Tag Archives: Information Technology

  • -

Apps for Integrating Mobile Devices into Classroom Use and Campus Communications

Category:Cyberstalking,EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Social Networking Tags : 

How many of you are integrating mobile devices into classroom work? In addition to my role as Policy and Awareness Analyst, I teach a couple of classes, Cyber Self Defense and Effective Technical Communication.

We discuss secure use of mobile devices in the Cyber Self Defense class. We’ve also talked about potential attacks on mobile device users, especially as the devices are used more for bank account access and making payments. We discuss the potential pitfalls of location services. (As an infosec guy, I’m always focusing on the should not’s rather than the should’s.)

I haven’t really thought too much about integration into the Effective Technical Communication class.

I’m struggling with how to integrate mobile use into either classroom or distance learning. Our students can access some content from our LMS, but so far the functionality is limited. Any successful (or not successful) experiences? Any ideas?

Wearing my Policy and Awareness Analyst hat, one of our strategies in increasing security awareness is to take our message to where the students are. We created a Facebook page for RIT Information Security and have driven up the number of fans by having a drawing each fall for a $100 Barnes & Noble gift card and believe the effort has had some success. As more students use mobile devices, we’re going to want to be where they are as well. One of our HEISC Awareness and Training Working Group members suggested creating an app for security awareness. I know of a Google App for this, but I’d like to have something personalized for our institution.

Have any of you created mobile apps to integrate coursework or for other communications? Are you pushing information to the devices or are you relying on the students pulling the information? Have you found existing apps that you’ve found useful?

Lots of questions. Can anyone suggest some answers?

Ben Woelk

Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu

http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at http://rit.facebook.com/profile.php?id=6017464645

Follow me on Twitter: http://twitter.com/bwoelk

Follow my Infosec Communicator blog at http://benwoelk.wordpress.com

Please note that this blog entry is also posted as part of the EDUCAUSE Mobile Sprint #EDUSprint at http://ow.ly/4GFzf


  • -

Covert Affairs Gets It (mostly) Right

Category:Information Security,Infosec Communicator,Risk Tags : 
Artist's conception of a WGS satellite in orbit
Image via Wikipedia

When television and movies use information security as their storyline, they typically pass up accuracy for the sake of drama. I was pleasantly surprised when a recent episode of Covert Affairs actually got the information security content mostly right.

In the episode in question, the character Natasha plays a freelance hacker who was employed by Russian organized crime to develop malware. Natasha demonstrates a successful hack that immobilizes a communications satellite and most computer-controlled infrastructure such as phones, television, traffic lights, etc. Although the ability to create a hack that could accomplish all of these goals is a bit of a stretch, Covert Affairs got some things right.

Organized crime and freelance hackers

When I first began working in information security several years ago I was told by a co-worker that organized crime was responsible for much of the malware developed today. I was very surprised as I had not thought about how malware attacks might be funded. Organized crime does hire freelance hackers to develop malware, although the most common purpose is to aid in identity theft. Although the hack demonstrated in the episode is something you might expect to see in a cyber attack and is not as common as that developed for identity theft, there have been computer attacks on infrastructure in Estonia and Georgia, and the United States certainly attempted to paralyze the infrastructure of Iraq before Desert Storm. In 2010, the United States Cyber Command was announced.

Using computer code in a way that it’s possible to identify the author

Security experts do examine some hacks to try to determine its author, especially if its a severe attack. Check out this article in Wired Magazine “Pentagon Searches for ‘Digital DNA’ to Identify Hackers” (http://www.wired.com)

Kudos to Covert Affairs for making an effort to get the technical details correct.

Enhanced by Zemanta

  • 1

Having Fun with Security Awareness–Phishing

Category:Higher Education,Information Security,Infosec Communicator,Social Networking,Uncategorized Tags : 

Phishy

Phishy and Ritchie at RIT

The task of creating a culture of information security awareness in higher education can be a daunting one. You may feel as though your efforts are unnoticed and unrewarded. However, one of the really cool things about working in higher ed is that universities and colleges are often willing to share their best practices and even the materials they’ve created. This can ease the burden of coming up with new ideas to to help increase user awareness of information security threats.

Over the last couple of years, higher education has seen an increase in phishing attempts known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s Information Technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (Much as we’d like to block all phishing attempts and train our community to recognize and not respond to password requests, someone will always fall for a well-crafted phish.)

Unsure of how to best combat the threat, we formed a team of our best information technology and information thinkers to address the issue. We chose a multi-pronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem.

One of our coop students had worked the previous summer at Yale University and showed us phishing awareness posters that they had created. We received permission from Yale to modify the posters for our own use and began a poster campaign on campus. We decided to go a step beyond.

What better way to draw attention to phishing than having a giant “phish” walk around campus! Phishy was an instant hit. Phishy visited offices around campus and greeted students with cards that reminded them to NEVER respond to requests for their passwords. Phishy hung around RIT for a week twice during 2009.

Gil Phish

Gil Phish at Yale

This fall, Yale leveraged our Phishy idea. They bought a fish costume and greeted new students at orientation. (They also created a Gil Phish Facebook page with pictures of Gil engaged in behavior that could only be described as sub-crustacean…

Building off of each others successes has enabled both universities to create innovative security awareness programs.

Enhanced by Zemanta

Categories