Information Security: A Perspective for Higher Education

| April 26, 2016

article image
Implementing robust information security standards for higher education requires not only a knowledge of the pertinent regulatory requirements but a practical approach to ensuring full compliance. NEC Unified Solutions can help your organization develop a Compliance Roadmap to identify regulatory requirements and evaluate how your organization measures up in each area. Such a roadmap can serve as a basis for designing an effective security program as well as the security architecture. This program will include policies, procedures, intrusion detection, virus control, auditing and assessments as well as metrics associated with the measurements of associated risk and risk remediation.

Spotlight

WWPASS Corporation

Frustrated with the inadequate security provided by username and password authentication and the increasing vulnerabilities exploited by hackers to overcome two-factor authentication solutions, Eugene Shablygin founded WWPass Corporation in 2008. After 6 years of research & development, the company introduced our unique authentication solution which replaces the username with a secure PassKey. The PassKey does not contain any identity data; it serves only as a unique cryptographic identifier that is used to retrieve identity data from our patented Distributed Data System. By combining multiple standards-based technologies such as symmetric and asymmetric keys with AES-256 encryption and Reed-Solomon codes, the solution is immune to modern sophisticated attacks by cyber criminals seeking to impersonate user accounts. The user’s identity is never exposed in transit or at rest making credential theft virtually impossible.

OTHER ARTICLES

New Ransomware hitting Industrial Control Systems like a nuclear bomb

Article | February 10, 2020

Researchers at security firms including Sentinel One and Drago’s have been mystified by a piece of code named Ekans or Snake, over the last month. Drago’s publically released its full report on Ekans Ransomware that has recently inflicted Industrial Control Systems and these are some of the most high-value systems that bridge the gap between digital and physical systems. In the history of hacking, only a few times a piece of malicious code has been marked attempting to intrude Industrial Control Systems. Ekans is supposed to be the first Ransomware with real primitive capability against the Industrial Control Systems, software, and hardware used in everything from oil refineries to power grids. Researchers say this ransomware holds the capability to attack ICS by Honeywell and GE as well.

Read More

Webroot: Widespread Lack of Cybersecurity Best Practices

Article | April 7, 2020

A new list of most and least cyber secure U.S. states shows a disturbing lack of cybersecurity best practices. According to Webroot‘s fourth annual ranking, New York, California, Texas, Alabama and Arkansas are the least cyber secure states in the country, while Nebraska, New Hampshire, Wyoming, Oregon and New Jersey are the most cyber secure. Tyler Moffitt, Webroot security analyst, tells us none of the states had an average score greater than 67%. Also, there is very little difference between the most secure and least secure states, he said. No state scored a “C” grade or higher. That underlines a lack of cybersecurity education and hygiene nationally. However, the most cyber secure state (Nebraska at 67%) did score substantially better than the least (New York at 52%). This score was calculated through a variety of action- and knowledge-based variables, including residents’ use of antivirus software, use of personal devices for work, use of default security settings, use of encrypted data backups, password sharing and reuse, social media account privacy, and understanding of key cybersecurity concepts like malware and phishing,” Moffitt said.

Read More

Malicious coronavirus map hides AZORult info-stealing malware

Article | March 11, 2020

Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware. The malicious online map, found at www.Corona-Virus-Map[.]com, appears very polished and convincing, showing an image of the world that depicts viral outbreaks with red dots of various sizes, depending on the number of infections. The map appears to offer a tally of confirmed cases, total deaths and total recoveries, by country, and cites Johns Hopkins University’s Center for Systems Science and Engineering as its supposed data source. Malwarebytes issued a warning about the map last week, and Reason Cybersecurity this week has followed up with its own blog post, reporting additional details on the scam, gathered by Reason Labs researcher Shai Alfasi.

Read More

CISOS PARTICIPATE IN CYBER WARGAMES TO HONE RANSOMWARE RESPONSE PLANS WITH EC-COUNCIL

Article | March 2, 2020

EC-Council, leading global information security certification body, conducted a table-top, cyber wargame among top cybersecurity executives in Tampa, Florida. The sold-out session, “CISO wargame,” included 27 senior executives from the largest managed IT service providers in the United States. The event presented the security experts with a simulated incident where an organization is hit by a ransomware attack. Participants had to work to contain the damage of the attack, which grew more complicated as the 4-hour exercise unfolded. Participants were tasked with deciding whether to pay a ransom and use ransom negotiators as well as to communicate with employees, stockholders, and the media about the breach.

Read More

Spotlight

WWPASS Corporation

Frustrated with the inadequate security provided by username and password authentication and the increasing vulnerabilities exploited by hackers to overcome two-factor authentication solutions, Eugene Shablygin founded WWPass Corporation in 2008. After 6 years of research & development, the company introduced our unique authentication solution which replaces the username with a secure PassKey. The PassKey does not contain any identity data; it serves only as a unique cryptographic identifier that is used to retrieve identity data from our patented Distributed Data System. By combining multiple standards-based technologies such as symmetric and asymmetric keys with AES-256 encryption and Reed-Solomon codes, the solution is immune to modern sophisticated attacks by cyber criminals seeking to impersonate user accounts. The user’s identity is never exposed in transit or at rest making credential theft virtually impossible.

Events