Cybersecurity & Privacy - EDUCAUSE Reviewhttps://er.educause.edu/channels/cybersecurity-privacyThe RSS feed for blogs and articles contributed to the Cybersecurity & Privacy column in EDUCAUSE Reviewen{B10BB135-40EB-4904-A8BA-11CE94B18B9C}https://er.educause.edu/articles/2024/3/7-things-you-should-know-about-third-party-risk-management7 Things You Should Know About Third-Party Risk ManagementColleges and universities implement countless third-party products and services, any of which could pose risks to the institution, its data, and its constituents.{084B36AA-3832-4448-A1ED-67E6803B7544}https://er.educause.edu/multimedia/2024/1/4-ways-to-understand-privacy4 Ways to Understand PrivacyA chief privacy officer shares four insights to help better understand several nuanced and easily overlooked dimensions of data privacy.{B123E5A3-B310-4DFE-BA0F-21B949673D00}https://er.educause.edu/articles/2024/1/7-things-you-should-know-about-data-deidentification-and-anonymization7 Things You Should Know About Data De-Identification and AnonymizationAs the types and amounts of personal data increase, users and institutions need to strengthen the ways they protect the sensitive information they collect and use.{5523776A-C6A8-4734-9825-79E31254B26E}https://er.educause.edu/articles/2024/1/cybersecurity-incident-management-and-response-guideCybersecurity Incident Management and Response GuideEnsuring that your entire team understands what actions to take can make an important difference in how—and how quickly—your institution emerges from an incident.{A6AA8337-A2F3-4C8A-85EA-E81719B982ED}https://er.educause.edu/multimedia/2024/1/privacy-in-higher-education-underinvesting-in-one-of-our-greatest-challengesPrivacy in Higher Education: Underinvesting in One of Our Greatest ChallengesInstitutions should consider making stronger investments in, and dedicating more attention to, privacy staffing and training.{BA2BAC37-51E9-4E23-B745-D333C36BDF81}https://er.educause.edu/articles/2024/1/cybersecurity-governance-toolkitCybersecurity Governance ToolkitA vital part of any institution’s cybersecurity efforts is an effective, mission-aligned governance program.{B591D92B-7425-4EF7-9B1C-8A668A7FE7EF}https://er.educause.edu/articles/2023/8/how-the-university-of-illinois-system-conducted-a-massive-failover-test-to-reduce-risk-exposureHow the University of Illinois System Conducted a Massive Failover Test to Reduce Risk ExposureAfter discovering that it had outdated disaster recovery plans and enormous risk exposure in 2018, the University of Illinois system embarked on a five-year plan culminating in a massive failover test.{81A576F9-653C-4EB8-9EDB-7D9BAC645C9D}https://er.educause.edu/articles/2023/6/the-chief-privacy-officer-positioning-privacy-in-higher-edThe Chief Privacy Officer: Positioning Privacy in Higher EdTo be successful, the chief privacy officer needs to collaborate with many other administrative and academic offices to converge on an institutional approach to privacy in higher education.{E1ED560E-F8B1-4979-BB85-F86A31F59049}https://er.educause.edu/articles/2023/5/run-toward-the-incident-collaboration-between-academia-and-law-enforcement-for-cybersecurityRun Toward the Incident: Collaboration between Academia and Law Enforcement for CybersecurityCollaboration and partnership between academia and law enforcement can bring about positive contributions for future research and activities in cybersecurity.{16791D6A-A798-4359-B10E-8A311A2823A7}https://er.educause.edu/articles/2023/4/the-biden-administration-issues-a-national-cybersecurity-strategyThe Biden Administration Issues a National Cybersecurity StrategyThe Biden Administration has released a National Cybersecurity Strategy, a comprehensive plan to address the most pressing cybersecurity issues. The National Cybersecurity Strategy does not explicitly include policies for higher education, but some policies may open or strengthen opportunities for institutions to participate in federally funded cybersecurity programs.