Searching for "data security"

game for online privacy and data security

Teachers Turn to Gaming for Online Privacy Lessons

By Dian Schaffhauser 10/10/18

https://thejournal.com/articles/2018/10/10/teachers-turn-to-gaming-for-online-privacy-lessons.aspx

Blind Protocol, an alternate reality game created by two high school English teachers to help students understand online privacy and data security. This form of gaming blends fact and fiction to immerse players in an interactive world that responds to their decisions and actions. In a recent article on KQED, Paul Darvasi and John Fallon described how they chose the gaming format to help their students gain a deeper look at how vulnerable their personal data is.

Darvasi, who blogs at “Ludic Learning,” and Fallon, who writes at “TheAlternativeClassroom,” are both immersed in the education gaming realm.

++++++++++
more on online privacy and data security

http://blog.stcloudstate.edu/ims?s=online+privacy

http://blog.stcloudstate.edu/ims?s=data+security

Cybersecurity Risks in schools

FBI Warns Educators and Parents About Edtech’s Cybersecurity Risks

By Tina Nazerian     Sep 14, 2018

https://www.edsurge.com/news/2018-09-14-fbi-warns-educators-and-parents-about-edtech-s-cybersecurity-risks

The FBI has released a public service announcement warning educators and parents that edtech can create cybersecurity risks for students.

In April 2017, security researchers found a flaw in Schoolzilla’s data configuration settings. And in May 2017, a hacker reportedly stole 77 million user accounts from Edmodo.

Amelia Vance, the director of the Education Privacy Project at the Future of Privacy Forum, writes in an email to EdSurge that the FBI likely wanted to make sure that as the new school year starts, parents and schools are aware of potential security risks. And while she thinks it’s “great” that the FBI is bringing more attention to this issue, she wishes the public service announcement had also addressed another crucial challenge.

“Schools across the country lack funding to provide and maintain adequate security,” she writes. “Now that the FBI has focused attention on these concerns, policymakers must step up and fund impactful security programs.”

According to Vance, a better approach might involve encouraging parents to have conversations with their children’s’ school about how it keeps student data safe.

++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

Data Lake

What is a Data Lake? A Super-Simple Explanation For Anyone

September 6, 2018 Bernard Marr

https://www.linkedin.com/pulse/what-data-lake-super-simple-explanation-anyone-bernard-marr/

James Dixon, the CTO of Pentaho is credited with naming the concept of a data lake. He uses the following analogy:

“If you think of a datamart as a store of bottled water – cleansed and packaged and structured for easy consumption – the data lake is a large body of water in a more natural state. The contents of the data lake stream in from a source to fill the lake, and various users of the lake can come to examine, dive in, or take samples.”

A data lake holds data in an unstructured way and there is no hierarchy or organization among the individual pieces of data. It holds data in its rawest form—it’s not processed or analyzed. Additionally, a data lakes accepts and retains all data from all data sources, supports all data types and schemas (the way the data is stored in a database) are applied only when the data is ready to be used.

What is a data warehouse?

A data warehouse stores data in an organized manner with everything archived and ordered in a defined way. When a data warehouse is developed, a significant amount of effort occurs during the initial stages to analyze data sources and understand business processes.

Data

Data lakes retain all data—structured, semi-structured and unstructured/raw data. It’s possible that some of the data in a data lake will never be used. Data lakes keep all data as well. A data warehouse only includes data that is processed (structured) and only the data that is necessary to use for reporting or to answer specific business questions.

Agility

Since a data lake lacks structure, it’s relatively easy to make changes to models and queries.

Users

Data scientists are typically the ones who access the data in data lakes because they have the skill-set to do deep analysis.

Security

Since data warehouses are more mature than data lakes, the security for data warehouses is also more mature.

+++++++++++++++
more on big data in this IMS blog
http://blog.stcloudstate.edu/ims?s=big+data

Data Privacy Lessons in Alternative Reality Games

How Data Privacy Lessons in Alternative Reality Games Can Help Kids In Real Life

https://www.kqed.org/mindshift/51772/how-data-privacy-lessons-in-alternative-reality-games-can-help-kids-in-real-life

Ubiquitous social media platforms—including Facebook, Twitter and Instagram—have created a venue for people to share and connect with others. We use these services by clicking “I Agree” on Terms of Service screens, trading off some of our private and personal data for seemingly free services. While these services say data collection helps create a better user experience, that data is also potentially exploitable.

