Download presentation
Presentation is loading. Please wait.
1
Columbus State University
9/19/2018 Columbus State University
2
Privacy and Security Issues in Online Learning Environments http://csc
Dr. Wayne Summers TSYS Department of Computer Science Columbus State University Dr. Bhagyavati TSYS Department of Computer Science Columbus State University
3
Columbus State University
Goals Confidentiality (privacy) - limiting who can access assets of a computer system. Integrity (authentication) - limiting who can modify assets of a computer system. Availability (authorization) - allowing authorized users access to assets. 9/19/2018 Columbus State University
4
Columbus State University
Problems Student authentication How do we get user ids/passwords to students? How do we authenticate students for the first time? How do we ensure confidentiality and privacy for our students? How do we ensure security in an online course? How do we help students maintain security on their personal computers / networks? 9/19/2018 Columbus State University
5
Solutions (authentication)
Face-to-face class – no problem (ask for picture IDs) Blended class – also no problem (ask for picture IDs) Online classes Require a class meeting to distribute user ids / passwords Require student come to campus to pick up ID/password ids / passwords Use a standard format with required change of password Add biometric authentication as front-end to CMS Use a federated ID management system (portal) Password Policy 9/19/2018 Columbus State University
6
Columbus State University
Solutions (privacy) Face-to-face class Nothing assumed Blended class (online portion does not ensure privacy) Online classes (typically NOT encrypted) “You have zero privacy anyway. Get over it.” (Scott McNealy, CEO, Sun Microsystems, 1999). “Privacy is the future. Get used to it.” (Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001). Chat rooms Discussion Groups File Space Privacy Policy 9/19/2018 Columbus State University
7
Columbus State University
Privacy policy All between students and between student and faculty will be kept confidential Discussion Groups All discussions are designed to be public unless specifically indicated as private Chat Rooms All chat discussions are designed to be public unless specifically indicated as private Student File Space Student Files Homepages MyGrades MyProgress 9/19/2018 Columbus State University
8
Internet-specific privacy issues
Personal information collected during registration Information provided by browsers IP address computer name link followed to reach site browser type browser plug-ins operating system Information in cookies SHOULD WE HAVE A PRIVACY POLICY ON CLASS WEBSITES ADDRESSING THIS? 9/19/2018 Columbus State University
9
Security in an online course
Problems: Course Management Systems (e.g. WebCT) do not typically use encryption Cookies must be enabled Java must be enabled Tied to portal log-in 9/19/2018 Columbus State University
10
Security in an online course (cont’d)
Solutions: Limit access to online courses by authorized students only Make sure the browser on your computer is not set to store your log-in information. Make sure to click on Logout when finished with your session. Close the browser. 9/19/2018 Columbus State University
11
Columbus State University
Solutions (security) Apply “defense in-depth” Run and maintain an antivirus product Run and maintain anti-spyware software Keep your patches up-to-date Do not run programs of unknown origin Disable or secure file shares Deploy a firewall Policy (Design sound policies) 9/19/2018 Columbus State University
12
Critical Microsoft Security Bulletin MS03-039
Verify firewall configuration. Stay up to date. Use update services from Microsoft to keep your systems up to date. Use and keep antivirus software up-to-date. You should not let remote users or laptops connect to your network unless they have up-to-date antivirus software installed. In addition, consider using antivirus software in multiple points of your computer infrastructure, such as on edge Web proxy systems, as well as on servers and gateways. You should also protect your network by requiring employees to take the same three steps with home and laptop PCs they use to remotely connect to your enterprise, and by encouraging them to talk with friends and family to do the same with their PCs. ( 9/19/2018 Columbus State University
13
Defending against information sabotage
Analyze your risks. Plan for disasters. Write and implement policies. Install front-end security. Install back-end security for additional protection. Install physical security. Protect against viruses. Install firewalls. Use encryption. Use backups. 9/19/2018 Columbus State University
14
Columbus State University
Conclusions Layered Defense Culture of Security Security Policy Acceptable use statements Password policy Privacy policy Training / Education Education 9/19/2018 Columbus State University
15
Columbus State University
“The most potent tool in any security arsenal isn’t a powerful firewall or a sophisticated intrusion detection system. When it comes to security, knowledge is the most effective tool…” Douglas Schweizer – The State of Network Security, Processor.com, August 22, 2003. 9/19/2018 Columbus State University
16
Columbus State University
Resources Cuckoo’s Egg – Clifford Stoll Takedown – Tsutomu Shimomura The Art of Deception – Kevin Mitnick 9/19/2018 Columbus State University
17
Columbus State University
Bibliography Privacy Policy Statements for WebCT &topic=35986&message=35986&style=e Privacy and online learning by Roger Gabb of Centre for Educational Development and Support, Victoria University xt 9/19/2018 Columbus State University
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.