Searching for "security"

Privacy & Security in Today’s Library

Privacy & Security in Today’s Library by Amigos Library Services

From: Jodie Borgerding [mailto:Borgerding@amigos.org]
Sent: Wednesday, July 05, 2017 3:07 PM
To: Miltenoff, Plamen <pmiltenoff@stcloudstate.edu>
Cc: Nicole Walsh <WALSH@AMIGOS.ORG>
Subject: Proposal Submission for Privacy & Security Conference

Hi Plamen,

Thank you for your recent presentation proposal for the online conference, Privacy & Security in Today’s Library, presented by Amigos Library Services. Your proposal, The role of the library in teaching with technology unsupported by campus IT: the privacy and security issues of the “third-party,” has been accepted. I just wanted to confirm that you are still available to present on September 21, 2017 and if you have a time preference for your presentation (11 am, 12 pm, or 2 pm Central). If you are no longer able to participate, please let me know.

Nicole will be touch with you shortly with additional details and a speaker’s agreement.

Please let me know if you have any questions.

Thanks!
___________________

Jodie Borgerding Consulting & Education Services Manager Amigos Library Services 1190 Meramec Station Road, Suite 207 | Ballwin, MO  63021-6902 800-843-8482 x2897 | 972-340-2897(direct) http://www.amigos.org | borgerding@amigos.org

+++++++++++++++++

Bio

Dr. Plamen Miltenoff is an Information Specialist and Professor at St. Cloud State University. His education includes several graduate degrees in history and Library and Information Science and terminal degrees in education and psychology.

His professional interests encompass social media, multimedia, Web development and design, gaming and gamification, and learning environments (LEs).

Dr. Miltenoff organized and taught classes such as LIB 290 “Social Media in Global Context” (http://web.stcloudstate.edu/pmiltenoff/lib290/) and LIB 490/590 “Digital Storytelling” (http://web.stcloudstate.edu/pmiltenoff/lib490/) where issues of privacy and security are discussed.

Twitter handle @SCSUtechinstruc

Facebook page: https://www.facebook.com/InforMediaServices/

The virtuality of privacy and security on the modern campus:

The role of the library in teaching with technology unsupported by campus IT: the privacy and security issues of the “third-party software” teaching and learning

Abstract/Summary of Your Proposed Session

The virtualization reality changes rapidly all aspects of learning and teaching: from equipment to methodology, just when faculty have finalized their syllabus, they have to start a new, if they want to keep abreast with content changes and upgrades and engagement of a very different student fabric – Millennials.

Mainframes are replaced by microcomputers, microcomputers by smart phones and tablets, hard drives by cloud storage and wearables by IoT. The pace of hardware, software and application upgrade is becoming unbearable for students and faculty. Content creation and methodology becomes useless by the speed of becoming obsolete. In such environment, faculty students and IT staff barely can devote time and energy to deal with the rapidly increasing vulnerability connected with privacy and security.

In an effort to streamline ever-becoming-scarce resources, campus IT “standardizes” campus use of applications. Those are the applications, which IT chooses to troubleshoot campus-wide. Those are the applications recommended to faculty and students to use.

In an unprecedented burgeoning amount of applications, specifically for mobile devices, it is difficult to constraint faculty and students to use campus IT sanctioned applications, especially considering the rapid pace of such applications becoming obsolete. Faculty and students often “stray” away and go with their own choice. Such decision exposes faculty and students, personally, and the campus, institutionally, at risk. In a recent post by THE Journal, attention on campuses is drown to the fact that cyberattacks shift now from mobile devices to IoT and campus often are struggling even with their capability to guarantee cybersecurity of mobile devices on campus. Further, the use of third-party application might be in conflict with the FERPA campus-mandated policies. Such policies are lengthy and complex to absorb, both by faculty and students and often are excessively restrictive in terms of innovative ways to improve methodology and pedagogy of teaching and learning. The current procedure of faculty and students proposing new applications is a lengthy and cumbersome bureaucratic process, which often render the end-users’ proposals obsolete by the time the process is vetted.

Where/what is the balance between safeguarding privacy on campus and fostering security without stifling innovation and creativity? Can the library be the campus hub for education about privacy and security, the sandbox for testing and innovation and the body to expedite decision-making?

Abstract

The pace of changes in teaching and learning is becoming impossible to sustain: equipment evolves in accelerated pace, the methodology of teaching and learning cannot catch up with the equipment changes and atop, there are constant content updates. In an even-shrinking budget, faculty, students and IT staff barely can address the issues above, less time and energy left to address the increasing concerns about privacy and security.