The news about how third parties obtain and use Facebook users’ data to wage political campaigns and the mounting evidence of election interference have shined a spotlight on just how secure our data is when we share online. Educating youth about data security can fall under the larger umbrella of digital citizenship, such as social media uses and misuses and learning how not to embarrass or endanger oneself while using the internet.

Darvasi’s students in Toronto can pool together 55 faux bitcoins to purchase and launch the BOTTING protocol against an opponent. The student targeted at Fallon’s school in Connecticut would then have 48 hours to record audio of 10 words of Darvasi’s students choosing and send it back to them through an intermediary (Darvasi or Fallon). For a higher price of 65 faux bitcoins, students can launch MORPHLING, which would give the opponent 48 hours to record a one-minute video explaining three ways to stay safe while using Facebook, while making their school mascot (or a close approximation of) appear in the video in some way during the entire minute.

+++++++++++++
more on digital citizenship in this IMS blog
http://blog.stcloudstate.edu/ims?s=digital+citizenship

cybersecurity threats for schools

The top 5 cybersecurity threats for schools

BY EARL D. LAING November 29th, 2017
https://www.eschoolnews.com/2017/11/29/cybersecurity-threats-schools/

1. Link Security

From ransomware to phishing and other types of security breaches, direct contact is the number one way that you can create a vulnerability in your system. Those who commit these online crimes are finding smarter and sneakier ways to infiltrate your data every day. Sometimes the attack can even come as an email from a legitimate sender, or appear to be a perfectly normal message on social media. The goal is usually to get you to click on a link.

Solution: Make sure the security preferences for your email account(s) are set up to filter spamming, phishing and executable files that aren’t recognized.

2. Unknown Devices

Solution: Your IT system should include a solution that tracks all devices, including those not owned by your school, that enter the network.

3. Out of Date Technology

Contrary to popular misconception, user interaction isn’t always required for a cyber attack to be launched. The WannaCry attack targeted hundreds of computers all with the same security vulnerability on their Windows operating systems.

Solution: Again, an IT solution that tracks all devices is important, but one that can also check on software upgrades and block access to certain apps is ideal.

4. User Error

A data breach in Florida is just one example of the chaos user error can provoke. This issue didn’t begin with hackers at all. It began with carelessness that caused sensitive information to become public.

User error occurs regularly, and a common root of this is failing to restrict access to files or certain sites that may be compromised.

Solution: Restrict user access to sensitive documents only to those who absolutely need them, and make sure that your site architecture is set up to require a secure login for access. You may also want to create a white list of safe sites and applications and block the rest.

5. No Backup

As disheartening as it sounds, even when you take all the necessary precautions to protect your vital information, data breaches can still occur. When an attack happens, it’s often a major blow to productivity to try and get all the information back into a secure place. Worse, vital work can be lost for good.

Solution: Install a backup system on each school device that sends data to a remote server throughout the day (not just at night) to help make sure nothing is lost.

+++++++++++++++
more on cybersecurrity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

cybersecurity kaspersky

Kaspersky Lab Has Been Working With Russian Intelligence

 Emails show the security-software maker developed products for the FSB and accompanied agents on raids. July 11, 2017, 4:00 AM CDT 
https://www.bloomberg.com/news/articles/2017-07-11/kaspersky-lab-has-been-working-with-russian-intelligence

WHY THE US GOVERNMENT SHOULDN’T BAN KASPERSKY SECURITY SOFTWARE

  09.04.17

https://www.wired.com/story/why-the-us-government-shouldnt-ban-kaspersky-security-software/

he General Services Administration (GSA) has ordered the removal of Kaspersky software platforms from its catalogues of approved vendors. Meanwhile, the Senate is considering a draft bill of the 2018 National Defense Acquisition Authorization (known as the NDAA, it specifies the size of and uses for the fiscal year 2018 US Defense Department budget) that would bar the use of Kaspersky products in the military.

