Information security is a challenging field for organizations made more difficult because it is prone to the constant change in information technology. Higher education institutions thrive with open access to information and collaboration. Yet, higher education institutions also store and process sensitive data such as student records, student health records, credit card data, and State and Federal government data. An essential aspect of information security professionals' roles is to know what types of data they have and where data is located. However, a technological trend identified by the 2021 EDUCAUSE Horizon Report: Information Security Edition identified expanding and borderless network boundaries (EDUCAUSE, 2021). Networks without well-defined borders are complicated for information security teams to protect. As organizations migrate data to cloud-hosted solutions and data is accessed by organizational users, devices not managed by the organization could access that data. For example, personal and mobile devices may access cloud-hosted and controlled data stored or processed across devices subject to different laws, regulations, and endpoint security access controls. Information security teams will need to identify and monitor a device accessing their data and ensure that it is free from malicious software and can safely access sensitive data. The societal and cultural trends amplified by the remote work lifestyles to accommodate COVID-19 safety protocols have compounded information security challenges. Information security teams can detect and respond to security incidents on endpoint devices such as computers, tablets, and other mobile devices as long as end-users comply with security requirements on personal devices. For example, end-users will need to install endpoint protection software and maintain their devices with security updates. However, users today want the convenience of access to data and, though aware, may not be as vigilant about information security practices. The Horizon Report identified the deployment of cloud-based endpoint protection platforms (EPPs) as an important technological trend to manage the security of organizational data. EPP will be required to provide information security as users continue to access data from personal and public networks due to COVID safety protocols and the convenience of remote work. COVID and cultural trends pushed network boundaries out of organizational-controlled network infrastructure and into a wider borderless networked world. An example of the increased number of remote students based on a survey performed by the National Center for Education Statistics identified 7,313,623 students enrolled in distance education courses from post-secondary institutions in 2019 (Institute of Education Sciences, 2015).
To maintain the visibility of mobile and remote devices, information security teams must have a window into the network security and device security posture to identify potential abuse and breaches. Higher education information security teams can use EPP provided to end-users to monitor these remote systems accessing organizational data. The organizations will have to work through legal and licensing challenges with vendors that may complicate software deployment of organizational purchased software to personally owned devices. In addition, software must remain easy to deploy, maintain, and use to ensure that convenient access to data is not subject to technological barriers and thus decrease the chances of user adoption and use. In my past role on a higher education information security team, the organization was able to work with vendors to provide EPP to students, faculty, staff, and affiliates without a significant increase in product cost. In addition, open and transparent participation and communication with faculty, staff, students, and affiliates to develop policy that specified how organizational software on personal devices could and would be used improved willingness to install and comply with information security requirements. Even though the network boundaries are shifting and appear borderless, higher education organizations will find that they can benefit by using EPP that is widely deployed to continue providing information security benefits across the spectrum of devices accessing organizational data. References EDUCAUSE. (2021). Information Security Edition (p. 10). EDUCAUSE 2021. https://library.educause.edu/-/media/files/library/2021/2/2021_horizon_report_infosec.pdf?la=en&hash=6F5254070245E2F4234C3FDE6AA1AA00ED7960FB Institute of Education Sciences. (2015). The NCES Fast Facts Tool provides quick answers to many education questions (National Center for Education Statistics). Ed.gov; National Center for Education Statistics. https://nces.ed.gov/fastfacts/display.asp?id=80
0 Comments
"Hello world." This is a loaded statement being that printing "Hello World" is the most commonly taught first example used when teaching computer programming; it also happens to be a great introduction for my reinvigorated blog about futuring and innovation. My past blog posts focused on cybersecurity related interests and information that I have taught to other students in high school, at work, or through my own curiosity. My current graduate course "Futuring and Innovation" has fired up my imagination regarding cybersecurity, the future, and innovation and this blog theme gives me a broader range of blog topics. My favorite topics to imagine for the future of humanity are cybersecurity, space exploration, and artificial intelligence. I happen to be a Science Fiction fan and my most recent favorite in the genre is the book series The Expanse by pen-name authors James S.A. Corey (Corey, 2011). This book (and now TV) series takes place a few hundred years in the future after humanity has colonized the solar system, Mars, the asteroid belt, and some habitable moons and planets and a company discovers an ancient alien molecule. The technical, political, societal, and economical aspects considered in the series all combine to create a realistic human space drama with what I imagine a colonized solar system in the future will very likely mirror. Oh, and a bonus as the series was turned into an amazing and realistic in-space drama demonstrating future technology and the politics of a colonized solar system (Fergus and Ostby, 2015). The series was purchased and continued to be produced from Amazon after a brief Sci-Fi network run. Excluding the alien molecule aspect, the technical, political, and societal aspects are all possible extensions of existing technology and human interactions.
I am interested in imagining how we get to a point that mirrors what the book and show demonstrate with regard to the usage of artificial intelligence applications, computers, communications, space technology, weaponry, and handheld tablets/phones. The applications of artificial intelligence show that it is used to augment, but not replace humans. For example, AI in the show will take a series of verbal parameters and provide calculations for space travel around the solar system, however, humans may take manual control when the AI may provide less intuitive actions. Additionally, computer viruses, trojan horses, jamming, and other cyberattacks occur during conflicts and as means to infiltrate and steal information from warring political and societal factions. The software, while similar, is often evolved to evade counter-measures and detection from anti-virus software. Most critically, everything is logged and available for analysis in the event that the unexpected occurs during communications, analysis, and computer activities. I imagine a future where artificial intelligence is used to analyze the log activity of Information and Communication Technology (ICT) and highlight the anomalies. This particular area of study has captured my imagination and I am working to contribute to this study of knowledge by learning where I can provide value for the application of artificial intelligence and ICT log analysis to assist cyber defenders. I find the inclusion of these types of analysis in The Expanse to be realistic and refreshing. If you have not seen the show on Amazon or read the book series then you're really missing out on an amazingly accurate portrayal of the interactions of humans and technology. References Corey, J. S. A. (2011). The Expanse Series. Little Brown & Co. Fergus, M., & Ostby, H. (2015, December 14). The Expanse [TV and Internet series]. SciFy and Amazon Studios. |
AuthorI am a Doctoral Scholar at Colorado Technical University and a graduate of the Cyber Security Operations and Leadership program from the University of San Diego. I work in cybersecurity, and have accumulated twenty years in the IT industry. There are few IT roles I have not performed, which gives me great insights into making sense of all the IT confusion. Archives
February 2022
Categories
All
|