{BF39E581-333D-47C8-91E6-7F5CB490D6D1}https://er.educause.edu/multimedia/2023/4/introducing-joe-potchanant-the-new-director-of-the-educause-cybersecurity-and-privacy-programIntroducing Joe Potchanant, the new Director of the EDUCAUSE Cybersecurity and Privacy ProgramJoe Potchanant, the new Director for the EDUCAUSE Cybersecurity and Privacy Program, talks about his ideas for making the program more effective for members and institutions.{4B9852AD-2BD3-4905-BC3A-31F00C8DAC66}https://er.educause.edu/podcasts/educause-community-conversations/new-directions-for-the-educause-cybersecurity-and-privacy-programNew Directions for the EDUCAUSE Cybersecurity and Privacy ProgramJoe Potchanant, Director of the EDUCAUSE Cybersecurity and Privacy Program, talks about new directions for the program, his background, and his ideas about how institutions of all types can best meet the challenges around keeping data safe.{B57C2DF6-28E8-45A5-81C0-9F3310C6F5AB}https://er.educause.edu/articles/2023/1/how-case-western-reserve-university-responded-to-the-cybersecurity-insurance-crisisHow Case Western Reserve University Responded to the Cybersecurity Insurance CrisisCybersecurity is becoming more expensive for higher education institutions. Case Western Reserve University is responding to the challenge by prioritizing its security controls.{EDF8D7D3-6D78-46E3-ADED-D98234888772}https://er.educause.edu/multimedia/2023/1/ask-a-privacy-managerAsk a Privacy ManagerBen Archer, Privacy Manager for Arizona State University, answers some questions about privacy and the strategy he employs at his institution.{B17A812D-BBDE-4AB8-8278-FAA69AA3EC90}https://er.educause.edu/articles/2022/10/end-user-admin-rights-in-higher-ed-still-securing-the-keysEnd User Admin Rights in Higher Ed: (Still) Securing the KeysThe landscape of admin rights across academia looks much the same today as it did five years ago. While many institutions still grant admin rights to all employees, no questions asked, others are looking to strengthen their policies.{33FDB26F-D367-4CDD-9059-7BA231CAD350}https://er.educause.edu/articles/2022/10/cybersecurity-and-privacy-perspectives-on-the-educause-2023-top-10-it-issuesCybersecurity and Privacy Perspectives on the EDUCAUSE 2023 Top 10 IT IssuesEDUCAUSE community members offer cybersecurity and privacy perspectives on the 2023 Top 10 IT Issues.{0A6EF3CA-96CD-4385-9F74-DF591BD8AA32}https://er.educause.edu/articles/2022/10/an-inflection-point-for-the-creation-of-new-cybersecurity-operating-models-in-higher-educationAn Inflection Point for the Creation of New Cybersecurity Operating Models in Higher EducationAccumulating pressures on higher education have created an inflection point requiring two new cybersecurity operating models.{7B88C6B1-2C66-417B-8316-E962D5AC680C}https://er.educause.edu/articles/2022/9/cisa-cyber-incident-reporting-rulemaking-is-on-the-horizonCISA Cyber Incident Reporting Rulemaking Is on the HorizonWhile higher education is not covered by a pending rulemaking on cyber incident reporting, EDUCAUSE is monitoring the process given the possibility that colleges and universities could face a similar requirement in the future.{F1995849-12C1-4509-A242-6D173C0A2E0D}https://er.educause.edu/multimedia/2022/5/corporate-conversations-hitachi-id-systems-on-the-challenges-facing-higher-edCorporate Conversations: Hitachi ID Systems on the Challenges Facing Higher EdCEO for Hitachi ID Systems, Nick Brown, talks about the challenges of identity strategy in higher ed.{D7E6AEBC-CAC4-4D58-8F1D-A3D7EF110B40}https://er.educause.edu/articles/2022/5/protecting-hbcu-futures-starts-in-the-cloud-an-interview-with-mable-mooreProtecting HBCU Futures Starts in the Cloud: An Interview with Mable MooreHigher education institutions that do not achieve cybersecurity compliance are in danger of losing their ability to receive Title IV Federal Student Aid program funding. Approximately seven out of ten students on HBCU campuses receive federal student aid to pay their tuition. The Student Freedom Initiative and Cisco have begun working directly with HBCUs to identify and address cybersecurity compliance gaps at these institutions.