Information Systems Security for the Special Educator

MGMT 636 – Information Systems Security

Overview

• Awareness of information systems security in work and at home.

• Basic understanding of security techniques that can be implemented in both the work environment and at home.

Legal Environment

• FERPA– Family Educational Rights and Privacy Act

L.S. v. Mount Olive Board of Education (New Jersey)

– 11th grade English class studying The Catcher in the Rye.• An assignment required students to create a psychological

profile of the main character.• The teacher obtained a real psychological profile from the

school’s psychologist to use as an example.• Even though the profile was redacted, a student deduced

that the profile was his friend’s psychological profile.

Legal Environment

• FERPA– L.S. v. Mount Olive Board of Education (New

Jersey)

• The court ruled that the teacher and the school’s psychologist could be personally sued under 42 U.S.C. § 1983: Civil action for deprivation of rights.

• Extreme case due to negligence.

Work Computing Environment

• District and school policies concerning information systems security.– Know your data.

• Schools provide protection infrastructure.– Firewalls to protect networked computers.

• School assumes risk in case of a security breach, unless negligence is found.

Protecting Your Computer

• Password protect your computer.• Lock computer when away.• Use username and password to login.

– Do not share password or accounts.– Do not allow others use your computer while

you are logged in.• Someone could e-mail parents, students, your

boss.

Protect Your Files

• MS Office: 2010 offers AES 128-bit advanced encryption.

• iWork offers encryption.• File encryption software.

– Third party software.• Requires being able to add

software to computer.

Encryption

• Benefits– “Scrambles data” making

it unusable in it’s encrypted

state.

• Downfalls– Forgotten password.– Business continuity.

Password Construction

• In order to understand solid password creation, it is important to understand the three basic techniques to “crack” a password.

Three Basic File Hacking Techniques

• Shoulder surfing and social engineering.• Brute force attack.

– A properly designed password can make this technique take a million years to crack.

• Dictionary attack.– Avoid common words and combinations.– Avoid common password security techniques.

• i=!, i=1, a=@, and etcetera.

Password Construction

• The longer the better.• What is a bit and what does it mean?• Using a passphrase.

“and she's climbing the stairway to heaven”

Password Construction

The Next Level• Multi-Factor Authentication

– Goes beyond username and password.• Requires additional information that only the user

would know (knowledge factor).

• Increases security. Used by banks and credit reporting agencies.

– Questions such as “Name of your first pet” or “Name of company that holds your home mortgage”.

Taking Work Home• Risk transference.

– You are now responsible for data security.• Does this violate security policies?• Transportation of data.

– Flash Drive• SanDisk Cruzer offers software to encrypt the

entire flash drive (SanDisk Secure Access).

– E-Mail: Not highly secure on its own.– Laptop: Whole device could be stolen.

Home Networking Security

The firewall is the first line of defense.• Decent router with firewall.• Wi-Fi with good encryption protocols and a

strong password.

Personal Devices

Risks• Text messaging.• E-mail.• Loss of device or laptop.

– Password protect entire device.– Google’s pattern lock.

Questions?

Questions?