In an unprecedented burgeoning amount of applications, specifically for mobile devices, it is difficult to constraint faculty and students to use campus IT sanctioned applications, especially considering the rapid pace of such applications becoming obsolete. Faculty and students often “stray” away and go with their own choice. Such decision exposes faculty and students, personally, and the campus, institutionally, at risk. In a recent post by THE Journal (http://blog.stcloudstate.edu/ims/2017/06/06/cybersecurity-and-students/), attention on campuses is drawn to the fact of cyberattacks shifting from mobile devices to IoT but campus still struggling to guarantee cybersecurity of mobile devices on campus. Further, the use of third-party applications might be in conflict with the FERPA campus-mandated policies. Such policies are lengthy and complex to absorb, both by faculty and students and often are excessively restrictive in terms of innovative ways to improve methodology and pedagogy of teaching and learning. The current procedure of faculty and students proposing new applications is a lengthy and cumbersome bureaucratic process, which often render the end-users’ proposals obsolete by the time the process is vetted.

Where/what is the balance between safeguarding privacy on campus and fostering security without stifling innovation and creativity? Can the library be the campus hub for education about privacy and security, the sandbox for testing and innovation and the body to expedite decision-making?

http://blog.stcloudstate.edu/ims/2017/06/06/cybersecurity-and-students/

Anything else you would like to add

3 take-aways from this session:

  • Discuss and form an opinion about the education-pertinent issues of privacy and security from the broad campus perspective, versus the narrow library one
  • Discuss and form an opinion about the role of the library on campus in terms of the greater issues of privacy and security

Re-examine the thin red line of the balance between standardization and innovation; between the need for security and privacy protection a

++++++++++++++
presentation:
https://www.slideshare.net/aidemoreto/the-virtuality-of-privacy-and-security-on-the 

chat – slide 4, privacy. please take 2 min and share your definition of privacy on campus. Does it differ between faculty and students?  what are the main characteristics to determine privacy

chat – slide 5, security. please take 2 min and share your definition of security on campus regarding electronic activities. Who’s responsibility is security? IT issue [only]?

poles: slide 6, technology unsupported by campus IT, is it worth considering? 1. i am a great believer in my freedom of choice 2. I firmly follow rules and this applies to the use of computer tools and applications 3. Whatever…

chat –  slide 6, why third party applications? pros and cons. E.g. pros – familiarity with third party versus campus-required

pole, slide 6, appsmashing. App smashing is the ability to combine mobile apps in your teaching process. How do you feel about it? 1. The force is with us 2. Nonsense…

pole slide 7 third party apps and the comfort of faculty. How do you see the freedom of using third party apps? 1. All I want, thank you 2. I would rather follow the rules 3. Indifference is my middle name

pole slide 8 Technology standardization? 1. yes, 2. no, 3. indifferent

chat slide 9 if the two major issues colliding in this instance are: standardization versus third party and they have impact on privacy and security, how would you argue for the one or the other?

++++++++++++++++
notes from the conference

 

 

Measuring Library Vendor Cyber Security: Seven Easy Questions Every Librarian Can Ask

http://journal.code4lib.org/articles/11413

Bill Walker: http://www.amigos.org/innovating_metadata

 

+++++++++++++++
more on security in education in this IMS blog
http://blog.stcloudstate.edu/ims?s=security

more on privacy in education in this IMS blog
http://blog.stcloudstate.edu/ims?s=privacy

girl scouts, badges for cybersecurity

Girl Scouts to Earn Badges in Cybersecurity

The education program is being developed in a partnership between the Girl Scouts and Palo Alto Networks. Jun 23, 2017

https://securitytoday.com/articles/2017/06/23/girl-scouts-to-earn-badges-in-cybersecurity.aspx

The education program, which aims to reach as many as 1.8 million Girl Scouts in kindergarten through sixth grade, is being developed in a partnership between the Girl Scouts and Palo Alto Networks, a security company, the organization said in a press release.

++++++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

cybersecurity and students

You’ve Been Hacked! Explaining Cybersecurity to Students in an Interconnected Era

By Jacob Batchelor 06/01/17

https://thejournal.com/articles/2017/06/01/youve-been-hacked-explaining-cybersecurity-to-students-in-an-interconnected-era.aspx

Here’s an easy way to explain IoT hacks to students:

  • A hacker accesses a device, like a webcam, through its internet connection. Devices with weak security or easy-to-guess passwords make easy targets.
  • The hacker can then infect the device with malware, a type of computer virus that takes control of a device.
  • The hacker now has a number of options. He or she can use the device to spy, infect other devices or attack a target like the servers (centralized computers that store network data) targeted in the October 2016 attack.
  • Research the manufacturer. Are they reputable? Have they previously been hacked? Big, established companies based in developed countries are usually the safest.
  • Read up on security features. Is the device password-protected? Can you set your own password? If so, make it a strong password that uses numbers, letters and symbols — avoid common words or phrases.
  • Regularly check for updates. Good companies will regularly update the software on their devices to protect against vulnerabilities.
  • Ask yourself — do you need it? Make sure internet-connectivity is something you really need on the device you’re using. In many cases, internet-connectivity is not necessary for the device to function properly.

