Archive

Posts Tagged ‘cyber security’

ITM Faculty in Panel Discussion on Cyber-scams during COVID

December 8th, 2020 Comments off

Information Technology and Management Professors Mo Dawson and Ray Trygstad recently participated in a panel discussion on Cyber-scams during the COVID-19 pandemic. See the panel on LinkedIn.

WiCyS Call for Participation is now OPEN!

September 1st, 2020 Comments off

WiCyS ParticipationReady to share knowledge and experience with students, educators, researchers and professionals at the next Women in Cybersecurity WiCyS Conference in 2021 in AURORA, CO on March 25-27, 2021? The four tracks this year are Today’s Technology and Challenges, Looking Ahead, Best Practices, and Career Development. The conference itself offers technical workshops, student poster competitions, panel discussions and lightning talks, among a bevy of other opportunities. Accepted proposals will receive ONE complimentary registration per accepted proposal. You do not need to be a WiCyS member to submit a proposal or be accepted to participate at WiCyS 2021.

THE DEADLINE TO APPLY IS NOVEMBER 1. Acceptance notification is January 4, 2021. Submit your proposal at https://easychair.org/cfp/WiCyS2021.

WiCyS Conference Support Applications Now Open

September 1st, 2020 Comments off

WiCyS 2021Happy September 1st or in COVID-19 times… March 185th! We’re pleased to announce that Women in CyberSecurity (WiCyS) has their #WiCyS2021 applications for scholarships, grants, and fellowship awards OPEN! This opportunity is what WiCyS lives for… to pay it forward ❤️
Apply here: www.wicys.org/scholarships-grants-and-fellowship-awards

Post-Quantum Cryptography

September 1st, 2020 Comments off

Quantum computing is expected to change the face of cybersecurity. What is the quantum threat to public key #cryptography? Over in the CNSP #blog, CSNP COO and co-founder Emily Stamm shares the current state of post-quantum cryptography. Read it here: https://lnkd.in/gPWeSVx

Post Quantum Crypto

DoD Cyber Scholarships for 2019-2020

January 25th, 2019 Comments off

The U.S. Department of Defense is offering Cyber Scholarships to U.S. citizens who will be Juniors, Seniors, or graduate students in the fall of 2019 This is a one-year scholarship covering full books, tuition, and a $25,000 stipend for undergraduates or a $30,000 stipend for graduate students. The scholarships are renewable but require a new application each year. After graduation, scholarship recipients will work one year of federal service in a cyber security or digital forensics role for each year of scholarship support, or four years of military service. Applicants must be eligible for a security clearance. Applicants are not limited to students in the Department of Information Technology and Management but may also be students in Computer Science, Computer Engineering, Electrical Engineering, and Business, but because of the nature of the application, knowledge of and a clear understanding of cyber security is a necessity. Please read the scholarship details document carefully and completely before filling out the application. A printed and signed physical application must be delivered to the ITM Department office, Perlstein Hall suite 223 no later than 8:30am Monday February 18th so we can evaluate and include your scholarship in our funding request, which is due February 28th. The application and full details of the scholarship are included below.

Contact Professor Ray Trygstad for questions: trygstad@iit.edu. Please include “DOD Cyber Scholarship” as the first thing in the subject line of your email.

Hotel business centers can steal your life

December 2nd, 2018 Comments off

Many of us travel regularly for business or pleasure, and even though most of us probably haul along our own computer or tablet, occasionally we have to print something. Gee, right there off the hotel lobby is the business center, which today is often equipped with a nice color laser printer. How convenient! And how dangerous.

How do we get the document from our device to the printer? Most if us would probably think, oh, that’s easy. I’ll just pop it into Google Drive, or One Drive, or Apple Cloud. Then I’ll log in with the browser on the office center machine, print my stuff, and I’m done! I just did this at the hotel I’m staying at in Florida. Logged into the system, running Windows 10, and brought up Google Chrome. I looked at the photo icon on the upper right corner of the browser, and I see a picture of one of my colleagues…he never logged off from using it the day before! It turns out that closing Chrome does not log you out, even though logic says it should. I logged him off, logged in to Google, did my printing from content on Google Drive, and logged off.

Because neither Google nor Microsoft requires two-factor authentication, leaving an account logged in will allow the next system user to change your password. Once that’s done, everything in that account is theirs and not yours. Wow. Scary. Rebooting might fix it, but in normal operation, these systems hardly ever get rebooted.

Once logged off, I clicked the login icon on the upper right corner of the default Google Search screen. This took me to a list of the users that had previously logged into Google using this browser listing their name, their email address, and even their photo if their account had one linked to it. And there I was, as well as my colleague. At the bottom of the screen was a “remove login” selection. Clicking it placed an X next to each user on the list, and clicking the X removed that user from the list. Does it remove it from the system as well, or just from this list? I don’t know, and haven’t yet had time to research it.