{48264395-3B2E-4D60-94EF-209D5D713FE9}https://er.educause.edu/articles/2021/8/endpoint-detection-and-response-at-boston-universityEndpoint Detection and Response at Boston UniversityWhen Boston University’s incumbent endpoint protection tool could no longer meet the institutional needs to defend against a rapidly evolving threat landscape, the solution was an endpoint detection and response (EDR) system.{B2ED3ADB-3B27-4F3D-9A4F-BF1FC3ED461F}https://er.educause.edu/articles/2022/4/self-sovereign-identity-user-scenarios-in-the-educational-domainSelf-Sovereign Identity User Scenarios in the Educational DomainThe model of self-sovereign identity offers tempting benefits as educational systems become increasingly global and as learning spans a lifetime.{852FBC23-65D5-4A2D-ADDF-5290C518F8C0}https://er.educause.edu/articles/2022/2/zero-trust-architecture-rethinking-cybersecurity-for-changing-environmentsZero Trust Architecture: Rethinking Cybersecurity for Changing EnvironmentsA Zero Trust approach to cybersecurity can help you protect digital assets in a dispersed and changing environment of devices and connections. {3468208B-883B-4810-9EE4-83812F91C45E}https://er.educause.edu/articles/2022/1/transforming-security-awareness-during-the-pandemic-still-adjusting-on-the-flyTransforming Security Awareness during the Pandemic: (Still) Adjusting on the FlyCybersecurity professionals at four higher education institutions discuss how the COVID-19 pandemic has impacted their security awareness programs. {A7306CD4-7EEC-4411-86FA-0E342A0A4F87}https://er.educause.edu/articles/2021/12/cybersecurity-maturity-model-certification-2-0-what-it-means-for-higher-educationCybersecurity Maturity Model Certification 2.0: What It Means for Higher EducationThe first iteration of the Cybersecurity Maturity Model Certification program (CMMC 1.0) approached cybersecurity as an abstract set of rules that were largely removed from how security is practiced. The changes in CMMC 2.0 seem to be a direct response to the weaknesses of CMMC 1.0.{F7AAC031-6BDA-4E38-B5D0-8329FDC5B001}https://er.educause.edu/podcasts/educause-community-conversations/mike-corn-and-cheryl-washington-on-the-role-of-the-cisoMike Corn and Cheryl Washington on the Role of the CISO [podcast]John O'Brien, EDUCAUSE CEO and President, talks with Mike Corn, CISO for the University of California San Diego, and Cheryl Washington, CISO, for the University of California Davis, about the increasing relevance of the Chief Information Security Officer role. Originally recorded on June 3, 2021. {E55FB074-693D-4780-92ED-D5DD2E722BE5}https://er.educause.edu/podcasts/educause-community-conversations/ed-hudson-and-michele-norin-on-cybersecurityEd Hudson and Michele Norin on Cybersecurity [podcast]Two IT leaders discuss a cyberattack that occurred at each of their institutions and share insights into preparing for future threats. Originally recorded on July 12, 2021. {4158CA0A-B3C8-4D49-AD82-EBBDC706BA08}https://er.educause.edu/articles/2021/10/asking-the-right-questions-for-procuring-inclusive-accessible-technologyAsking the Right Questions for Procuring Inclusive, Accessible TechnologyConsensus best practices for evaluating the accessibility of vendor products are now incorporated into the HECVAT, a tool for product security, streamlining vendor risk assessment.{AF54BE89-B72F-468C-8083-55317D986213}https://er.educause.edu/articles/2021/10/hecvat-3-0-launches-to-outer-spaceHECVAT 3.0 Launches … to Outer Space?Updates to the Higher Education Community Vendor Assessment Toolkit modernize the questions, improve usability, and add accessibility as a new dimension for product assessment. {9DE5D2CB-732F-4C57-8AFF-67B1034297B4}https://er.educause.edu/multimedia/2021/10/corporate-conversations-danielle-rourke-from-dell-on-future-tech-trendsCorporate Conversations: Danielle Rourke from Dell on Future Tech Trends [video]Danielle Rourke, Senior Strategist for Higher Education at Dell, an EDUCAUSE Platinum Partner, offers her perspective on the next five years of technology.