NIST is offering some forensic science workshops in April and May of 2013. Below is the URL to registration information if you are interested.
http://www.nist.gov/oles/forensics-030513.cfm
Center of Excellence
Capella has been designated a National Center of Academic Excellence in Information Assurance Education (CAEIAE) by the National Security Agency and the U.S. Department of Homeland Security. Capella’s information security curriculum meets the NSA Committee on National Security Systems standards 4011, 4013, 4014.
CNSS Certification
The NSA’s Information Assurance Courseware Evaluation (IACE) Review Committee has validated that Capella’s information security curriculum meets the Committee on National Security Systems (CNSS) National Standards 4011, 4013. Additional courses are needed for 4014. Learn what it means to a Capella learner.
News & Updates
The information in this section includes discussion of new attacks, technologies, or controversies of interest to the information assurance and security community. We encourage interactivity in the discussion and ask that you participate and that you share the link with anyone who may have something to contribute to the conversation. Send any suggestions for items to mbrown@capella.edu or sbrown@capella.edu
There is a link to the national news that describes an incident that presents some interesting conflicts: http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/
A student was expelled according to the article because he found poorly written code while working on a project. Finding and reporting the vulnerability was not however the issue for which he was punished. Rather it was his activity following reporting the incident that got him into trouble. This student wanted to validate that his report had been taken seriously and that the vulnerability had been corrected so he ran a vulnerability tool against the schools network without their permission rather than checking in with those responsible for managing the network. Though he may not have had malicious intent he crossed the line by probing a network without permission of the owner of the network.
What would you recommend have been done in this situation? Should the student have been expelled or would you have recommended a less aggressive punishment? Do you agree that this activity crosses the line and is worthy of punishment at all? Share your thoughts…
A recent discovery of a vulnerability in JAVA has some security professionals including some in the government recommending that users disable JAVA in their browsers until a fix can be developed and distributed. Do you agree with this advice? Tell us how you are recommending this vulnerability be handled until it can be mitigated.
Department of Defense Information Assurance Scholarship Program 2013: Apply by Feb. 4, 2013
January 3, 2013Capella learners are eligible to apply for the annual U.S. Department of Defense (DoD) Information Assurance Scholarship Program because Capella has been designated as a Center for Academic Excellence in Information Assurance Education (CAEIAE) by the National Security Agency (NSA) and the U.S. Department of Homeland Security (DHS).
Scholarship benefits
- Full tuition, books, and expenses for one year
- $17,000 stipend ($22,000 for graduate students)
- Information security internship with the Department of Defense and a professional position with the federal government at the completion of your program; this internship requires you to fulfill a period of service with DoD—most internships are located in the Washington, D.C., area
Requirements – To be eligible for this scholarship, you must: Continue reading →
The Federal Trade Commission reported today that mobile applications are collecting personal data of children and selling that data, but is this a lack of developers not offering privacy options, or that parents just do not know, and they need an awareness. If mobile applications developers do not policy themselves, the FTC may decide for future enforcement.
http://www.cnn.com/2012/12/10/tech/apps-children-data/
My mailboxes have exploded recently with whitepapers, seminars, product releases and other marketing materials all that assure me that they have the magical solution to managing Bring Your Own Device (BYOD) into corporate networks. Does your organization allow users to bring their phones and tablets to work and hook them to the corporate network? How many of those organizations are making Mobile Device Management clients pushed to their users devices as a condition of participation? Do users express privacy concerns and how do your organizations ensure that the privacy of these users are not being compromised by inappropriate use of those controls? Seems like a big discussion that isn’t being had while we all implement the technology anyway….. what do you think?
NIST has created guidance for those who are responsible for maintaining mobile device security in this brave new world of BYOD…
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-164
SonicWall has put up a ‘zombie challenge’ for those of you interested in testing out your skills:
Capella Ph.D. learner Gerardo Ortega Carrasquillo is part of the Information Systems Security Association (ISSA) Puerto Rico Chapter, and presents the conferece, ISSA Puerto Rico Fifth Annual Conference
In addition, the featured speaker will be Kevin Mitnick, along with several U.S. Government officials, which could make for an interesting conference. Details are at http://issaprannualconference2012.fikket.com/event/issa-puerto-rico-annual-conference-2012