I then moved to the machine next to this which I had used the day before. I looked at the list of Google users in Chrome, and there I was! I removed my entry and the other 10 on the screen—one at a time, of course—then I closed Chrome and logged out of the system.

I know it seems like a bit much expecting hotels to control this serious vulnerability on their office center system, but frankly most users will never even be aware of the danger, and if the hotels don’t take positive steps to control this it will never happen. I did some quick research to try to find a Chrome plugin to automatically log users out when the browser is closed, and to prevent the user list from being retained, but if there is such a beast, I didn’t find it. Clearly this is a need, and to be perfectly honest, one that the hotels and anyone else providing public access to Google logins on Chrome should expect to pay for. Free business plan: write it. Then write about it. Frankly, people are crazy not to protect their users like this.

—Ray Trygstad

ITM Department and C2SAFE to host Women in Cyber Security 2018

October 4th, 2017 Comments off

The Department of Information Technology and Management and the Center for Cyber Security and Forensics Education are pleased to announce that we will host the Fifth Annual Women in Cyber Security (WiCyS) Conference. This National Science Foundation funded event will be held March 23 through March 24, 2018 at the Hilton Chicago. It is the mission of WiCyS to bring together women in cybersecurity from academia, research and industry from across the United States. The event is exclusively designed as the forum for speakers and guests to exchange knowledge, experience, networking, and mentoring to raise interest in the field of cybersecurity. We will be seeking volunteers to assist with the conference and to meet arriving delegates at the airports later this fall.

ITM Associate Chair Ray Trygstad will serve as conference co-chair, while Amber Chatellier and Angela Jarka of the ITM Department comprise the conference logistics staff.

New New York regulations will drive cybersecurity advances

September 27th, 2017 Comments off

New regulations on cybersecurity have been published by the New York State Department of Financial Services. 23 NYCRR Part 500 will have a major impact on American business as it has serious requirements and mandates for all financial services companies doing business in New York state–which of course are almost all of them. A good article on the topic is is at https://digitalguardian.com/blog/what-nydfs-cybersecurity-regulation-new-cybersecurity-compliance-requirement-financial. Significant requirements include:

  • Policy & Program: Covered entities must instate and maintain a documented cybersecurity policy, and adopt a robust cybersecurity program, by August 28, 2017.
  • CISO: Designate a qualified Chief Information Security Officer (CISO) to oversee and implement the cybersecurity program and enforce policy.
    • The CISO must submit a written report annually to the Board of Directors and an annual compliance certification to the Department of Financial Services.
  • Data encryption: Organizations must enact controls, including encryption of sensitive data, depending on the outcome of a risk assessment.
  • Continuous monitoring: Covered entities must continuously monitor cybersecurity functionality OR conduct annual penetration testing and bi-annual assessments.
  • Enhanced multi-factor authentication: Covered institutions must employ multi-factor authentication for all inbound connections to the entity’s network.
  • Incident reporting: Covered entities must document and report all cybersecurity events.

How much do you know about cybersecurity?

August 31st, 2017 Comments off

PEW quiz header
Take the Cybersecurity Knowledge Quiz from Pew Research! Then see how you did in comparison with a nationally representative group of 1,055 randomly selected adult internet users surveyed online between June 17 and June 27, 2016.
https://www.pewinternet.org/quiz/cybersecurity-knowledge/

Categories: Security Tags: ,

DoD Cyber Information Assurance Scholarships

April 14th, 2017 Comments off

The U.S. Department of Defense is offering Cyber Information Assurance Scholarships to U.S. citizens who will be Juniors, Seniors, or graduate students in the fall of 2017. This is a one-year scholarship covering full books, tuition, and a $22,500 stipend for undergraduates or a $30,000 stipend for graduate students. The scholarships are renewable but will require a new application each year. Payback is one year of federal service in a cyber security or digital forensics role for each year of scholarship, or four years of military service. Applicants must be eligible for a security clearance. Applicants are not limited to students in the Department of Information Technology and Management but may also be students in Computer Science, Computer Engineering, Electrical Engineering, and Business, but because of the nature of the application, knowledge of and a clear understanding of cyber security is a necessity. A printed and signed physical application must be delivered to the ITM Department office, Perlstein Hall suite 223 later than 8:30am Monday May 22nd so we can evaluate and include your scholarship in our funding request, which is due May 31st. The application and details of the scholarship are included below. (Note: if you downloaded the announcement or application prior to 11:00am on Wednesday, April 19th, please download them again as the DOD provided us with updated copies.)
ATTACHMENT C IA Scholarship and Vacancy Announcement 2017
ATTACHMENT D NEW Student Application 2017-2018 (site 1)
ATTACHMENT D NEW Student Application 2017-2018 (site 2)

Contact Professor Ray Trygstad for questions: trygstad@iit.edu. Please include “DOD Cyber Scholarship” as the first thing in the subject line of your email.