W.H. cybersecurity coordinator warns against using Kaspersky Lab software

https://www.cbsnews.com/news/kasperksy-lab-software-suspected-ties-russian-intelligence-rob-joyce/

Kaspersky: Russia responds to US ban on software

14 September 2017 http://www.bbc.com/news/world-us-canada-41262049

 +++++++++++++++

KASPERSKY, RUSSIA, AND THE ANTIVIRUS PARADOX

 10.11.17

https://www.wired.com/story/kaspersky-russia-antivirus/

Israel and Russia’s overlapping hacks of Kaspersky complicate espionage narrative

Israel and Russia’s overlapping hacks of Kaspersky complicate espionage narrative

The whole ordeal is a nightmare for Kaspersky Lab. The company looks incompetent at preventing state-sponsored hacks in the best-case scenario and complicit with the Russian government in the worst-case scenario. However it plays out, the unfolding drama will certainly hurt the software maker’s footprint in the U.S., where Congress has already taken action to purge the government of the company’s software.

+++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

wifi cybersecurity

All wifi networks’ are vulnerable to hacking, security expert discovers

WPA2 protocol used by vast majority of wifi connections has been broken by Belgian researchers, highlighting potential for internet traffic to be exposed

Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.

The United States Computer Emergency Readiness Team (Cert) issued a warning on Sunday in response to the vulnerability.

“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others,” the alert says, detailing a number of potential attacks. It adds that, since the vulnerability is in the protocol itself, rather than any specific device or software, “most or all correct implementations of the standard will be affected”.

+++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

Privacy & Security in Today’s Library

Privacy & Security in Today’s Library by Amigos Library Services

The virtuality of privacy and security on the from Plamen Miltenoff

From: Jodie Borgerding [mailto:Borgerding@amigos.org]
Sent: Wednesday, July 05, 2017 3:07 PM
To: Miltenoff, Plamen <pmiltenoff@stcloudstate.edu>
Cc: Nicole Walsh <WALSH@AMIGOS.ORG>
Subject: Proposal Submission for Privacy & Security Conference

Hi Plamen,

Thank you for your recent presentation proposal for the online conference, Privacy & Security in Today’s Library, presented by Amigos Library Services. Your proposal, The role of the library in teaching with technology unsupported by campus IT: the privacy and security issues of the “third-party,” has been accepted. I just wanted to confirm that you are still available to present on September 21, 2017 and if you have a time preference for your presentation (11 am, 12 pm, or 2 pm Central). If you are no longer able to participate, please let me know.

Nicole will be touch with you shortly with additional details and a speaker’s agreement.

Please let me know if you have any questions.

Thanks!
___________________

Jodie Borgerding Consulting & Education Services Manager Amigos Library Services 1190 Meramec Station Road, Suite 207 | Ballwin, MO  63021-6902 800-843-8482 x2897 | 972-340-2897(direct) http://www.amigos.org | borgerding@amigos.org

+++++++++++++++++

Bio

Dr. Plamen Miltenoff is an Information Specialist and Professor at St. Cloud State University. His education includes several graduate degrees in history and Library and Information Science and terminal degrees in education and psychology.

His professional interests encompass social media, multimedia, Web development and design, gaming and gamification, and learning environments (LEs).

Dr. Miltenoff organized and taught classes such as LIB 290 “Social Media in Global Context” (http://web.stcloudstate.edu/pmiltenoff/lib290/) and LIB 490/590 “Digital Storytelling” (http://web.stcloudstate.edu/pmiltenoff/lib490/) where issues of privacy and security are discussed.

Twitter handle @SCSUtechinstruc

Facebook page: https://www.facebook.com/InforMediaServices/

The virtuality of privacy and security on the modern campus:

The role of the library in teaching with technology unsupported by campus IT: the privacy and security issues of the “third-party software” teaching and learning

Abstract/Summary of Your Proposed Session

The virtualization reality changes rapidly all aspects of learning and teaching: from equipment to methodology, just when faculty have finalized their syllabus, they have to start a new, if they want to keep abreast with content changes and upgrades and engagement of a very different student fabric – Millennials.

Mainframes are replaced by microcomputers, microcomputers by smart phones and tablets, hard drives by cloud storage and wearables by IoT. The pace of hardware, software and application upgrade is becoming unbearable for students and faculty. Content creation and methodology becomes useless by the speed of becoming obsolete. In such environment, faculty students and IT staff barely can devote time and energy to deal with the rapidly increasing vulnerability connected with privacy and security.

