Columbus State University

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security+ Guide to Network Security Fundamentals
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1 Computer Security: Protect your PC and Protect Yourself.
Course 201 – Administration, Content Inspection and SSL VPN
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Protecting Students on the School Computer Network Enfield High School.
Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.
Chapter 2 Securing Network Server and User Workstations.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Data Security.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
NetTech Solutions Protecting the Computer Lesson 10.
Computer Security By Duncan Hall.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
Computer Security Sample security policy Dr Alexei Vernitski.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Securing Information Systems
Information Technology Acceptable Use An Overview
Managing Windows Security
Chapter 7. Identifying Assets and Activities to Be Protected
Securing Network Servers
Chapter 6 Application Hardening
TECHNOLOGY GUIDE THREE
Secure Software Confidentiality Integrity Data Security Authentication
Securing the Network Perimeter with ISA 2004
Protect Your Computer Against Harmful Attacks!
Security of a Local Area Network
Call AVG Antivirus Support | Fix Your PC
Unit 27: Network Operating Systems
Content Management lifecycle
Information Security Session October 24, 2005
Chapter 27: System Security
ISMS Information Security Management System
Check Point Connectra NGX R60
Introduction to Systems Security
Contact Center Security Strategies
Epic Introduction Basics
Implementing Client Security on Windows 2000 and Windows XP Level 150
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Columbus State University 9/19/2018 Columbus State University

Privacy and Security Issues in Online Learning Environments http://csc Dr. Wayne Summers TSYS Department of Computer Science Columbus State University Summers_wayne@colstate.edu http://csc.colstate.edu/summers Dr. Bhagyavati TSYS Department of Computer Science Columbus State University bhagyavati@colstate.edu http://csc.colstate.edu/bhagyavati

Columbus State University Goals Confidentiality (privacy) - limiting who can access assets of a computer system. Integrity (authentication) - limiting who can modify assets of a computer system. Availability (authorization) - allowing authorized users access to assets. 9/19/2018 Columbus State University

Columbus State University Problems Student authentication How do we get user ids/passwords to students? How do we authenticate students for the first time? How do we ensure confidentiality and privacy for our students? How do we ensure security in an online course? How do we help students maintain security on their personal computers / networks? 9/19/2018 Columbus State University

Solutions (authentication) Face-to-face class – no problem (ask for picture IDs) Blended class – also no problem (ask for picture IDs) Online classes Require a class meeting to distribute user ids / passwords Require student come to campus to pick up ID/password E-mail ids / passwords Use a standard format with required change of password Add biometric authentication as front-end to CMS Use a federated ID management system (portal) Password Policy 9/19/2018 Columbus State University

Columbus State University Solutions (privacy) Face-to-face class Nothing assumed Blended class (online portion does not ensure privacy) Online classes (typically NOT encrypted) “You have zero privacy anyway. Get over it.” (Scott McNealy, CEO, Sun Microsystems, 1999). “Privacy is the future. Get used to it.” (Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001). Email Chat rooms Discussion Groups File Space Privacy Policy 9/19/2018 Columbus State University

Columbus State University Privacy policy E-mail All email between students and between student and faculty will be kept confidential Discussion Groups All discussions are designed to be public unless specifically indicated as private Chat Rooms All chat discussions are designed to be public unless specifically indicated as private Student File Space Student Files Homepages MyGrades MyProgress http://www.ils.unc.edu/daniel/210user/privacy.html http://csc.colstate.edu/summers/Notes/privacy.html 9/19/2018 Columbus State University

Internet-specific privacy issues Personal information collected during registration Information provided by browsers IP address computer name link followed to reach site browser type browser plug-ins operating system Information in cookies SHOULD WE HAVE A PRIVACY POLICY ON CLASS WEBSITES ADDRESSING THIS? 9/19/2018 Columbus State University

Security in an online course Problems: Course Management Systems (e.g. WebCT) do not typically use encryption Cookies must be enabled Java must be enabled Tied to portal log-in 9/19/2018 Columbus State University

Security in an online course (cont’d) Solutions: Limit access to online courses by authorized students only Make sure the browser on your computer is not set to store your log-in information. Make sure to click on Logout when finished with your session. Close the browser. 9/19/2018 Columbus State University

Columbus State University Solutions (security) Apply “defense in-depth” Run and maintain an antivirus product Run and maintain anti-spyware software Keep your patches up-to-date Do not run programs of unknown origin Disable or secure file shares Deploy a firewall Policy (Design sound policies) 9/19/2018 Columbus State University

Critical Microsoft Security Bulletin MS03-039 Verify firewall configuration. Stay up to date. Use update services from Microsoft to keep your systems up to date. Use and keep antivirus software up-to-date. You should not let remote users or laptops connect to your network unless they have up-to-date antivirus software installed. In addition, consider using antivirus software in multiple points of your computer infrastructure, such as on edge Web proxy systems, as well as on email servers and gateways. You should also protect your network by requiring employees to take the same three steps with home and laptop PCs they use to remotely connect to your enterprise, and by encouraging them to talk with friends and family to do the same with their PCs. (http://www.microsoft.com/protect) 9/19/2018 Columbus State University

Defending against information sabotage Analyze your risks. Plan for disasters. Write and implement policies. Install front-end security.  Install back-end security for additional protection.  Install physical security.  Protect against viruses. Install firewalls. Use encryption. Use backups. http://www.star-host.com/library/secure.htm 9/19/2018 Columbus State University

Columbus State University Conclusions Layered Defense Culture of Security Security Policy Acceptable use statements Password policy Privacy policy Training / Education Education 9/19/2018 Columbus State University

Columbus State University “The most potent tool in any security arsenal isn’t a powerful firewall or a sophisticated intrusion detection system. When it comes to security, knowledge is the most effective tool…” Douglas Schweizer – The State of Network Security, Processor.com, August 22, 2003. 9/19/2018 Columbus State University

Columbus State University Resources http://www.sans.org http://www.cert.org http://www.cerias.purdue.edu/ http://www.linuxsecurity.com/ http://www.linux-sec.net/ http://www.microsoft.com/security/ Cuckoo’s Egg – Clifford Stoll Takedown – Tsutomu Shimomura The Art of Deception – Kevin Mitnick 9/19/2018 Columbus State University

Columbus State University Bibliography Privacy Policy Statements for WebCT - http://www.webct.com/ask_drc/forum/message?discussion=3046 9&topic=35986&message=35986&style=e Privacy and online learning by Roger Gabb of Centre for Educational Development and Support, Victoria University http://ceds.vu.edu.au/conferences/elearning/slideshow/rgabbSlides.t xt http://www.webct.com/ http://www.ecollege.com 9/19/2018 Columbus State University

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.