Many people have asked me recently about how information security is evolving. More and more CISOs now have a broader, risk-based focus on information protection, and many have privacy and compliance responsibilities as well. This rapid maturation is both welcome and daunting for security pros, and as a result we look to the larger community for support, guidance and networking. I’d like to share with you some of the connections that I have through Brown.
Brown has been hit on a number of occasions over the last couple of months with a variety of phishing attempts. Most are fairly obvious — with egregious grammar and typos and unconvincing sender addresses — but a few are a little more clever and may fool the casual reader, especially on the smaller screen of a smartphone you are checking quickly.
David Mycue has been the Director of IT for the School of Engineering since August of 2011. Before that, he worked at MIT for a dozen years directing a small group that supported MIT’s flagship distance education program, the Singapore MIT Alliance, as well as providing video acquisition, encoding, hosting and webcasting services to the institute at large for programs including MIT World, Open CourseWare and the annual commencement exercises. He began at MIT as an undergrad majoring in electrical engineering and continued as staff until he met his wife, a Brown professor.
We hear a lot recently about the security of Java. Lots of vulnerabilities are being found and new patches being issued constantly. Why can’t a company get this right for a language and platform that’s been available for nearly twenty years? Let’s take a look.
I often get asked, “What is malware?” Simply put malware is software that gets installed on your machine and is used for nefarious purposes – it could be to collect data, to get access to other machines on your network, to use your computer to attack others, and so on. Malware encompasses different pieces of software like viruses, worms, Trojan horses, rootkits, keyloggers, and others.
When I was first learning about IT security, I thought the way you learn is the same way we learn most things. You take classes. The first reaction is then to look for classes in a particular area. I did and was disappointed by either the lack of offerings in computer security, or the cost. It’s very easy to find classes that can cost as much as $4,000 a week and if you have to travel, the costs go up from there.
The Brown Security Round Table is offering a second session of its popular class, Advanced Network Troubleshooting, on June 13 and again on July 18 from 12:30 to 1:30 p.m at 169 Angell Street. This one-hour, hands-on class is aimed at those who already understand IP addresses, subnet masks, DHCP and DNS, and are ready to take their skills to the next level.
It’s one thing to manage an active online life, but are you prepared to handle a digital afterlife as well? As Rebecca Herold notes in her recent article Your Digital Afterlife, “Keeping the memory of our loved ones alive is one thing; keeping their personal, private data and information safe, is quite another.”
Ted Demopoulos is the guest editor for this issue of the OUCH! security awareness newsletter. He is a longtime security consultant and has been teaching SANS courses for a decade, including SEC401/501 and MGT414/512. You can learn more about Ted at http://demop.com.