a few tips that students can use to protect their privacy while using smartphones:

  • Research apps before signing up for them. Is it from a reputable developer? Has it had security issues in the past? Use the same approach as when researching IoT devices.
  • Look over the terms of service. What information does it require? Does it track or store your data? Can the developer sell your information? All of these questions are important to consider.
  • Be careful when linking apps to your social media accounts. Giving apps access to your social media accounts makes them vulnerable to hacking. Is there a good reason for the accounts to be linked? Can you sign up without linking to a social media account?
  • Use two-factor authentication. Two-factor authentication requires authorization beyond a password when using unrecognized devices such as entering a code sent to your cellphone. As apps allow, be sure to use two-factor authentication which will make it more difficult for hackers to access the information stored in your apps.

++++++++++++++
more on hackers in this IMS blog
http://blog.stcloudstate.edu/ims?s=hacker

cybersecurity grants

Grant program would support state, local cybersecurity

By Mark Rockwell Mar 02, 2017

https://fcw.com/articles/2017/03/02/state-cyber-bill-rockwell.aspx

The proposed legislation, said the lawmakers, would set up a cybersecurity grant program that would provide resources for states to develop and implement effective cyber resiliency plans, including efforts to identify, detect, protect, respond, and recover from cyber threats. It also would encourage development of a stronger cybersecurity workforce.

++++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

master program on cybersecurity

Berkeley Launches Online Master of Information and Cybersecurity

By Joshua Bolkan 11/16/16

https://campustechnology.com/articles/2016/11/16/berkeley-launches-online-master-of-information-and-cybersecurity.aspx

The University of California, Berkeley’s School of Information (I School) has tapped a private partner to help launch a new online program, Master of Information and Cybersecurity (MICS).

Dubbed cybersecurity@berkeley, the new program was developed in collaboration with the university’s Center for Long-Term Cybersecurity and College of Engineering.

The 27-unit course will use 2U’s online learning platform for live, weekly meetings. Between sessions, students will have access to interactive content designed by MICS faculty. Students will also have the opportunity to visit campus to meet faculty and classmates and attend lectures and workshops curated specifically for students in the program.

++++++++++++++++++
more on cybersecurity in this IMS blog
http://blog.stcloudstate.edu/ims?s=cybersecurity

educational game on IT ‐ security

IP‐Please, design and development of an educational game on IT‐security
Peter Mozelius, Charlotte Lesley and Ola Olsson
Department of Computer and Systems Sciences, Stockholm University, Sweden

https://www.researchgate.net/publication/308947931_IP-Please_design_and_development_of_an_educational_game_on_IT-security
Abstract:
Game‐based learning is a research field with rich discussions on the use of games in educational contexts. Many of the educational games that exist today focus on subjects such
as Language learning, Mathematics and History, and fewer on subjects in Computer Science
and IT‐security. Dissemination of information about IT‐security is important in today’s digital
society not at least in the industry. As an example many firewalls today are misconfigured
leading to decreased security at the same time as it is hard to motivate students or employees to read long detailed and tedious PDF‐files with security information. Might
things like firewall configuration instead be learnt by an educational game and how to design
a learning game that could be used in university courses on IT‐security?

++++++++++++++++++

more on gaming and gamification in this blog:

http://blog.stcloudstate.edu/ims?s=gaming
http://blog.stcloudstate.edu/ims?s=gamification

millennials and cybersecurity

Survey: Growing Interest in Cyber Security Careers Among Millennials

By Leila Meyer 10/12/16

https://campustechnology.com/articles/2016/10/12/survey-growing-interest-in-cyber-security-careers-among-millennials.aspx

new report from Raytheon and the National Cyber Security Alliance

The report, “Securing Our Future: Closing the Cybersecurity Talent Gap,” surveyed 3,779 adults aged 18 to 26, from 12 countries around the world, including the United States, Australia, the United Kingdom, and countries in Europe, Asia and the Middle East.

a high-paying career as a cyber security professional requires skills millennials value, such as problem solving, analytical thinking and communication — and employment opportunities are available across a wide variety of sectors, including start-ups, government and hospitals.

Key findings from the report:

  • 64 percent of young adults in the U.S. heard about cyberattacks in the news last year, up from 36 percent the previous year, and compared to 48 percent of young adults worldwide;
  • 70 percent of millennials in the U.S. said cyber security programs or activities are available to them, up from 46 percent the previous year, and compared to 68 percent worldwide;
  • 21 percent of young men expressed interest in cyber competitions, compared to 15 percent of women;
  • 48 percent or respondents said more information about the specifics of cyber security jobs would help increase interest;
  • 59 percent of young men and 51 percent of young women received formal cyber safety lessons in school, up from 43 percent and 40 percent respectively last year; and
  • 40 percent of respondents said parents are the most influential people helping them with career advice, and 19 percent said no one was influential in helping them with career advice.

