Tag Archives: iPhone

  • -

Apps for Integrating Mobile Devices into Classroom Use and Campus Communications

Category:Cyberstalking,EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Social Networking Tags : 

How many of you are integrating mobile devices into classroom work? In addition to my role as Policy and Awareness Analyst, I teach a couple of classes, Cyber Self Defense and Effective Technical Communication.

We discuss secure use of mobile devices in the Cyber Self Defense class. We’ve also talked about potential attacks on mobile device users, especially as the devices are used more for bank account access and making payments. We discuss the potential pitfalls of location services. (As an infosec guy, I’m always focusing on the should not’s rather than the should’s.)

I haven’t really thought too much about integration into the Effective Technical Communication class.

I’m struggling with how to integrate mobile use into either classroom or distance learning. Our students can access some content from our LMS, but so far the functionality is limited. Any successful (or not successful) experiences? Any ideas?

Wearing my Policy and Awareness Analyst hat, one of our strategies in increasing security awareness is to take our message to where the students are. We created a Facebook page for RIT Information Security and have driven up the number of fans by having a drawing each fall for a $100 Barnes & Noble gift card and believe the effort has had some success. As more students use mobile devices, we’re going to want to be where they are as well. One of our HEISC Awareness and Training Working Group members suggested creating an app for security awareness. I know of a Google App for this, but I’d like to have something personalized for our institution.

Have any of you created mobile apps to integrate coursework or for other communications? Are you pushing information to the devices or are you relying on the students pulling the information? Have you found existing apps that you’ve found useful?

Lots of questions. Can anyone suggest some answers?

Ben Woelk

Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu

http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at http://rit.facebook.com/profile.php?id=6017464645

Follow me on Twitter: http://twitter.com/bwoelk

Follow my Infosec Communicator blog at http://benwoelk.wordpress.com

Please note that this blog entry is also posted as part of the EDUCAUSE Mobile Sprint #EDUSprint at http://ow.ly/4GFzf


  • -

Higher Ed, Where’s the Mobile Content?

Category:Higher Education,Infosec Communicator,mobile device,Uncategorized Tags : 

In general, the pace of change far exceeds the ability of any large organization to adapt and adopt, be it a professional organization, an educational institution, or many companies. Mobile content is a good example. Although we’ve know that the rate of adoption is high, in a recent Chronicle of Higher Education Wired blog posting,  Kelly Truong stated that a research study at Ball State University found that about 90% of students were using their smartphones to access the internet.

At the Rochester Institute of Technology, we’re seeing some movement towards providing mobile content, including online coursework. The E. Philip Saunders College of Business has also designed a smartphone app for their students.

Do you use a smartphone to access the internet? Are you happy with the experience? Are any of your companies/colleges, etc. designing web pages for mobile users? Are you designing coursework for mobile users? Developing any corporate apps for iPhone, Android, Blackberry, etc.?

Enhanced by Zemanta

  • 3

Is “Secure Mobile” an Oxymoron?

Category:Information Security,Infosec Communicator,mobile device,Risk Tags : 

If you haven’t noticed, mobile device use is pretty much ubiquitous. Apple iPhone/iPod/iPad, Windows Mobile, Palm, Google Android, Blackberry–all of these device families have their own Operating Systems that could be exploited by an attacker.  Yet, we’re seeing more and more mobile device use in business settings.

SMobile published a white paper yesterday (6/22), Threat Analysis of the Android Market,  about the ~20% of apps available from the Google Android Market that are granted permissions to potentially exploitable features/information when they’re installed. As they point out, it’s pretty easy for an attacker to encourage a potential target to install a seemingly innocent application when that application is available from the Google Market and was never vetted for security issues.

Another big issue is how easy it is to lose a mobile device. If the device is not encrypted, any confidential or private information you’ve placed on the device is at risk. If you’ve cached login credentials to your institution’s network, an attacker has easy access.

We’re working on developing mobile device security guidelines for use in accessing our university data. Because almost all devices are individually-owned and pose their own unique security risks, it’s hard to develop a one-size-fits-all policy. We’re looking at both general and device-specific guidelines.

I’ve included a preliminary draft below, parts of it based on materials developed by EDUCAUSE member institutions.  What would you add or subtract? Is it a good approach?

General Guidelines for Mobile Device Use

  • Configure mobile devices securely. Depending on the specific device, you may be able to:
    • Enable auto-lock. (This may correspond to your screen timeout setting.)
    • Enable password protection.
      • Use a reasonably complex password where possible.
      • Avoid using auto-complete features that remember user names or passwords.
      • You may want to use a password safe application where available.
    • Ensure that browser security settings are configured appropriately.
    • Enable remote wipe options.
      • If you’re connecting to the university email with ActiveSync for email and calendaring, you may be able to wipe the email and calendaring information from your device remotely.
      • Third party applications may also provide the ability to remotely wipe the device.
    • Ensure that SSL protection is enabled.
  • For improved performance and security, register your device and connect to the university WPA2 network where available.
  • Disable Bluetooth (if not needed). This will help prolong battery life and provide better security.
  • Keep your mobile device and applications on the device up to date. Use automatic update options if available.
  • Install an antivirus/security program and configure automatic updates if possible. Like computers, mobile devices have operating systems with weaknesses that attackers may exploit.
  • Use an encryption solution to keep portable data secure in transit and at rest. WPA2 is encrypted. 3G encryption has been cracked. Use an SSL (https) connection where available.
  • Take appropriate physical security measures to prevent theft of mobile devices.
    • Never leave your mobile device unattended.
    • Report lost or stolen devices and change any passwords immediately.
    • Include contact information with the device.
      • On the lock screen (if possible). For example, “If found, please call 585-475-HELP.”
      • Engraved on the device.
      • Inserted into the case.
  • Know your mobile vendor’s policies on lost or stolen devices. Know the steps you need to take if you lose your device. Report the loss to your carrier ASAP so they can deactivate the device.
  • Use appropriate sanitization and disposal procedures for mobile devices.
Enhanced by Zemanta

Categories