Network and the development of new cyber-
A Foundation Built on Open, Standards-
program is open and available for all to use,
security majors at the University of Massachu-
Based Framework
improve and contribute to the overall advance-
setts, the first site expansion of BHEF’s cyber
strategy.
•
In April, 2015, the University hosted the
Advanced Cyber Security Center (ACSC) Cyber
Exchange forum, which focused on building
improved academic, government and university
relationships and collaboration.
•
In August, 2015, the University established
The University Cybersecurity Program aligns
with industry best practices including the NIST
Cybersecurity Framework (CSF) and the Center
for Internet Security (CIS) 20 Critical Controls.
In October, 2015, the National Security
ing an open, transparent program for everyone
will result in improved collaboration, an agreed
upon set of workforce skills, standard cybersecurity services, a consistent approach for risk
please visit the following URL:
management and communications.
http://www.nist.gov/cyberframework/upload/
cybersecurity-framework-021214.pdf
The problem is that colleges
and universities have small
ers could easily communicate across all levels
Information Security Officer for the UMASS
President’s Office. “From engineers and analysts who design and configure the systems
Agency and the Department of Homeland Se-
teams. They don’t typically
curity designated the University of Massachu-
have the resources in-house
make sure the systems work every day, to the
to dedicate people solely to
executives that make decisions across the en-
setts Lowell as a National Center of Academic
Excellence in Cyber Defense Research (CAE-R)
through academic year 2021.
•
In November, 2015, the University partnered
cybersecurity, unlike a financial
services firm or other large
to the managers that oversee the people who
tire organization. If you have a solid foundation,
you should be able to share and communicate
it. And, the program should have built in flex-
corporations. Unfortunately,
ibility to adapt, evolve and improve as cyber-
curity consortium, to host its inaugural Intern
in order to pass a standard
threats and our adversaries change tactics.
Fair.
cybersecurity audit, colleges
The UMASS program enables organizations to
and universities are expected
be more proactive in their approach without
with the ACSC, the region’s premier cyberse-
•
Also in November, 2015, the UMASS Presi-
dent’s Office established a Cybersecurity Program Design and Cybersecurity Risk Assessment Practice and started offering consulting
services to local colleges and universities.
•
to prove that they are adhering
to basic steps, like collecting
and monitoring security logs.
Office established a 24 x 7 Cybersecurity
Operations Center (CSOC) and started offering Managed Cybersecurity Services to local
colleges and universities.
– Larry Wilson
Chief Information Security Officer for
the UMASS President’s Office
|
CURRENT 2015-2016
contract or needing to hire more bodies to
manage it. By providing the program as a service, Wilson’s team takes the burden off of colthem to protect their critical institutional assets. The benefits of such a relationship include
increased sharing of resources and workforce
The program was designed to be a model for
development, as the UMASS program provides
emulation at other academic institutions, busi-
ample on-the-job training to student interns.
nesses and government organizations. The
18
incurring the financial penalties of a service
lege and university officials while still enabling
In December, 2015, the UMASS President’s
STUDENTS AREN’T
THE ONLY ONES
INTERESTED IN USING
SOCIAL MEDIA
“We wanted to develop a program that usof the organization,” said Larry Wilson, Chief
and implemented new academic courses focus-
•
closed, proprietary solutions. The idea of creat-
For more information on the NIST Framework,
new adjunct faculty positions and developed
ing on cybersecurity.
ment of the profession without relying on
Social media is rapidly becoming
hackers favorite target with
600,000 Facebook accounts
compromised every single day.
How is this happening?
LIKE-JACKING:
Occurs when criminals post fake Facebook “like”
buttons to webpages. Users who click the button
don’t “like” the page, but instead download malware.
LINK-JACKING:
Is a practice used to redirect one website’s links to
another which hackers use to redirect users from
trusted websites to malware infected websites that
hide drive-by downloads or other types of infections.
PHISHING:
Is the attempt to acquire sensitive information such
as usernames, passwords, and credit card details (and
sometimes, indirectly, money) by disguising itself as a
trustworthy entity in a Facebook message or Tweet.
SOCIAL SPAM:
Is unwanted spam content appearing on social
networks and any website with user-generated
content (comments, chat, etc.). It can appear in
many forms, including bulk messages, profanity,
insults, hate speech, malicious links, fraudulent
reviews, fake friends, and personally identifiable
information.
https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-thatmay-affect-your-online-safety/
Stronger Together
|
19