Tag Archives: Information security

  • 2

Infosec Strategies: Creating Centralized Efficiencies in a Decentralized IT Environment

Category:Higher Education,Information Security,Infosec Communicator,Leadchange,Risk,Uncategorized Tags : 

Information Security Wordle: RFC2196 - Site Se...

My thoughts on one of the challenges facing infosec offices in higher education. It reflects my thoughts, and not necessarily those of my employer.

The institutional challenge of creating centralized cost-effective efficiencies in an environment with a strong tradition of localized, decentralized IT solutions and personnel is normative in higher education.

An Information Security Office can create centralized efficiencies by:

  • Modeling an effective centralized service organization that is responsive to the individual needs of specific departments. (One way to accomplish this is by regular meetings with stakeholders to ensure that the Information Security Office can enable their business, rather than create barriers with unreasonable requirements.)
  • Providing centralized security services such as vulnerability scanning of web and servers and security reviews of proposed solutions.
  • Managing compliance initiatives such as private information remediation centrally, leveraging an extended team composed of empowered college and division representatives.
    Read More

  • 0

  • 0

Simplifying Password Complexity

Category:Information Security,Infosec Communicator,password,Uncategorized Tags : 

T y p e w r i t e r ⏎Let’s be honest. Passwords are a pain. We all know that it’s important to have different passwords for different places and we all know that they need to be fairly complex. We also know that remembering numerous passwords, especially strong passwords, can be a challenge. So what’s the best strategy?

In this article, I’ll talk about how to create memorable (but strong) passwords and suggest a tool that will make constructing and remembering strong passwords easier.

In general, the strength of a password depends on two factors: length and complexity. Although there’s some disagreement, length is more important than complexity. (For a humorous illustration of password complexity, read the XKCD comic at https://xkcd.com/936/)

Increased complexity makes it more difficult to create a password that you can remember.  The idea of a long complex password may be overwhelming. However, increasing password length alone can result in a password that’s memorable and stronger. Because of the way Windows stores some passwords, the “magic number” is 15 characters or more. A traditional complex password of 15 characters might look like this: “qV0m$$#owc2h0X5”. I don’t know about you, but there’s no way I’m going to remember a password like that. You COULD write it down and store it securely, but it’s not the easiest password to enter on a keyboard, and storing passwords in a browser or in a desktop application is insecure.

Here are a couple of strategies for strong passwords.

Read More

  • 1

Digital Self Defense for Incoming Students at RIT Presentation

Category:Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Risk,Social Networking Tags : 

We had a great time presenting to our 2800-person incoming class at the Rochester Institute of Technology. Here’s the YouTube video of the five presentations (Hannah Morgan, Dawn Soufleris, Nick Francesco, Jon Maurer, and Ben Woelk) aptly emcee’d by Chris Tarantino.

Click on the screenshot to watch the show!

Enhanced by Zemanta

  • 1

A Lightning Fast Introduction to Digital Self Defense

Category:Higher Education,Information Security,Infosec Communicator,Uncategorized Tags : 

Each year at the Rochester Institute of Technology we introduce the concepts of Digital Self Defense to incoming students. We’ve tried a variety of presentation types and venues, ranging from several sets of co-presenters talking with “smaller” groups of students to one presenter in front of the 2000+ students at our Gordon Field House.

We kicked off our activities this year at New Student Move-in Day with our table of resource materials and a guest appearance by Phishy. Phishy provides a visual reminder for students to watch out for phishing attempts. Quite a few students posed with Phishy for photos.

Our New Student Orientation activities will conclude on Saturday, Sept 1, as we deliver a series of Lightning Talks on the subject of Digital Self Defense. We’ll cover online reputation management, safer social networking, avoiding online identity theft, security requirements at RIT, and illegal file sharing.

Because we’ll have captionists and ASL (American Sign Language)  interpreters, we’ve added 3 seconds to each slide. As in other Lightning Talks, the slides will advance automatically, every 18 seconds. I’m the only one of the presenters who’s done a Lightning Talk, and I’m looking forward to seeing how each presenter deals with the challenge of a very large (~2500) audience and a slide deck they don’t control.

Five presenters. Five different styles. Huge audience. Should be interesting.

Watch for my followup post!

Enhanced by Zemanta

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,234 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner