As Brown prepares to participate and celebrate in National Cyber Security Awareness Month (NCSAM) for the 10th year, I thought that I would cover a question that gets brought to me a great deal: "You used to be IT security, but now you're Information Security. What's the big deal?"
For many years (actually since security became a technology discipline), those responsible for the security function were most commonly known as IT Security. This was for good reason, as the focus and responsibility was predominantly IT-centric (firewalls, switches, subnets, IDS, IPS, etc). Brown had an IT Security function, as well as IT security roles in the network group. However, as the technology evolved and changed, so did the role.
When I first arrived at Brown over six years ago, one of the first tasks as CISO was to brand the newly formed group in my area. While we still had network security responsibilities at that time, the Brown Information Security Group was formed. While the staffing and organization of the group has changed over the years, the mission to focus on Information Security has not. Brown still maintains an excellent network (or "IT") security function, who expertly aid in the design, management, monitoring and operation of securing the University network. That will never go away, and they play a key role in ensuring that the bad guys stay out.
However, today information security is much broader than simply the network. The ISG mission covers all aspects of the security of Brown's data and information, including privacy, compliance, awareness, response and risk management. It also includes not only electronic information, but hard copy data as well. As a result, information security also plays a key role in records management and reducing risk at Brown through participating in several committees that focus on this issue, reviewing grants and contracts for aspects of data ownership, use and sharing, and by supplying solutions to identify, protect and dispose of information in a secure manner. No longer is information security simply responsible for maintaining a secure network, but now plays a key role in risk and reputation management for the university.
As always, I welcome your comments and feedback. Please feel free to reach out to me directly at firstname.lastname@example.org, or the group at ISG@brown.edu. Let me know how we are doing, areas of concern you may have, or questions on protecting your identity, privacy or personal computing security. And remember, sec_rity is not complete without U!
If you are new to Brown or missed ISG's earlier announcements, we recommend that you install and run Identity Finder, a useful addition to anyone's security toolkit. It allows you to scan your computer for any sensitive information that might be stored on it -- such as social security numbers or passwords -- and then take appropriate measures to either secure or remove it.
The enterprise version is available to all active faculty and staff from CIS's software download pages. In addition, students and home users can install a free version available on the Identity Finder website on their personal computers to perform basic search and remediation. More robust personal versions are also available.
ISG recommends that you install and periodically run Identity Finder to detect and secure sensitive data on your computer, which will help protect you from identity theft. More information is available in the IT Knowledgebase article Learn About Identity Finder.
Please note: If you already have Identity Finder installed but haven't used it in awhile, you will be asked to update to version 6.2, which is available for download from CIS' Software Distribution site (downloads for Windows andMacintosh are available). Note you will need to delete your current client before installing the new version.
- 12/1, 9am: Apple Discounts (Bookstore Tech Center)
- 12/1, 4pm: iPad Demo (Bookstore Tech Center)
- 12/2, 12pm: Workday Recruiting Q&A (HR)
- 12/2, 1pm: BrownSites Series - Basics and Site Start-Up (CIS)
- 12/2, 3pm: Canvas Orientation for Academic Support Staff (CIS)
- 12/3, 12pm: Robotics and Assistive Technologies: Their Emerging Role in Healthcare (CS)
- 12/3, 4pm: Mendeley - First Timers (Library)
- 12/3, 5pm: Zotero Workshop (Library)
- 12/8, 9am: Teaching and Technology Winter Institute - Day 1 (CIS)
- 12/8, 10am: Excel Series - Basics (CIS)
- 12/8, 12pm: A Surprising Application of Differential Privacy (CS)
- 12/9, 9am: Teaching and Technology Winter Institute - Day 2 (CIS)
- 12/9, 10am: Excel Series - Displaying Your Data (CIS)
- 12/10, 10am: Excel Series - Formulas (CIS)
- 12/10, 9am: Teaching and Technology Winter Institute - Day 3 (CIS)
- 12/11, 9am: Teaching and Technology Winter Institute - Day 4 (CIS)
- 12/11, 9:30am: Cognos: Introduction to Cognos Connection & Running Reports (CIS)
- 12/12, 10am: Excel Series - Pivot Tables (CIS)
- 12/12, 12pm: Interaction as Manipulation (CS)
- 12/15, 10am: BrownSites Series - Basics and Site Start-Up (CIS)
- 12/17, 10am: BrownSites Series - Advanced (CIS)
- 11/5, 10am: Google Documents (CIS)
- 11/5, 11am: Assessments and Assignments in Canvas (CIS)
- 11/5, 4pm: Mendeley - First-timers (Library)
- 11/5, 6pm: Intro to Excel (PASS Student Workshop)
- 11/6, 10am: Google Forms (CIS)
- 11/6, 4pm: Barbara Liskov, The Power of Abstraction (CS)
- 11/6, 6pm: Advanced Excel (PASS Student Workshop)
- 11/7: Deadline to apply for Winter Institute for Teaching and Technology (CIS)
- 11/7, 10am Google Sites (CIS)
- 11/9, 1pm: Interactive Fruits: coding for non-programmers with Scratch (STEAM)
