Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Higher Ed Must Lock Down Data Security
Newest First  |  Oldest First  |  Threaded View
FairfieldCIO
FairfieldCIO,
User Rank: Apprentice
11/18/2013 | 1:04:13 PM
Re: User education
I'm fairly new to this university, however it is important to continually share information/knowledge about the very real risk involved with data security. I try to pass along particularly non-jargonized articles to our Educational Technologies Committee as well as to our Administrative Technologies Committee, share data with our Board, post tips/tricks in our monthly newsletter and, as opportunity arises, SPEAK about the dangers and precautions. Students are super savvy, faculty and staff run the gamut for tech proficiency but we take that more as a challenge to teach/share. Unfortunately, we make technology oftentimes look 'easy' so the complexity and true risk isn't fathomable to many. We speak it, we prevent it from happening therefore there ARE individuals that question any real existence of risk.
FairfieldCIO
FairfieldCIO,
User Rank: Apprentice
11/18/2013 | 12:56:53 PM
Re: Student threat?
Quite a bit David. One of my inner monologues involves the phrase 'it only takes one student' on high-volume, repeat. On the one hand, should any managed 'certified ethical hacking' effort result in a breach, I hope we hear about it. The bored/curious student with time on his/her hands? As a former programmer I 'get' the challenge aspect of testing out those skills. We are continually monitoring ALL network traffic, internal traffic as well.
David F. Carr
David F. Carr,
User Rank: Strategist
11/15/2013 | 11:52:33 AM
Student threat?
How much do you worry about the threat from within, the students testing out their hacking skills, either experimentally or maliciously?
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/15/2013 | 11:08:56 AM
User education
Very interesting lessons to learn about data security from the college environment. I'm curious about how higher ed deals with the question of security awareness and user training. I would suspect that the college population is fairly tech savvy, but how careful are they? What do you do to drill in the dangers?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32033
PUBLISHED: 2022-07-01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.
CVE-2022-32034
PUBLISHED: 2022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.
CVE-2022-32035
PUBLISHED: 2022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
CVE-2022-32036
PUBLISHED: 2022-07-01
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.
CVE-2022-32037
PUBLISHED: 2022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.