{E7177E0E-6756-4E18-949D-6C359D841032}https://er.educause.edu/multimedia/2021/7/community-conversations-ed-hudson-and-michele-norin-on-lessons-learned-from-a-cyberattackCommunity Conversations: Ed Hudson and Michele Norin on Lessons Learned from a Cyberattack [video]Two IT leaders discuss a cyberattack that occurred at each of their institutions and share insights into preparing for future threats.{C93ACA1F-44BC-4F0A-B325-C747286148C3}https://er.educause.edu/articles/2021/6/the-increasing-threat-of-ransomware-in-higher-educationThe Increasing Threat of Ransomware in Higher EducationCyberattacks are increasing in frequency and impact. Defending against ransomware attacks requires a tiered approach to security with a Zero Trust model at the heart of the methodology.{089B09F1-7F6B-428E-9A4B-6A85C7517240}https://er.educause.edu/articles/2021/6/privacy-implications-of-exif-dataPrivacy Implications of EXIF DataWhile most providers of online education services remove metadata from uploaded profile images as a standard part of their service, the practice is not universal.{84BEDD26-6588-41F9-9A45-D35BD120EC72}https://er.educause.edu/articles/2021/6/research-raiders-how-to-protect-collaborative-dataResearch Raiders: How to Protect Collaborative DataCollege and university research departments often collaborate on data collection and analysis, with the aim of a more thorough and expedient validation of findings. Yet the transfer and/or processing of this valuable material can put institutions at risk of losing intellectual property and sensitive information.{8EA040DD-576C-40D0-8564-D6D1F0DCC181}https://er.educause.edu/podcasts/educause-exchange/cybersecurity-as-a-career-pathCybersecurity as a Career PathLooking at cybersecurity as a career path can be intimidating, but many working in this field didn't start out with intentions to work in cybersecurity.{B3157449-DBFB-4BE0-B7DB-8C5CB59A4995}https://er.educause.edu/multimedia/2021/6/community-conversations-mike-corn-and-cheryl-washington-on-the-increasing-relevance-of-the-cisoCommunity Conversations: Mike Corn and Cheryl Washington on the Increasing Relevance of the CISO [video]John O'Brien, EDUCAUSE CEO and President, talks with Mike Corn, CISO for the University of California San Diego, and Cheryl Washington, CISO, for the University of California Davis, about the increasing relevance of the Chief Information Security Officer role.{5B4DEF1F-B146-45C1-800E-57F730C8F4F7}https://er.educause.edu/articles/2021/4/shielding-campus-data-from-the-bad-guysShielding Campus Data from the Bad GuysThe price for not adhering to data-protection regulations can be costly for colleges and universities. In many cases, the safest route to full compliance is partnering with experts who can help. {4B6CE3CA-65D8-4F6E-B902-BA01A6009F73}https://er.educause.edu/articles/2021/3/adopting-a-zero-trust-approach-in-higher-educationAdopting a Zero Trust Approach in Higher EducationToday, more than ever, adopting a Zero Trust approach is imperative for helping higher education institutions reduce security risk across their environments. {BB33D753-7A23-4B7D-B0A0-722DF729C532}https://er.educause.edu/articles/2021/2/moving-identity-management-forward-the-preauthorized-and-delegated-access-request-modelMoving Identity Management Forward: The Preauthorized and Delegated Access Request ModelDeploying a preauthorized and delegated access request model for identity management can streamline the business process and increase efficiencies around fulfilling self-service requests, all while not giving up governance.