The Brandeis GPS blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Tag: Information Security Leadership (page 2 of 2)

Protecting privacy: securing your organization from cyber-crime

Woman standing in front of teamAs technology continues to change the way we experience sectors of our daily life, it’s not surprising that cyber-security risk and vulnerabilities are also on the rise. From popular fitness tracking apps to university data systems, there have been dozens of high profile security breaches in the first half of 2018 alone.

According to Trustwave, $600 billion is lost to cyber-crime globally every year. In 2016, 53% percent of IT security professionals felt more pressured to secure their organizations than in 2015, demonstrating a growing need for information security management of businesses, government agencies, and other enterprises. Now more than ever, companies need leaders who can establish teams, processes and policies to secure their data.

Brandeis GPS offers a course in Information Security Management that explores security concepts, infrastructures, standards, protocols, and best practices. that are necessary for today’s information security professionals. The course focuses on management and governance, assessing and communicating risk, law (compliance) and ethics, policies, planning (strategy and operations), contingency planning (disaster recovery and incident response), and testing. These concepts are applied and discussed in the context of common enterprise scenarios.

Throughout the course, students acquire an understanding of the fundamentals of information assurance solutions and learn to establish a comprehensive security strategy and execution plan. By the end of the session, students will be able to apply the concepts, principles, and vocabulary of IT and information security within the context of their own organizations.

Information Security Management is a fully online, 10-week course that will next run in October 2018.

At Brandeis GPS, you can take up to two courses before enrolling in one of our 12 online Master’s degree programs. If you’re interested in exploring the MS in Information Security Leadership, or would like to learn more about information security management as part of your own professional development, contact the  GPS office for more information or to request a syllabus: 781-736-8787, gps@brandeis.edu, or submit your information.

How has GDPR changed the world?

On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect to set a new standard for the protection of European individual’s rights over their personal identity data.

If you are in Technology or Security in the US, you are aware of GDPR, and, unless you have been living under a rock, you have assessed whether or not your organization needs to comply. Now, just because this regulation is new, that is to say, just because no one has gone to jail or received a hefty fine does not mean that regulators do not know what they are doing or are lax in their enforcement.

So, how has GDPR changed the world? This new regulation replaces the outdated 1995 EU data regulation, Directive 95/46/EC, which, while sound, was written before wide-scale adoption of the Internet. Simply put, the GDPR is a directive to place the control of a person’s information in the hands of the individual. It is specific to EU citizens and applies to all those classified as either ‘controllers’ or ‘processors’ of the personal information for EU citizens. This means, yes, the GDPR does apply to you if you are a US business, without a physical presence located in the EU, but you do offer goods/services to citizens of the EU.

One of the best sources for all things GDPR is the UK Information Commissioner’s Office (ICO). The rights afforded individuals under GDPR are comprehensive, such as the right to be erased, the right to restrict data processing, or to stop direct marketing. The US does not have a comparable directive, so you will need to involve your legal team to determine your need to comply. The bottom line is that the regulation is all about accountability, transparency, control and reporting.

What do you do if you’re not sure if your organization needs to comply? If you think you need to, it will take some time, so start immediately. You want to acknowledge your requirements and get a plan in place to move toward compliance. How do you do that? You can conduct a self-assessment with an ICO tool, which can be found here. The tool will walk you through and provide a score by topic area. If you missed the deadline, the most important thing you can do is act. Get your legal team together and go.

Also, put protection in place to limit your interaction with EU citizens. This can be simple and straightforward. I found an example in the form of the LA Times website.

Screenshot of VPNIP Address Information Using a VPN

I used a Virtual Private Network (VPN) to appear to be an Internet user coming to the LA Times website from London.  When I arrived at the website, I was instructed that I would be unable to view the web content.

LA Times Unavailable Message

I cannot speak to the LA Times compliance plans for GDPR nor have I contacted them, but they have put measures in place to detect the IP address of viewers and filter those from the EU.  Obviously, LA Times needs a more comprehensive solution so as not to miss a market of approximately 518 million people, but this is a great short-term solution in that it protects LA Times and  EU citizens’ rights to control the potential collection and processing of their personal data.

So, what have the results been? The online news site DataBreachToday listed the UK privacy regulator as seeing a rise in breach reporting in June of 1,750 instances, up from just 400 reported in April.  While this sounds high, a more than 400% rise in one month is an indication of compliance management.  This is the EU; this is principles-based regulation which is focused on outcomes.  Saying you do not comply, measuring, and monitoring your progress towards compliance are important.  It means you are taking accountable steps to control and monitor how you don’t comply.

