May 6, 2024
“Every security breach that we read about in the news provides us with an opportunity to reflect upon the root causes of the situation and use those breaches to improve our own security posture. High-profile breaches offer us the ability to learn from the mistakes of others, rather than repeating them ourselves,” said Mike Chapple, adjunct research analyst, IDC.
IDC Research Report published October 2019.
Read the full report: Lessons Learned from Six Major Data Breaches
Campus administrators and faculty understand the importance of protecting sensitive student information. The past two decades have brought us a variety of laws and regulations dictating how we handle student records, as well as a series of high-profile security incidents that underscore the importance of rising to meet these obligations.
As we discuss the criticality of protecting sensitive student information, we often throw around three terms: confidentiality, security and privacy. While many people use these terms interchangeably, they actually refer to separate but related concepts. Institutions seeking to mature their data protection practices will benefit from providing their constituents with a clear understanding of these interrelated concepts.
Published October 2019 in EdTech Magazine.
Read the full article: Security, Privacy and Confidentiality: What’s the Difference?
Six years ago, a major U.S. retailer suffered one of the most famous data breaches in history. Attackers compromised the company’s retail point-of-sale (POS) system and remained embedded in it for over two weeks, siphoning credit card information that moved through the system during the busy holiday shopping period. When the dust settled, the investigation revealed that the breach affected 41 million consumers.
Incident investigators traced the root cause of the breach back to an unlikely source: An HVAC repair company that served as a contractor to the retailer and had VPN access to its network. An attacker managed to steal the password of an employee of the contractor and used that initial access to work his or her way into the network, install malware on the POS system and instruct it to collect customer information.
Published October 2019 in BizTech Magazine.
Read the full article: Don’t Be Victimized by a Supply Chain Attack
Data Encryption Standard and Advanced Encryption Standard sound similar, and both are examples of symmetric block ciphers. That is where the similarities end, however. DES is an outdated method of data encryption, and development on AES began in the late 1990s when DES was deemed inadequate from a cybersecurity standpoint.
When it was initially developed, the DES symmetric-key algorithm was commonly used for data encryption. It was superseded by the more secure AES algorithm when AES became a federal government standard in 2002.
DES is a block cipher, meaning, rather than encrypting one bit at a time, a cryptographic key and algorithm encrypt a block of data concurrently. When using DES, the same private key is used to encrypt and decrypt a message.
Published October 2019 in SearchSecurity
Read the full article: The difference between AES and DES encryption
Administrators and educational staff at schools around the country understand the importance of protecting student privacy. The Family Educational Rights and Privacy Act, signed into law in 1974 by President Gerald Ford, created clear protections for student educational records, limiting the ways school officials can share those records with outside parties and ensuring parents retain access to information about their children.
FERPA is well known within the educational community, but it is often misunderstood.
Published September 2019 in EdTech Magazine.
Read the full article: Understanding FERPA: How K?12 Schools Can Update Their Data Privacy Approach
Earning a technology certification requires some significant investments of both money and time. Candidates purchase study materials, pay tuition for training programs, and renew certifications with annual maintenance fees.
Pursuing a new certification typically requires hundreds of hours of preparation, while maintaining existing certifications requires participating in and documenting professional development activities. Is this investment worth it? Are certifications an effective and reliable way to learn new technologies and demonstrate that knowledge to potential employers?
Published September 2019 in Certification Magazine.
Read the full article: Is certification a reliable means of learning new IT skills and concepts?
Encrypting web content is nothing new: It’s been nearly 20 years since the publication of the specification for encrypting web content by running HTTP over the Transport Layer Security protocol. However, running a secure encrypted web server has gone from an option to a virtual necessity in recent years.
Attackers continue to seek — and find — ways to steal information sent between users and web services, often by tapping into unencrypted content being sent over the Hypertext Transfer Protocol. Even for mundane, untargeted web content, securing a website with encryption is crucial, as the top browsers now flag unencrypted websites as potentially dangerous.
Published September 2019 in SearchSecurity
Read the full article: How to encrypt and secure a website using HTTPS
How much do you know about passwords? You might believe password authentication is old hat, and that you already know the best practices for implementing them. After all, we’ve heard password hygiene messages for years, right?
But unless you’ve updated your knowledge recently, you might be in for a few surprises.
The National Institute of Standards and Technology released Special Publication 800-63B: Digital Identity Guidelines — the newest set of guidelines — in mid-2017. Contained within this lengthy government document are dramatic changes in the way the security community thinks about passwords. Take a look at a few prevailing opinions about password security and see whether they are fact or fallacy under this revised guidance.
Published August 2019 in EdTech Magazine.
Read the full article: Fact or Fallacy: Stay Up to Date on the Best Practices for Password Security
Wireshark continues to be one of the most powerful tools in a network security analyst’s toolkit. As a network packet analyzer, Wireshark can peer inside all kinds of network traffic and examine the details of wireless and wired network traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection enable the valuable tool to analyze security events and troubleshoot network security device issues.
And, as open source software, it’s free, so the price is right.
Published August 2019 in SearchSecurity
Read the full article: Wireshark tutorial: How to use Wireshark to sniff network traffic
Security products incorporating artificial intelligence techniques may reduce the workload for human analysts,taking over the time-consuming job of correlating information sources and mining voluminous logs to uncover suspicious patterns of activity. Vendors, seeing the hype around AI, are quick to slap the label on almost any technology for a cutting-edge veneer. Here are five questions to ask before purchasing an AI-enabled security system
Published July 2019 in FedTech Magazine.
Read the full article: 5 Questions to Ask About Buying AI-Enabled Security Software