Information Security Basics

Earlier today The Pennsylvania State University announced a sophisticated series of attacks to the network within its College of Engineering. It is a disturbing occurrence on so many levels — primarily from the fact that this has become the new normal for us in Higher Education. Notice I didn’t just say Higher Education IT — this is an issue that belongs to all of us. Our networks and the access they provide is the critical life blood to accessing the knowledge and colleagues that empower us to teach, learn, make discoveries, and connect with the world. A good friend of mine once told me, “when we lose our connection to the Internet we cease being a research institution.”

If you want to know what keeps CIOs up at night the list starts with information security challenges. To that end, I want to make this as clear as possible … it is time we all make information security a priority in our work. While we are committed to a strong IS stance, we can do things that are low hanging fruit here at SBU — strong pass phrases instead of weak passwords, changing pass phrases on a regular basis, don’t leave your work station logged in when you walk away, update your operating system when prompted, question links in emails, keep virus protection software up to date, and in all the instances when you are unsure of the legitimacy or threat ask a colleague who might have an answer.

It constantly amazes me at how much doing just those things systematically can positively influence our overall security stance. I am asking for your help and your cooperation to take personal responsibility for assisting the campus and to make it a conversation about all of us and not one about information security against us.

From PSU President Barron in a message to the community …

“In the coming months, significant changes in IT security protocols will be rolled out across the University, and all of us as Penn Staters will need to change the way we operate in the face of these new and significant challenges. University leaders are developing a detailed plan that will include even more robust monitoring for malicious activity across Penn State. Over time, individual users also will see changes including the implementation two-factor authentication on major university systems, stronger password management practices, and enhancements to system and software administration.”

How NPR Is Preparing for “The Year of the Podcast”

So 2015 will be the year of the podcast? Ok by me.

“I will say we’re working on a number of different ideas,” he says. “Our hope is to really embrace the opportunity we see in front of us in podcasting. This is a great, golden moment. The popularity of Serial has shown this is not just a niche platform: This is a mainstream platform, and we should be treating it like that.”

via How NPR Is Preparing for “The Year of the Podcast” | Media | Washingtonian.

Accountability Mindset

I really like this thinking …

At the core of Job’s mentality was the “accountability mindset” — meaning that processes were put in place so that everybody knew who was responsible for what. As Lachinsky described, Internal Applespeak even has a name for it, the “DRI,” or directly responsible individual. Often the DRI’s name will appear on an agenda for a meeting, so everybody knows who is responsible. “Any effective meeting at Apple will have an action list,” says a former employee. “Next to each action item will be the DRI.” A common phrase heard around Apple when someone is trying to learn the right contact on a project: “Who’s the DRI on that?”

Read more: http://www.businessinsider.com/steve-jobs-meeting-techniques-2014-12#ixzz3MvFcPPf2