In an effort to streamline ever-becoming-scarce resources, campus IT “standardizes” campus use of applications. Those are the applications, which IT chooses to troubleshoot campus-wide. Those are the applications recommended to faculty and students to use.

In an unprecedented burgeoning amount of applications, specifically for mobile devices, it is difficult to constraint faculty and students to use campus IT sanctioned applications, especially considering the rapid pace of such applications becoming obsolete. Faculty and students often “stray” away and go with their own choice. Such decision exposes faculty and students, personally, and the campus, institutionally, at risk. In a recent post by THE Journal, attention on campuses is drown to the fact that cyberattacks shift now from mobile devices to IoT and campus often are struggling even with their capability to guarantee cybersecurity of mobile devices on campus. Further, the use of third-party application might be in conflict with the FERPA campus-mandated policies. Such policies are lengthy and complex to absorb, both by faculty and students and often are excessively restrictive in terms of innovative ways to improve methodology and pedagogy of teaching and learning. The current procedure of faculty and students proposing new applications is a lengthy and cumbersome bureaucratic process, which often render the end-users’ proposals obsolete by the time the process is vetted.

Where/what is the balance between safeguarding privacy on campus and fostering security without stifling innovation and creativity? Can the library be the campus hub for education about privacy and security, the sandbox for testing and innovation and the body to expedite decision-making?

Abstract

The pace of changes in teaching and learning is becoming impossible to sustain: equipment evolves in accelerated pace, the methodology of teaching and learning cannot catch up with the equipment changes and atop, there are constant content updates. In an even-shrinking budget, faculty, students and IT staff barely can address the issues above, less time and energy left to address the increasing concerns about privacy and security.

In an unprecedented burgeoning amount of applications, specifically for mobile devices, it is difficult to constraint faculty and students to use campus IT sanctioned applications, especially considering the rapid pace of such applications becoming obsolete. Faculty and students often “stray” away and go with their own choice. Such decision exposes faculty and students, personally, and the campus, institutionally, at risk. In a recent post by THE Journal (http://blog.stcloudstate.edu/ims/2017/06/06/cybersecurity-and-students/), attention on campuses is drawn to the fact of cyberattacks shifting from mobile devices to IoT but campus still struggling to guarantee cybersecurity of mobile devices on campus. Further, the use of third-party applications might be in conflict with the FERPA campus-mandated policies. Such policies are lengthy and complex to absorb, both by faculty and students and often are excessively restrictive in terms of innovative ways to improve methodology and pedagogy of teaching and learning. The current procedure of faculty and students proposing new applications is a lengthy and cumbersome bureaucratic process, which often render the end-users’ proposals obsolete by the time the process is vetted.

Where/what is the balance between safeguarding privacy on campus and fostering security without stifling innovation and creativity? Can the library be the campus hub for education about privacy and security, the sandbox for testing and innovation and the body to expedite decision-making?

http://blog.stcloudstate.edu/ims/2017/06/06/cybersecurity-and-students/

Anything else you would like to add

3 take-aways from this session:

  • Discuss and form an opinion about the education-pertinent issues of privacy and security from the broad campus perspective, versus the narrow library one
  • Discuss and form an opinion about the role of the library on campus in terms of the greater issues of privacy and security

Re-examine the thin red line of the balance between standardization and innovation; between the need for security and privacy protection a

++++++++++++++
presentation:
https://www.slideshare.net/aidemoreto/the-virtuality-of-privacy-and-security-on-the 

chat – slide 4, privacy. please take 2 min and share your definition of privacy on campus. Does it differ between faculty and students?  what are the main characteristics to determine privacy

chat – slide 5, security. please take 2 min and share your definition of security on campus regarding electronic activities. Who’s responsibility is security? IT issue [only]?

poles: slide 6, technology unsupported by campus IT, is it worth considering? 1. i am a great believer in my freedom of choice 2. I firmly follow rules and this applies to the use of computer tools and applications 3. Whatever…

chat –  slide 6, why third party applications? pros and cons. E.g. pros – familiarity with third party versus campus-required

pole, slide 6, appsmashing. App smashing is the ability to combine mobile apps in your teaching process. How do you feel about it? 1. The force is with us 2. Nonsense…

pole slide 7 third party apps and the comfort of faculty. How do you see the freedom of using third party apps? 1. All I want, thank you 2. I would rather follow the rules 3. Indifference is my middle name

pole slide 8 Technology standardization? 1. yes, 2. no, 3. indifferent

chat slide 9 if the two major issues colliding in this instance are: standardization versus third party and they have impact on privacy and security, how would you argue for the one or the other?

