapt to a digital audience as they find print circulation shrinking.
  • The transatlantic cable has been described as the Victorian Internet in the way it revolutionized communication.
  • The telephone and the elevator made modern skyscrapers possible.

What about the smartphone?

  • Access to banking is now available through smartphone apps and you either can or will be able to make payments directly from your mobile device. You can also store shopping card info and coupons.
  • Mobile devices have greatly increased the access to social networking.
  • QR codes connect mobile devices to Internet-based information

Do you agree that these are game changers? Are there mobile apps that you do consider to be game changers?

Addressing the educators in my audience, how do you see integrating mobile devices into your courses? Will you redesign your course to take advantage of their capabilities? Are they just “one more thing” to consider in your content delivery? Will you incorporate social networking with both a mobile and traditional computer interface?

I’m interested in your thoughts. I’m not an expert in this area, but I’m trying to adapt to the possibilities.

Please leave a comment so we can have a discussion! Some of you have contacted me individually. Please post here so we can learn from each other.

By the way, If we’re really lucky, maybe mobile learning will be the death of PowerPoint!

Ben Woelk
Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council
Policy and Awareness Analyst
Rochester Institute of Technology
ben.woelk@rit.edu
https://security.rit.edu/dsd.html
Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645
Follow me on Twitter: https://twitter.com/bwoelk
Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

This blog entry is cross-posted at https://www.educause.edu/blog/bwoelk/MobileDevicesParadigmShiftorJu/227783

  • 25
    Apr 11
  • 0

Apps for Integrating Mobile Devices into Classroom Use and Campus Communications

Category:Cyberstalking,EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Social Networking Tags : 

How many of you are integrating mobile devices into classroom work? In addition to my role as Policy and Awareness Analyst, I teach a couple of classes, Cyber Self Defense and Effective Technical Communication.

We discuss secure use of mobile devices in the Cyber Self Defense class. We’ve also talked about potential attacks on mobile device users, especially as the devices are used more for bank account access and making payments. We discuss the potential pitfalls of location services. (As an infosec guy, I’m always focusing on the should not’s rather than the should’s.)

I haven’t really thought too much about integration into the Effective Technical Communication class.

I’m struggling with how to integrate mobile use into either classroom or distance learning. Our students can access some content from our LMS, but so far the functionality is limited. Any successful (or not successful) experiences? Any ideas?

Wearing my Policy and Awareness Analyst hat, one of our strategies in increasing security awareness is to take our message to where the students are. We created a Facebook page for RIT Information Security and have driven up the number of fans by having a drawing each fall for a $100 Barnes & Noble gift card and believe the effort has had some success. As more students use mobile devices, we’re going to want to be where they are as well. One of our HEISC Awareness and Training Working Group members suggested creating an app for security awareness. I know of a Google App for this, but I’d like to have something personalized for our institution.

Have any of you created mobile apps to integrate coursework or for other communications? Are you pushing information to the devices or are you relying on the students pulling the information? Have you found existing apps that you’ve found useful?

Lots of questions. Can anyone suggest some answers?

Ben Woelk

Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu

https://security.rit.edu/dsd.html

Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645

Follow me on Twitter: https://twitter.com/bwoelk

Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

Please note that this blog entry is also posted as part of the EDUCAUSE Mobile Sprint #EDUSprint at https://ow.ly/4GFzf

  • 22
    Apr 11
  • 0

Irony

Category:Information Security,Infosec Communicator,Risk,Uncategorized Tags : 

I received the following notification today:

DHS Announces the Release of New Training Course Workplace Security Awareness No-Cost Critical Infrastructure Workplace Security Training

The Department of Homeland Security announces the availability of IS-906, Workplace Security Awareness, a no-cost training course developed by the Office of Infrastructure Protection Sector-Specific Agency Executive Management Office.

Access IS-906 on the Federal Emergency Management Agency Emergency Management Institute Web site: https://training.fema.gov/EMIWeb/IS/IS906.asp

The online training provides guidance to individuals and organizations on how to improve security in the workplace.  The course is self-paced and takes about an hour to complete. This comprehensive cross-sector training is appropriate for a broad audience regardless of knowledge and skill level.  The course promotes workplace security practices applicable across all 18 critical infrastructure sectors.   The training uses innovative multimedia scenarios and modules to illustrate potential security threats.  …

A certificate is given to participants who complete the entire course.

Sounds reasonable, right?

Ironically, the course asks you to provide your SSN.

Sigh…

  • 20
    Apr 11
  • 0

Technical Communicator 419 Scheme

Category:Information Security,Infosec Communicator,STC Tags : 

The STC Europe SIG has a great parody post today on a Nigerian 419 scheme with a twist: They want access to your bank account to impose penalties for not turning the writing/editing assignments around quickly enough.

DEFINITELY WORTH A READ.

Site Search

Subscribe to Podcast

Apple PodcastsAndroidPodchaserby EmailRSS

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Selected Swag

Support Introverted Leadership on Patreon

Become a Patron!
Blubrry affiliate banner

Subscribe to Podcast

Apple PodcastsAndroidPodchaserby EmailRSS

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Support Introverted Leadership on Patreon

Become a Patron!

Recent Posts

promo image for midday mentors interview

Why CPTC Certification?

August 24, 2021
RIT CPTC Class promo photo

RIT CPTC Exam Preparation Class Beginning June 2021

April 7, 2021
Victoria Lioznyansky Headshot

Episode 34: Victoria Lioznyansky–Public Speaking for Introverts

July 23, 2020
Victoria Lioznyansky Headshot

Episode 033: Victoria Lioznyansky–Introverts and Starting a Business

March 29, 2020

Site Search

Privacy Policy

WordPress Web Hosting

Copyright 2018  Theme developed By Weblizar