On Monday October 20th, you’ll notice a new look for the Brown Directory, MyAccount, and Activate. This change is part of the replacement of Brown’s identity management system, the system that stores identity information for members of the Brown community.
MyAccount will be unavailable starting at noon on 10/17 until the upgrade is complete. Otherwise, we expect the appearance of these sites will be the only change you experience, but if you have a problem accessing a Brown system, contact the IT Service Center as usual; it may or may not be related to this change.
This October, learn how to spot phishing email to stop it from spreading and you could be the winner of an iPad mini, Nexus 7 and other prizes.
To celebrate National Cyber Security Awareness Month, ISG (Information Security Group) will focus on phishing throughout October with weekly quizzes and a special Brown Bag (Don't Be the Catch-of-the-Day: Phishing Tips to Keep You Off the Hook) on the 9th.
In addition, ISG will host a special screening of the film Code 2600 on the 15th and a second Brown Bag on the 23rd, Being Smart About Your Phone (and Other Web-Connected Devices). Participants in these events are also entered into the raffle. Full details at brown.edu/go/SpotThePhish.
The latest issue of Secure IT! has been released. We invite you to peruse this issue, view back issues and send us ideas for future ones. Enjoy!
- CISO Memo: "IT Security" versus "Information Security" :: Brown has had an IT Security function, as well as IT security roles in the network group for decades. However, as the technology evolved and changed, so did the role.
- Introducing the Phish Bowl :: Phishing continues to plague everyone, with no end in sight. While we can't make it go away, the new Phish Bowl should make it easier to deal with. It was created as the spot to check for phish. If you spot or are unsure about one, just check the Phish Bowl. If it's there, no need to report it. If not, forward it to PhishBowl@brown.edu.
- ISG Special Events this October :: Reserve your seat for a special screening of the film Code 2600. Sign up for Brown Bags on phishing tips and smart phone safety. Enter the raffle for a chance on an iPad mini and other great prizes. Full details on the contest and more about ISG's celebration of National Cyber Security Awareness Month. This year's theme: SPOT the Phish 2 STOP the Phish.
- Smashing News: Do you have an old hard drive or two (or even several) with Brown Restricted or sensitive information on it and need to securely dispose of it? ISG has a hard drive crusher that will make short work of it. Send an email to ISG@brown.edu to make an appointment.
- New Encryption Options :: CIS has replaced Symantec Endpoint Encryption with BitLocker for Windows and FireVault 2 for Macs.
» For background on encryption, read the SANS August 2014 OUCH! Newsletter article by Christopher Crowley, lead instructor of the SANS Institute course Mobile Device Security and Ethical Hacking.
» Two more timely topics from SANS Securing the Human: I'm Hacked, Now What? and Disposing of Your Mobile Device.
- Identity Finder Reminder :: Not running Identity Finder regularly? Find out why you should.
- Follow us on Twitter :: ISG and CISO alerts, tips and more.
We're excited to welcome new and returning students to campus for the 2014/15 academic year!
Look for CIS staff during move-in weekend and the beginning of September. We are going to be at the resource fairs for new students, at first-year key pickup, and in high-traffic areas on campus. We'll be happy to see you and tell you what's new in technology at Brown this fall. You can also follow us on Facebook and Twitter for updates.
On September 25th at 4pm in Sayles Hall, please join us in welcoming Joseph M. Tucci, Chairman and Chief Executive Officer of EMC Corporation. He will be presenting Cloud Meets Big Data: An Insider’s Look at the Information Technology Industry, the first of the Distinguished Lecture Series: Leadership in Technology.
Hear how the technology mega trends of social media, mobile devices, big data and cloud computing are reshaping business. Tucci will provide an insider’s perspective of the disruptive technology changes occurring in the marketplace — and their implications for the rest of us and our future.
This lecture will be broadcast live at http://brown.edu/web/livestream.
Share or save this event:
As Brown prepares to participate and celebrate in National Cyber Security Awareness Month (NCSAM) for the 10th year, I thought that I would cover a question that gets brought to me a great deal: "You used to be IT security, but now you're Information Security. What's the big deal?"
For many years (actually since security became a technology discipline), those responsible for the security function were most commonly known as IT Security. This was for good reason, as the focus and responsibility was predominantly IT-centric (firewalls, switches, subnets, IDS, IPS, etc). Brown had an IT Security function, as well as IT security roles in the network group. However, as the technology evolved and changed, so did the role.
