Learning, teaching and scholarship is not restricted anymore to on-campus classrooms, libraries, laboratories and dormitory rooms, says Dennis Devlin, CISO of Brandeis University, who will be a featured speaker at next month's SC World Congress in New York.
"Learning, teaching and scholarship also occurs in wireless hotspots, internet cafés, hotels and hostels, off-campus residences, and any other place where creative or critical thinking can occur," Devlin said.
An effective university information security and privacy program must acknowledge this reality, he added, focusing heavily on people and process, as well as technology.
"Part of my university's mission entails teaching our users to think the way that we as information security professionals think," Devlin said. "The ability to operate safely in a hostile network environment has become a critical literacy for anyone who uses the internet as an educational resource."
Colleges and universities have always had to favor openness and interoperability, Devlin wrote in a recent article in SC Magazine. It is very difficult, if not impossible, to both promote exploration and deny by default at the same time, he said.
In his presentation, "Security awareness training: The importance of information security and privacy literacy," scheduled for Nov. 11 at 9 a.m., Devlin will explain how every intelligent device that connects to the network needs to be current with patches, protected from malicious code, firewalled, registered, and strongly authenticated. And every piece of sensitive or regulated information needs to be recognized and managed with appropriate standards of care during its entire lifecycle.
"Multiple, uncontrolled copies of sensitive information for convenience is no longer acceptable," he said.
The challenge of this approach within academia is that it requires a combination of technical solutions, policy, education and the active participation of every member of the academic community, he added. However, the benefit of this approach is that it acknowledges reality, does not assume protection from any particular context, and is thus transferable to all situations.