Data security breaches make the headlines. We’ve read about the recent incidents at Target, Neiman-Marcus, and more locally at The Sands Bethlehem. Security professionals work to protect sensitive customer and employee data from cyber-attackers, but any gaps in security leave data vulnerable to attack. In 2013 alone, *740 million data records were exposed, and a whopping 89% of those breaches/data loss incidents could have been prevented. At an average cost of almost $200 per breached record it’s easy to see why data security is a hot topic.
Business students learn hands-on data security skills
In Professor Thiep Pham’s Business Information Systems 333 "Enterprise Security & Risk Management" class, students took on the role of the security professional and got hands-on experience with tools used to defend sensitive data against cyber-attackers. Pham and Lehigh’s Information Security and Policy Officer Keith Hartranft guided the students in loading Kali LINUX, a suite of tools that can be used to profile and exploit information systems vulnerabilities. Both security professionals and cyber-attackers use this suite. Students explored several of the individual tools to analyze purposefully misconfigured servers to assess how data might be compromised. Students also took part in a wardrive, which is a tactic used to discover insecure wireless access points.
Pham gives students the opportunity to learn from active practitioners and see first-hand many of the tools and techniques both attackers and defenders use. This gives his business students a greater understanding of the challenges and issues of securing electronic information. Additionally, students hear from a data investigations & forensics expert as well as a risk management professional over the course of the semester.
Securing the Human: the challenge of social engineering
Over *29% of all data compromises occur via social engineering, where an attacker uses psychological manipulation to get a person to perform a specific action or to divulge confidential information. In addition to many applied projects, Pham’s class viewed "Securing the Human" training videos. These videos, which are available through LTS and produced by the SANS Institute, raise user awareness of security issues, especially social engineering attacks. Each video addresses a single topic in information security and usually runs from two to five minutes in length.
Protecting your department’s data
You can improve security practices in your own department -- participate in security training from LTS!
- • LTS Information Security staff deliver security awareness education sessions to departments. To arrange training for your department, contact the LTS Security Officer through the Lehigh Portal Security Channel or at email@example.com.
- • The "Securing the Human" videos are available online via Course Site. To enroll, go to the Lehigh Portal Computing Security Channel..
For more information about LTS security, go to lehigh.edu/security.
* Report from the Online Trust Alliance (OTA)