When I first arrived at Brown over six years ago, one of the first tasks as CISO was to brand the newly formed group in my area. While we still had network security responsibilities at that time, the Brown Information Security Group was formed. While the staffing and organization of the group has changed over the years, the mission to focus on Information Security has not. Brown still maintains an excellent network (or "IT") security function, who expertly aid in the design, management, monitoring and operation of securing the University network. That will never go away, and they play a key role in ensuring that the bad guys stay out.
However, today information security is much broader than simply the network. The ISG mission covers all aspects of the security of Brown's data and information, including privacy, compliance, awareness, response and risk management. It also includes not only electronic information, but hard copy data as well. As a result, information security also plays a key role in records management and reducing risk at Brown through participating in several committees that focus on this issue, reviewing grants and contracts for aspects of data ownership, use and sharing, and by supplying solutions to identify, protect and dispose of information in a secure manner. No longer is information security simply responsible for maintaining a secure network, but now plays a key role in risk and reputation management for the university.
As always, I welcome your comments and feedback. Please feel free to reach out to me directly at firstname.lastname@example.org, or the group at ISG@brown.edu. Let me know how we are doing, areas of concern you may have, or questions on protecting your identity, privacy or personal computing security. And remember, sec_rity is not complete without U!
Making travel plans? Here are ISG's Ten Travel Tips for your mobile device, especially for those traveling outside of the U.S. Please take a few moments to review them as an ounce of prevention now can save a pound of trouble later.
- Contact your cellular provider several weeks before you travel to discuss and activate the most cost-effective plan to fit your needs. For Brown devices, contact Telecommunications at 863-2007 or email@example.com. For non-Brown devices, users can contact their cellular provider directly.
- For phones, familiarize yourself with international roaming and data charges. We recommend turning off or setting a limit on cellular data usage for your smartphone to prevent incurring significant fees.
- Consider using Google+ Hangouts to bypass the phone. See the About Hangouts site for help on getting started.
- When traveling with a laptop, remove all PII from it or encrypt it. If possible, we recommend using a laptop specifically designated for travel with no personal information on it. Note: CIS has loaner laptops for faculty, staff and grad students who are working on projects when traveling abroad. The loaners can be signed out at the Computer Service & Repair window.
- Become aware of and comply with all export controls. For example, some countries ban or severely regulate the use of encryption, you should check country-specific information before traveling with an encrypted laptop. See the BitLocker (Windows) or FileVault 2 (Macs) article for information on international traveling restrictions.
- Set a strong password or passcode for your device. Here are some ideas on how to create a strong and memorable password.
- Make sure all operating system and anti-malware software is current. If you haven't installed an anti-malware client for your phone, do so.
- Install device finder software, such as Computrace (for laptops) or Lookout (for tablets and phones).
- Use VPN to connect to Brown's network when away from it. CIS offers both a web and client versions. If you haven't used VPN before, test it before leaving.
- Make sure you have contact information for your local IT support professional and the Help Desk before you leave (firstname.lastname@example.org, 863-4357).
Check out Prepare Your Laptop for Traveling for more tips.
Many faculty and staff in Brown departments currently use Department File Services to share files with others in their departments and back up files (instead of keeping them on local hard drives, which can lead to data loss). Over the next month, CIS will be upgrading the technology behind Department File Services to provide an improved experience, reliability, and more space.
What to expect
Before and after the migration, you will receive an email from your departmental computing representative (ITSC or DCC) with the date of the migration and instructions for accessing your Departmental File Services after the migration. File shares will be unavailable from midnight until approximately 8AM on the day of your migration, so you should save and close all open shared files before the migration begins.
Accessing shared drives after migration
Most Windows users with Brown-owned computers will not need to take action; the shared S: and U: drives on your computers will automatically be mapped to the new location the first time you restart your computer after the migration. If you connected manually and the change doesn't happen automatically, see Connecting to Departmental File Services on Windows.
Since Mac users connect manually, they will need to use updated addresses to connect to shared drives. These updated addresses start with smb:// files.brown.edu/dfs/. For full instructions, see Connecting to Departmental File Services on a Mac.
Though the permissions of files will not change, please note that people will now only be able to view files they can access. This should reduce confusion.
Restoring backed-up copies of DFS files
You will have access to snapshots/backups of your files; hourly backups can be accessed for 48 hours, daily backups are kept for 6 weeks, and monthly backups are kept for 6 months. For instructions, see the following articles:
- Restore a File from Department File Services in Windows
- Restore a File from Department File Services on a Mac
During another upcoming project, we will be able to redirect Windows users’ My Documents and Desktop folders to this storage, making it even easier for Brown to prevent data loss while still being able to work on files offline.