Online risks are a concern for citizens in the digital society. Many sectors of the population lack training to face, prevent and solve problematic situations arising from Internet use. University researchers and innovation agents in small towns in southern Spain are carrying out an educational programme of 13 intergenerational workshops to…

ISACA, a non-profit, independent association that advocates for professionals involved in information security, assurance, risk management, and governance, recently updated its IT governance framework, Control Objectives for Information and Related Technology (COBIT). COBIT 2019 presents a logical approach to information technology and policy…

With the advancement in technology over the past decades, networks have become increasingly large and complex. In the meantime, cyberattacks have become highly sophisticated making them difficult to detect. These changes make securing a network more challenging than ever before. Hence, it is critical to prepare a comprehensive guide of network…

The objective of this audit was to determine whether the U.S. Department of Education's (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements. In fiscal year (FY) 2020, the focus of the audit was solely on Departmental Systems. This year the focus…

The objective of this audit was to determine whether the U.S. Department of Education's (Department) overall information technology (IT) security programs and practices were effective as they relate to Federal information security requirements. To answer this objective, the Department's performance was rated in accordance with Fiscal Year (FY)…

Cloud computing may provide cost benefits for organizations by eliminating the overhead costs of software, hardware, and maintenance (e.g., license renewals, upgrading software, servers and their physical storage space, administration along with funding a large IT department). In addition to the promised savings, the organization may require…

Subchapter III of Chapter 35 of Title 44, United States Code, Federal Information Security Management Act of 2002; Department of Defense (DoD) Directive 8500.01E, Information Assurance, October 24, 2002; DoD Directive 8100.1, Global Information Grid Overarching Policy, September 19, 2002; and DoD Instruction 8500.2, Information Assurance…

Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to…

Almost everyone uses social networking sites like Facebook, MySpace, and LinkedIn. Since Facebook is the most popular site in the history of the Internet, this article will focus on how one can protect his/her personal information and how that extends to protecting the private information of others.

On average, more than 90% of email is unwanted junk mail--spam. Many spam messages include annoying promotions for irrelevant products, but others include viruses and pornographic content, which can pose a severe legal issue for schools. Spam puts districts in a difficult situation as schools try to enhance learning in the classroom with advanced…

The sourcing of IT systems and services takes many shapes in higher education. Campus central IT organizations are increasingly responsible for the administration of enterprise systems and for the consolidation of operations into a single data center. Specialized academic and administrative systems may be run by local IT departments. In addition,…

An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

Much of our critical infrastructure is controlled by large software systems whose participants are distributed across the Internet. As our dependence on these critical systems continues to grow, it becomes increasingly important that they meet strict availability and performance requirements, even in the face of malicious attacks, including those…

School business administrators have long recognized the need for a workable data recovery plan regardless of cause. Yet many have not reassessed their current data backup and recovery capabilities, perhaps because they have not experienced a catastrophic failure. There are three reasons school business administrators may not realize or recognize…

Will that data breach be the end of a chief security officer (CSO)? Managing information security in higher education requires more than just technical expertise, especially when the heat is cranked up. This article takes a look at how two CSOs deal with hack attacks at their universities. When Purdue University Chief Information Security Officer…