Capella has been designated a National Center of Academic Excellence in Information Assurance Education (CAEIAE) by the National Security Agency and the U.S. Department of Homeland Security. Capella’s information security curriculum meets the NSA Committee on National Security Systems standards 4011, 4013, 4014.
This center provides access to resources, tools, and the latest information regarding information assurance as a way to enhance understanding in this field of study.
The NSA’s Information Assurance Courseware Evaluation (IACE) Review Committee has validated that Capella’s information security curriculum meets the Committee on National Security Systems (CNSS) National Standards 4011, 4013, (and 4014 coming). Learn what this means to a Capella learner.
Zarestel Ferrer blogs about a new variant of ransomware that has been discovered. The exploit encrypts documents that have file extensions most commonly used in business and then requests $100 in exchange for the key. Computer Associates (CA) have made available a tool for decrypting the documents without having to pay the ransom money.
Have you encountered an example of ransomware? If so, tell us your story.
Subscribe to comments via RSS 2.0 
Noah Shachtman at Wired.com reports on a business relationship between a segment of the CIA and an Internet company that uses specialized data mining tools to monitor the activity going on in the social networking sites like Twitter and Facebook. Personal privacy laws in the U.S. require the government to use discretion when violating the privacy of U.S. citizens. These social networking sites provide a huge amount of personal information that would not be available, were it not being offered up to the public.
Is this another example of where there is a tension between the potential benefit to security and the potential abuse of privacy? Do users of social networking sites fully understand what will happen to the data they post, and would they alter their behavior if they were made aware? Share your thoughts. Post a comment.
Subscribe to comments via RSS 2.0
Many of us who work in information security have long bemoaned the shortcomings of using passwords as an authentication factor. One of the first alternatives to passwords in the form of two factor authentication was the token that would generate a one time password solution. An interesting alternative to this token solution is an ‘out of band’ solution that involves pushing a password to the mobile phone of the user.
Are any of you currently using these or any of the out of band solutions to authenticate users? Share your experiences/thoughts by posting a comment.
For more information read this white paper. Also, check out phonefactor.com and authentify.com.
Subscribe to comments via RSS 2.0
Politics is a way of life it seems, but sometimes we need to remove the politics and turf wars that do not nothing to help the security of the United States. Good and continued leadership is critical to run any organization, but with the Government’s cybersecurity program, leadership – it seems – keeps turning over. The latest person to leave states "bureaucratic obstacles and a lack of authority to fulfill her mission." (Read Another U.S. Cybersecurity Official Resigns).
There’s a big difference between authority and responsibility, the Government cannot give a department the responsibility to protect us, without the authority to do so.
Please feel free to comment.
Dr. Steven Brown
Subscribe to comments via RSS 2.0
Robert McMillan writes about the possibilities of a robot inside your home being used as an attack point by a hacker. He suggests that it would be prudent to get ahead of the curve and learn from the past. Too often the IT industry develops technologies and then waits to see how they can be misused before actually doing something to prevent it. Do you think the IT industry has learned their collective lesson and have begun to understand the need to design with security in mind?
Share your thoughts.
Subscribe to comments via RSS 2.0
The latest large scale phishing attacks not only show that people are still somewhat vulnerable to giving up personal information — they also show that we are creatures of habit. One reason why this attack was so large was that, as creatures of habit, we use the same password for multiple accounts. Once a password is figured out, all a hacker has to do is read your PC’s cookie file. Then they know the sites you’ve been on and can try logging into those sites as well. Changing/using different passwords is not difficult. There are a number of password generating software applications that you can use to create and store your passwords in an encrypted manner.
This attack has gotten so bad that even the FBI does not bank online. Read more about the attack in the New York Times.
I don’t necessarily think you need to go this far, but there are things you can do to better protect yourself.
Subscribe to comments via RSS 2.0
Janet Napolitano released an announcement today as part of celebrating Information Security Awareness Month that the Department of Homeland Security has been given permission to hire up to 1000 information security professionals. However, there was no mention of filling the long awaited slot for the Information Security Czar, and given the heat that the administration is taking on the number of Czar’s, it may well be that even if the spot is filled it will be renamed as a way of avoiding the controversy associated with that title.
What do you think?
Subscribe to comments via RSS 2.0
Capella University offers several degree programs which specialize in the information assurance and security field. Visit one of the links below for more information.
To learn more about Capella, please visit http://www.capella.edu or call 1.888.CAPELLA, option 2, to speak to an enrollment counselor.