US organizations may not comply, but you need to know if you must and then start working toward it.  You had two years to comply.  Take the first step and the rest will follow.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS announces new Information Security Leadership program chair

GPS recently named Joseph (Joe) Dalessandro as the Information Security Leadership program chair. In this new role, Dalessandro, who previously served as an instructor in the program, will recruit and mentor faculty, oversee course quality, and advise students on program and course requirements.

Continue reading

Ask the Expert series recap with Barbara McNamara

On April 19, we hosted Barbara McNamara, former Deputy Director of the National Security Agency, for our Ask the Expert series. Ms. McNamara captivated us not only with her deep knowledge of the information security industry, but also by her life story and the doors she has opened for other women in technology.

barbara-mcnamara-ask-the-expert

A graduate from Regis College, the Armed Forces Staff College, and the National War College, Barbara McNamara was the first woman named Deputy Director of Operations of the National Security Agency in 1994. In 1997, she became the agency’s Deputy Director and was just the second woman to hold that position. Three years later, she received the U.S. Intelligence Community’s highest award, the National Intelligence Distinguished Service Medal. At the time, she was one of the highest-ranked women in the U.S. intelligence community.

“People have been protecting their communications since the War of Independence”

Following an introduction by Michael Corn, the chair of the MS in Information Security Leadership program at GPS, Ms. McNamara discussed the history of information security in the United States. She talked about the critical role information security played during the World Wars, particularly focusing on advances in cryptography and code-breaking that occurred during World War II. She then covered the NSA’s role in protecting national security during the decades that followed — this period was characterized by a struggle to get information security equipment to field-based members of the military. While Ms. McNamara constantly stressed the importance of defending and protecting information as technology continuously evolves, another running theme from her conversation and concluding Q&A session is that those with a background in information security industry are “very wanted” and valued by many industries within the workforce.

“People in information assurance are about to enter the most exciting and challenging times of their lives.”

Our Ask the Expert event ended with a Q&A that addressed questions ranging from the measures current high-level security agents take while traveling abroad to U.S. preparedness for a cyberwar to Ms. McNamara’s career advancement in a male-dominated field. Ms. McNamara quipped that despite no plans to write a book, the title of her memoir would be “In a Man’s World.”

It was a pleasure to host Ms. McNamara at GPS and we look forward to our next Ask the Expert event.

Watch our Ask the Expert recording here

Job Opportunity: Blue Cross Blue Shield of Massachusetts

Blue Cross Blue Shield of Massachusetts is hiring an Identity & Access Management Administrator to work out of its Hingham office (with occasional travel to branches in Boston and Quincy).

BCBSMA partners with GPS to offer tuition discounts to their employees, and we are excited to share this opportunity with our community. Apply here.

Identity & Access Management Administrator

We have an exciting opportunity for an IAM Account & Access Administrator, will be responsible for administration of various BCBSMA applications security. This role requires experience working with large scale IAM solutions, developing and executing operational processes and aligning tightly with business needs. The primary deliverable for this person is to govern and administer the accounts and access including mainframe applications.

Responsibilities:

  • The Security Administrator will be accountable for initiating the process for creating user access and timely notification of ID’s and passwords enterprise wide.
  • Provide IT Security governance and collaborate with external vendor Security personnel, Help Desk and BCBSMA business area SME.
  • Administrators to provide effective communication and appropriate authorized access.
  • Coordinate and review reporting/tracking on status of access to legacy systems, remote access, and internal LAN based systems.
  • Support requests for remote access.
  • Streamline and ensure removal of all account access for associates and non-associates that have terminated employment or services with BCBSMA. Must also integrate and maintain HR and audit termination requirements.
  • Implement and support day-to-day computer security controls including but not limited to creating access and control, monitoring, security awareness relating to BCBSMA mainframe, Active Directory, desktop computers, and VPN.
  • Consult, Implement, and manage access associated with e-commerce products.
  • Develop and support audit related reporting to business for protected business groups, products & access types.
  • Other relevant job duties as assigned or required by IT/Business to support environment changes.

Education and Experience

  • Bachelor’s degree in Computer Science, Information Systems or equivalent related field preferred.
  • Minimum of 1 year of experience in Information Technology is required.
  • Experience with Microsoft Windows, Active Directory and LDAP is highly desired.
  • Previous Identity and Access Management (IAM) experience is preferred.
  • Experience with Mainframe, Unix and/or Solaris is a plus.
Newer posts »

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)