- 11/10, 12pm: Zotero Workshop (Library)
- 11/10, 3pm: Lightweight and Anonymous Credentials (CS)
- 11/11, 10am: Introduction to Canvas (CIS)
- 11/10, 1pm: BrownSites Basics (CIS)
- 11/12, 12pm: Regular Expressions: Search and Replace with Advanced Pattern Matching (Library)
- 11/12, 12pm: Endnote Workshop (Library)
- 11/12, 1pm: Blogs for Teaching and Learning (CIS)
- 11/12, 6pm: Email Encryption Workshop for Beginners (CIS / CS DUG)
- 11/13, 9:30am: Introdution to Cognos (CIS)
- 11/13, 10am: BrownSites Advanced (CIS)
- 11/13, 11am: Digital Media Assignments (CIS)
- 11/13, 12pm: Google Refine (Library)
- 11/13, 4pm: Explore or Exploit? (CS)
- 11/15, 12pm: Linux Installfest (Brown Linux Users Group)
- 11/17, 10am: Photoshop: Basics (CIS)
- 11/17, 10:30am: Flipped Classrooms (CIS)
- 11/17, 12pm: Endnote Web Workshop (Library)
- 11/17, 2pm Canvas Orientation for Academic Support Staff (CIS)
- 11/18, 10am: Photoshop: Selections (CIS)
- 11/19, 12pm: Advanced Endnote Workshop (Library)
- 11/19, 10am: Photoshop: Adjustments (CIS)
- 11/20, 10am: Advanced Canvas Features (CIS)
- 11/20, 10am: Photoshop: Retouching (CIS)
- 11/20, 12pm: Exposing Yourself Online: Workshop for Public Humanists (John Nicholas Brown Center)
This October, learn how to spot phishing email to stop it from spreading and you could be the winner of an iPad mini, Nexus 7 and other prizes.
To celebrate National Cyber Security Awareness Month, ISG (Information Security Group) will focus on phishing throughout October with weekly quizzes and a special Brown Bag (Don't Be the Catch-of-the-Day: Phishing Tips to Keep You Off the Hook) on the 9th.
In addition, ISG will host a special screening of the film Code 2600 on the 15th and a second Brown Bag on the 23rd, Being Smart About Your Phone (and Other Web-Connected Devices). Participants in these events are also entered into the raffle. Full details at brown.edu/go/SpotThePhish.
On Monday October 20th, you’ll notice a new look for the Brown Directory, MyAccount, and Activate. This change is part of the replacement of Brown’s identity management system, the system that stores identity information for members of the Brown community.
MyAccount will be unavailable starting at noon on 10/17 until the upgrade is complete. Otherwise, we expect the appearance of these sites will be the only change you experience, but if you have a problem accessing a Brown system, contact the IT Service Center as usual; it may or may not be related to this change.
The latest issue of Secure IT! has been released. We invite you to peruse this issue, view back issues and send us ideas for future ones. Enjoy!
- CISO Memo: "IT Security" versus "Information Security" :: Brown has had an IT Security function, as well as IT security roles in the network group for decades. However, as the technology evolved and changed, so did the role.
- Introducing the Phish Bowl :: Phishing continues to plague everyone, with no end in sight. While we can't make it go away, the new Phish Bowl should make it easier to deal with. It was created as the spot to check for phish. If you spot or are unsure about one, just check the Phish Bowl. If it's there, no need to report it. If not, forward it to PhishBowl@brown.edu.
- ISG Special Events this October :: Reserve your seat for a special screening of the film Code 2600. Sign up for Brown Bags on phishing tips and smart phone safety. Enter the raffle for a chance on an iPad mini and other great prizes. Full details on the contest and more about ISG's celebration of National Cyber Security Awareness Month. This year's theme: SPOT the Phish 2 STOP the Phish.
- Smashing News: Do you have an old hard drive or two (or even several) with Brown Restricted or sensitive information on it and need to securely dispose of it? ISG has a hard drive crusher that will make short work of it. Send an email to ISG@brown.edu to make an appointment.
- New Encryption Options :: CIS has replaced Symantec Endpoint Encryption with BitLocker for Windows and FireVault 2 for Macs.
» For background on encryption, read the SANS August 2014 OUCH! Newsletter article by Christopher Crowley, lead instructor of the SANS Institute course Mobile Device Security and Ethical Hacking.
» Two more timely topics from SANS Securing the Human: I'm Hacked, Now What? and Disposing of Your Mobile Device.
- Identity Finder Reminder :: Not running Identity Finder regularly? Find out why you should.
- Follow us on Twitter :: ISG and CISO alerts, tips and more.
We're excited to welcome new and returning students to campus for the 2014/15 academic year!
Look for CIS staff during move-in weekend and the beginning of September. We are going to be at the resource fairs for new students, at first-year key pickup, and in high-traffic areas on campus. We'll be happy to see you and tell you what's new in technology at Brown this fall. You can also follow us on Facebook and Twitter for updates.
On September 25th at 4pm in Sayles Hall, please join us in welcoming Joseph M. Tucci, Chairman and Chief Executive Officer of EMC Corporation. He will be presenting Cloud Meets Big Data: An Insider’s Look at the Information Technology Industry, the first of the Distinguished Lecture Series: Leadership in Technology.
Hear how the technology mega trends of social media, mobile devices, big data and cloud computing are reshaping business. Tucci will provide an insider’s perspective of the disruptive technology changes occurring in the marketplace — and their implications for the rest of us and our future.
This lecture will be broadcast live at http://brown.edu/web/livestream.
Share or save this event: