Monthly Archives: January 2016

Threat Event Management Team

The Threat, Event, Log, Management Team consisting of Abraham George (Chairman) Columbus State University, Jason Berry (Co-Lead) Clayton State University, Kathy Kral (Co-Lead) University of West Georgia, and members Gary Miller, Fort Valley State; Ron Stalnaker, Georgia Southern University; Robert Orr,  Georgia College and State; John Scoville, USG; Alfred Barker, USG;  Shawn Merdinger, Valdosta State; Stephen Gay, Kennesaw State;  and Hance Patrick, Georgia College and State met at the ITS Office in Athens to discuss details and strategies to provide the University System of Georgia (USG) with solutions to combat the ever increasing security threats facing the infrastructure systems of Georgia’s 29 institutions of higher learning.

During the meeting a framework was developed consisting of specific criteria such as but not limited to: level of monitoring necessary, how resource intensive is acceptable, classification of threat events, support responsiveness, cost and return on investment, and monitoring sophistication. There have been some on-campus proof of concepts by several universities using different solutions and those results were shared.

The next steps for this team will be to continue with  solution proof of concepts, meeting weekly to maintain momentum and focus, firm up the project framework, and possibly presenting at the February USG CIO meeting.

The Lucky Winner!

UITS would like to thank everyone that came out to see us during our Tech Days! It was a great success, and we enjoyed the opportunity to tell you all about our services!

We’d like to congratulate our Microsoft Surface 3 winner, Jackie! Thank you for coming to see us during our Tech Days, and we hope you enjoy your new tablet!

CZWcskOWQAEitRv


Just a friendly reminder, the CSU HelpDesk is open:

  • Monday – Thursday 6am-2am
  • Friday 6am-10pm
  • Saturday & Sunday 9am-10pm

**Hours are subject to change. Must have student I.D. 

For more information, visit CCT 124 & Dillignham Place or call (706) 507-8199.

Service  • Support  • Success

 

oneusg and the Accountability, Efficiency and Innovation Committee

 

What is oneusg?  As defined at http://www.usg.edu/oneusg, it is “..a transformative initiative to achieve economies of scale, improve efficiencies and reduce risk by uniting the University System of Georgia on a single set of policies, procedures and technology solutions across multiple administrative functions. Functioning as a unified System allows us to maximize limited resources in service of our students and other stakeholders.”

The initial scope of the oneusg initiative is the replacement of the current ADP system, transforming this platform into a USG-hosted Peoplesoft HCM service accessible by all member institutions.  Upon completion of this phase, other service platforms that may be ideal candidates for such a “shared services” portfolio will be considered for inclusion within oneusg.

oneusg_RockEagleConference_Presentation
oneusg Rock Eagle Conference Presentation 2015-10-21

In support of the oneusg initiative, the USG CIO Council Committee of Accountability, Efficiency and Innovation (AEI) has formed a subcommittee to address a best practice approach to secure authentication required to access the shared system.  The name of this subcommittee is “AEI: Authentication”, and its goal is to enable campuses to use their local authentication sources (campus user id/password) to access USG hosted applications such as PeopleSoft HCM, PeopleSoft Financial, Galileo, ServiceNow, etc through a standard web based federated authentication.

The AEI: Authentication subcommittee is chaired by Abraham George, Vice President of Information Technology/CIO at Columbus State University.  The team is composed of subject matter experts from the USG, Columbus State University, Georgia College & State University, Georgia Gwinnett College, Georgia Southern, Georgia State, Georgia Tech, Valdosta State University, University of West Georgia, and the oneusg team.

The AEI: Authentication team is currently developing a “prototype” of the federated authentication platform and plans to have a demonstration prepared for the next CIO Council meeting in early February 2016.

Five Tips to Avoid Malware in Mobile Apps

Smartphones and tablets are evolving from niche luxury devices to mainstream consumer gadgets. As mobile devices become a ubiquitous part of the mainstream culture, malware developers are paying attention and are anxious to exploit the fertile new territory.

Android is the low-hanging fruit because it combines the leading smartphone platform with an open ecosystem, and the ability to purchase apps from diverse, rogue app repositories. Other platforms seem inherently more secure, but are still not invulnerable. Despite the “walled garden” and strict curation of iOS apps, a security researcher recently demonstrated that the Apple App Store has its weaknesses as well.

A statement from McAfee proclaims, “While reported mobile malware incidents are still relatively low in number, McAfee Labs is seeing significant growth in the mobile malware threat landscape.”

To guard against mobile malware and protect yourself and your data, here are five things you should keep in mind when buying or downloading apps for your mobile devices:

Be Aware

Malware on mobile devices is nowhere near the threat that it is on PCs–particularly Windows-based PCs…yet. Malware developers aren’t looking for a challenge. They will develop malware for the platforms and devices that have the largest pool(s) of potential victims, and those that are easiest to exploit. Step one in protecting yourself is to simply be aware that the threat exists.

Do Your Homework

Think before you download. Just as it makes sense to read some Amazon reviews before buying a book, or some Yelp reviews before testing out a new restaurant, it makes sense to read some reviews of an app before you jump off the cliff. General word of mouth support for an app is good, but it is even better if you can get input from your social networks–friends and family you trust–before downloading an app.

Check Your Sources

Not all third-party sources of apps are bad, but the odds are much higher. For a platform like iOS, you have to go out of your way to jailbreak the device in order to use apps that aren’t approved by Apple. If you have taken such drastic measures, you are hopefully already aware of the risks involved as well.

Android users may not be as conscious of the threat because third-party app repositories are normal for that platform. Still, the safest source of Android apps is the official Google Android Market, or at least an app store from a trusted source like the Amazon App Store. To avoid shady apps, you should deselect the “Unknown sources” option in the Android Applications Settings.

Watch the Permissions

Mobile operating systems have enough security in place that apps generally have to request permission to access core functions and services of the device. Think about the permissions you are granting before you just tap and blindly accept them. Does that Sudoku app really need access to your contacts, camera function, and location information?

Use Antimalware

As the mobile market grows, and the malware developers take notice and begin to target it, the security vendors–like McAfee–are working to try and stay a step ahead of the malware attacks with security tools and software.

Following the first four tips will help you avoid a majority of potential threats, but antimalware software can help detect and identify any threats that slip past your defenses.

Reference: PC World “Five Tips to Avoid Malware in Mobile Apps” by Tony Bradley