++++++++++++++++++++++++
more on cybersecurity in this blog

http://blog.stcloudstate.edu/ims?s=cybersecurity

Online privacy: It’s time for a new security paradigm

Online privacy: It’s time for a new security paradigm

http://fcw.com/articles/2014/09/23/online-privacy-new-security-paradigm.aspx

Verizon’s 2014 Data Breach Investigations Report,

Fragmentation of online identity means that we as online users are forced to struggle with proliferating accounts and passwords. And we are regularly required to reveal sensitive information about ourselves and repeatedly enter the same information to create accounts that establish new, disparate online identities.

Establishing a system for trust management requires a common infrastructure for specifying policies that can protect yet enable access to data and systems, representing identities and credentials, and evaluating and enforcing an organization’s policies — all while maintaining privacy.

interactivity for the library

In 2015, former library dean purchased two large touch-screen monitors (I believe paid $3000 each). Shortly before that, I had offered to the campus fitting applications for touch screens (being that large screens or mobiles):

Both applications fit perfect the idea of interactivity in teaching (and learning) – http://blog.stcloudstate.edu/ims?s=interactivity

With the large touch screens, I proposed to have one of the large screens, positioned outside in the Miller Center lobby and used as a dummy terminal (50” + screens run around $700) to mount educational material (e.g. Guenter Grass’s celebration of his work: http://blog.stcloudstate.edu/ims/2015/04/15/gunter-grass-1927-2015/ ) and have students explore by actively engaging, rather than just passively absorbing information. The bus-awaiting students are excellent potential users and they visibly are NOT engaged by by the currently broadcasted information on these screens, but can be potentially engaged if such information is restructured in interactive content.

The initial library administration approval was stalled by a concern with students “opening porno sites” while the library is closed which, indeed, would have been a problem.

My 2015 inquiry with the IT technicians about freezing a browser and a specific tab, which could prevent such issues, but it did not go far (pls see solution below). Failing to secure relatively frigid environment on the touch screen, the project was quietly left to rot.

I am renewing my proposal to consider the rather expensive touch screen monitors, which have been not utilized to their potential, and test my idea to engage students in a meaningful knowledge-building by using these applications to either create content or engage with content created by others.

Further, I am proposing that I investigate with campus faculty the possibility to bring the endeavor a step further by having a regularly-meeting group to develop engaging content using these and similar apps; for their own classes or any other [campus-related] activities. The incentive can be some reward, after users and creators “vote” the best (semester? Academic year?) project. The less conspicuous benefit will be the exposure of faculty to modern technology; some of the faculty are still abiding by lecturing style, other faculty, who seek interactivity are engulfed in the “smart board” fiction. Engaging the faculty in the touch screen creation of teaching materials will allow them to expand the practice to their and their students’ mobile devices. The benefit for the library will be the “hub” of activities, where faculty can learn from each other experience[s] in the library, rather than in their own departments/school only. The reward will be an incentive from the upper administration (document to attach in PDR?). I will need both your involvement/support. Tom Hergert by helping me rally faculty interest and the administrators incentivizing faculty to participate in the initial project, until it gains momentum and recognition.

In the same fashion, as part of the aforementioned group or separate, I would like to host a regularly-meeting group of students, who besides play and entertainment, aim the same process of creating interactive learning materials for their classes/projects. Same “best voted” process by peers. My preferable reward: upper administration is leaving recommendation in the students’ Linkedin account for future employers. I will need both your involvement/support. The student union can be decisive in bringing students to this endeavor.  Both of you have more cloud with the student union then only a regular faculty such as me.

In regard to the security (porn alert, see above) I have the agreement of Dr. Tirthankar Ghos with the IS Department. Dr. Ghosh will be most pleased to announce as a class project the provision of a secure environment for the touch screen monitor to be left after the group meetings for “use” by students in the library. Dr. Ghosh is, however, concerned/uncertain with the level of cooperation from IT, considering that for his students to enable such environment, they have to have the “right” access; namely behind firewalls, administrative privileges etc. Each of you will definitely be more persuasive with Phil Thorson convincing him in the merit of having IS student work with SCSU IT technician, since it is a win-win situation: the IT technician does not have to “waste time” (as in 2015) and resolve an issue and the IS student will be having a project-based, real-life learning experience by enabling the project under the supervision of the IT technician. Besides: a. student-centered, project-based learning; b. IT technician time saved, we also aim c. no silos / collaborative SCSU working environment, as promised by the reorganization process.

1 2 3 8