{74641C36-F9E9-4575-9CB6-2380B0A1586D}https://er.educause.edu/articles/2021/2/proctoring-software-in-higher-ed-prevalence-and-patternsProctoring Software in Higher Ed: Prevalence and PatternsHow common is the use of remote proctoring among North American colleges and universities? Should the higher education community be concerned?{B23B037F-3656-48D5-927C-D84D7900E521}https://er.educause.edu/articles/2021/2/data-privacy-in-higher-education-yes-students-careData Privacy in Higher Education: Yes, Students CareMany in higher education believe that students who have grown up using digital technologies (“digital natives”) have little concern for the privacy of their data. Research proves otherwise.{C4EB362A-2376-438D-B043-D9FC731E6740}https://er.educause.edu/blogs/2021/1/data-privacy-day-2021-outreach-six-words-about-privacyData Privacy Day 2021 Outreach: Six Words about PrivacyBoiling thoughts down to six words highlights what people consider to be the most important dimensions of a topic. On Data Privacy Day 2021, we look into the topic of privacy through the lens of the University of Michigan’s Six Words about Privacy project.{C1CD4B03-BF3D-4611-B68A-32D8621E8764}https://er.educause.edu/blogs/2020/12/have-you-updated-your-wisp-latelyHave You Updated Your WISP Lately?The policy lifecycle is a tool that information security practitioners can use to ensure that its WISP and related information security policies are properly managed from conception to retirement.{AF0D2F97-E479-452D-9746-D97C708A64F4}https://er.educause.edu/blogs/2020/12/december-2020-the-importance-of-risk-assessment-when-reading-terms-and-conditionsDecember 2020: The Importance of Risk Assessment When Reading Terms and ConditionsCampus privacy and security professionals can adapt these materials to build awareness of the importance of evaluating the terms and conditions and privacy policies when acquiring new software and hardware.{6EB9AD32-BE69-4218-A5D2-F0FDB673296D}https://er.educause.edu/blogs/2020/10/ciso-tuesdays-a-day-in-the-life-collection"CISO Tuesdays": A Day-in-the-Life CollectionA day-in-the-life series launched in June 2020 sheds some light on what the role of a higher education CISO (chief information security officer) entails on a daily basis. {87A2E95D-2FA1-47F6-87F1-DF7DABB86064}https://er.educause.edu/blogs/2020/10/october-2020-bonus-post-the-magical-world-of-password-managersOctober 2020 Bonus Post: The Magical World of Password ManagersA skeptic overcomes uncertainty and anxiety, adopts a password manager, and becomes a champion of the technology.{249FBA24-9FDB-4538-A4FC-C62E5FA0861E}https://er.educause.edu/blogs/2020/10/hecvat-2020-and-beyondHECVAT 2020 and BeyondThe Higher Education Community Vendor Assessment Toolkit (HECVAT) core group will be hosting a special online session to get feedback, explain how HECVAT can help address the higher education community's cloud security assessment needs, assist universities with measuring vendor risk, and help protect sensitive data.{147DA990-716A-486F-AAE4-39115D00C01C}https://er.educause.edu/blogs/2020/10/october-2020-misinformation-disinformation-hoaxes-and-scamsOctober 2020: Misinformation, Disinformation, Hoaxes, and ScamsHelp campus community members learn how to identify misinformation and disinformation campaigns and avoid falling victim to online hoaxes and scams.{2C041EBA-18E8-4B04-94BC-DF098F534345}https://er.educause.edu/blogs/2020/9/privacy-and-security-the-six-words-projectPrivacy and Security: The Six Words Project [podcast]Two IT security leaders find a new way to initiate campus discussions about the critical importance of privacy and security to higher education institutions.{19A168EC-1AC8-43EA-9CC6-3C3026C4BB22}https://er.educause.edu/blogs/2020/8/covid-19-business-continuity-working-from-home-and-cyber-resilienceCOVID-19 Business Continuity: Working from Home and Cyber ResilienceIn times of crisis, one of the guiding principles for leaders is to trust and enable the people in the organization who will be asked to go above and beyond.