++++++++++++++++
notes from the conference

 

 

Measuring Library Vendor Cyber Security: Seven Easy Questions Every Librarian Can Ask

http://journal.code4lib.org/articles/11413

Bill Walker: http://www.amigos.org/innovating_metadata

 

+++++++++++++++
more on security in education in this IMS blog
http://blog.stcloudstate.edu/ims?s=security

more on privacy in education in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

cybersecurity and students

You’ve Been Hacked! Explaining Cybersecurity to Students in an Interconnected Era

By Jacob Batchelor 06/01/17

https://thejournal.com/articles/2017/06/01/youve-been-hacked-explaining-cybersecurity-to-students-in-an-interconnected-era.aspx

Here’s an easy way to explain IoT hacks to students:

  • A hacker accesses a device, like a webcam, through its internet connection. Devices with weak security or easy-to-guess passwords make easy targets.
  • The hacker can then infect the device with malware, a type of computer virus that takes control of a device.
  • The hacker now has a number of options. He or she can use the device to spy, infect other devices or attack a target like the servers (centralized computers that store network data) targeted in the October 2016 attack.
  • Research the manufacturer. Are they reputable? Have they previously been hacked? Big, established companies based in developed countries are usually the safest.
  • Read up on security features. Is the device password-protected? Can you set your own password? If so, make it a strong password that uses numbers, letters and symbols — avoid common words or phrases.
  • Regularly check for updates. Good companies will regularly update the software on their devices to protect against vulnerabilities.
  • Ask yourself — do you need it? Make sure internet-connectivity is something you really need on the device you’re using. In many cases, internet-connectivity is not necessary for the device to function properly.

a few tips that students can use to protect their privacy while using smartphones:

  • Research apps before signing up for them. Is it from a reputable developer? Has it had security issues in the past? Use the same approach as when researching IoT devices.
  • Look over the terms of service. What information does it require? Does it track or store your data? Can the developer sell your information? All of these questions are important to consider.
  • Be careful when linking apps to your social media accounts. Giving apps access to your social media accounts makes them vulnerable to hacking. Is there a good reason for the accounts to be linked? Can you sign up without linking to a social media account?
  • Use two-factor authentication. Two-factor authentication requires authorization beyond a password when using unrecognized devices such as entering a code sent to your cellphone. As apps allow, be sure to use two-factor authentication which will make it more difficult for hackers to access the information stored in your apps.

++++++++++++++
more on hackers in this IMS blog
http://blog.stcloudstate.edu/ims?s=hacker

big data in ed

New Report Examines Use of Big Data in Ed

By Dian Schaffhauser  05/17/17

https://campustechnology.com/articles/2017/05/17/new-report-examines-use-of-big-data-in-ed.aspx

new report from the National Academy of Education “Big Data in Education,” summarizes the findings of a recent workshop held by the academy

three federal laws: Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA) and the Protection of Pupil Rights Amendment (PPRA).

over the last four years, 49 states and the District of Columbia have introduced 410 bills related to student data privacy, and 36 states have passed 85 new education data privacy laws. Also, since 2014, 19 states have passed laws that in some way address the work done by researchers.

researchers need to get better at communicating about their projects, especially with non-researchers.

One approach to follow in gaining trust “from parents, advocates and teachers” uses the acronym CUPS:

  • Collection: What data is collected by whom and from whom;
  • Use: How the data will be used and what the purpose of the research is;
  • Protection: What forms of data security protection are in place and how access will be limited; and
  • Sharing: How and with whom the results of the data work will be shared.

Second, researchers must pin down how to share data without making it vulnerable to theft.

Third, researchers should build partnerships of trust and “mutual interest” pertaining to their work with data. Those alliances may involve education technology developers, education agencies both local and state, and data privacy stakeholders.

Along with the summary report, the results of the workshop are being maintained on a page within the Academy’s website here.

+++++++++++++++++
more on big data in education in this IMS blog
http://blog.stcloudstate.edu/ims?s=big+data

1 2 3 8