Week 5 Security Discussion Comments

  1. There is no way to totally (100%) prevent a computer security breach. There is also no way to guarantee that a bank branch cannot be robbed no matter how much you spend on security. Well planned security investments and procedures can greatly reduce the probability of a security breach but cannot eliminate the possibility entirely.
  2. In both the Disaster Recovery Discussion and this Security Discussion, taking backups was frequently mentioned. Most backup software provides an option to encrypt the backup files. It is important to take advantage of this option. If you do not encrypt your backups, the only thing preventing a storage provider from accessing the data is their integrity, policies and procedures. 
  3. There is frequently a trade-off between security and convenience. I would prefer to access acats2k12 remotely as I do now without driving from Evanston to River Forest each time I need to access that server on the Dominican Network. Dominican spent over a year elapsed time establishing a secure but straight-forward way to access that server without allowing access to other parts of the network (such as the computer in my office).
  4. Even a minor security incident can be painful to customers. My Discover Card number has been compromised several times. Each time it is necessary to go to many online sites and change my credit card number (Illinois Tollway, CTA Ventra, ...). Last time this happened, I opened a separate credit card account to use only on selected sites where automatic renewal is critical such as the hosting company where dombsb.com and millerjw.com are hosted.
  5. Here is a link to a short article published on 08/09/2016 about companies that prioritize innovation over security.
  6. How well IT repairs computers or how quickly they respond to your requests does not have a direct relationship to how well your company protects assets at risk.
  7. Several of you mentioned employee training in security awareness. In my opinion many companies underestimate how valueable that this can be.
  8. The Internet of Things presents new security challenges. Now, even pop machines want internet access so that they can report when the need restocking. It is necessary to make sure that employees at the pop machine company cannot access critical informaiton on your network.
  9. The IT Department periodically sends out test phishing emails to see who would follow a suspicious link within the email.

    10. Week 5 Disaster Recovery Comments

  10. Faculty machines are not backed-up by IT. It is our job as faculty to make sure that documents that we care about are on the n:\ drive or on One Drive.
  11. Faculty can control when a Canvas course disappears. I can see my Fall 2013 Junior Seminar but I have set it so that it is no longer visible to students.
  12. Dominican's IT Department is small. The staff directory at https://www.dom.edu/directory?name=&department=6070841 shows 16 staff and two of these are involved in designing courses for Canvas. The list does not include part time student workers.
  13. The reason that there is not information about security breaches in the DR plan is that Dominican has a separate set of secuity documents. Dominican uses an outside firm to do security reviews and make recommendations. I have not asked to get this information for us because I haven't wanted to invest effort in redacting the documents.