Both, ITACS Students represent an information security vulnerability with Temple University as does Temple to Students. This is due to the fact that Universities are large organizations that are targeted by many cyber attacks a day as they contain valuable information from students and staff within their database that can be extracted if there is not a proper set of security measures. For example, Temple University must have training and policy guidelines for students and staff to prevent any insider malicious attacks that can occur through phishing emails, but on the other end Temple also has to prevent phishing emails getting through the network and into students and staff inboxes by utilizing spam blocking software, and make sure it is up to date with the practice and policy standards within the IS. In conclusion, both parties must do their part on their ends to prevent any breach from occurring,
I agree with your post and appreciate your mention of policy. Clearly defined policies, that users understand, are critical to the success of a security program. To that end, security awareness training may be the most important component of mitigating cyber risk.
ITACS students represent information security vulnerabilities to Temple University as well as each other. Considering that humans are the primary vector for loss, this makes sense. Coupled along with the inconvenience that comes with security, current social media trends that tend to lead to oversharing of information, and the desire to access information from anywhere, ITACS students can and should be considered a security vulnerability. ITACS students may also fall victim to social engineering and phishing attacks, which makes it more important than ever to be aware of the importance of information security and risk management.
Yes, human failure is typically the vector for loss. This is due to the fact that humans can be very mis-caring at times and this could lead to very bad outcomes to potentially breaching the entire system due to an accident.
ITACS students, being the human factor within the overall security chain, can represent information security vulnerabilities to Temple University if we do not practice proper security hygiene. These vulnerabilities can be present in what websites we access while using campus networks, using our Temple email address to sign up for various services. If these services get breached the exposed academic email address can be used to gain unauthorized access to Temple resources.
The potential vulnerability ITACS students represent to our classmates is low but not zero, as we are sharing media devices and granting access to shared drives to complete projects. If we do not utilize proper access controls for media sharing, we can inadvertently expose potentially sensitive information to unauthorized viewers.
I agree with you with class mates being inadvertently a risk. However; I’d also like to suggest that sometimes malicious attackers are people we know. When we are introducing removable media to other individuals that we are working with everyday. I wouldn’t be surprised if students extracted information via social engineering or had malicious intent when working with other group members and their devices. It’s extremely unlikely and we wouldn’t want to think about it; but strangers are unpredictable.
I appreciate this viewpoint, Michael, as it opens the conversation to some points in regard to social engineering. As a student at a university, entering a building and holding the door for friends, or even people we do not know, is rather commonplace, as one would normally expect people wandering about a university campus to belong there. This creates a risk to the university, and to other students, if for example the person tailgating did not actually belong, and was a malicious actor. However, despite policy in place often advising against holding the door for people, it is a common social engineering abuse that people want to help other people.
Kelly, I agree, students should be more aware about the dangers that we can present to each other when using media devices in a public setting such as Temple. Without proper access controls it can be very detrimental not just to students but the whole University. At my workplace, you have to ask and let the security department know ahead of time when plugging in a usb device, this is due to the fact that security for IT department is more secure than other departments because we have so much more access.
ITACS students represent security vulnerabilities to both Temple University and each other. These vulnerabilities may arise from phishing emails, breeches, malware, and other means that capitalize on the technology connections shared by students, faculty, and administrators.
For example, a student may fall victim to a phishing email and unknowingly surrender their login to a bad actor through a credential harvesting site. This actor can then use the student’s account to send additional emails with malicious intent. Anyone in the student’s contacts is a potential victim and this could quickly spread across the university.
Another example is the possibility of vendors employed by Temple University experiencing a breach and exposing sensitive student information, e.g. emails, phone numbers, social security numbers, etc. used with their service. This information could then be used to commit fraud and other illegal activities in the student’s name.
I agree that ITACS students represent vulnerabilities to both Temple University and each other.
I also liked how you included examples of each case – I think it’s super important that students (and Temple University!) are aware of all the potential avenues attackers may take to exploit vulnerabilities in a system.
ITACS students represent information security vulnerabilities to both Temple and each other, but we are not alone. Other members at Temple, be it the student body, faculty or staff, represent the same vulnerabilities. In a security model, no matter how strong, humans will always be the weakest link because we are error-prone. Those of us in the ITACS program, along with the other members at Temple, may become prey to a hacker’s phishing attacks or accidentally install malware which, if connected back to the university’s network could pose a larger issue.
Now in today’s world, security has become more of an inconvenience, even for something as small and simple as two-factor authentication. This goes hand in hand with what Vacca stated in his book Computer and Information Security that the trend is to share data not protect it. As students of Temple University, we can share and receive data as we please from sources inside and outside of the organization, and we do this with little concern about the security risk. We have access to cloud drives, email, and flash drives which is great in terms of global access to data and sharing among classmates, but, a curious mind will take that flash drive or download an attachment as a harmless act and unintentionally introduce malware to their personal computer or the university/organizations system.
Security vulnerabilities caused by human error can’t be prevented, but they can be mitigated with the proper training, provided not only to faculty and staff but the student body as well.
Hi Dhaval thanks for sharing! I liked your insights regarding how ITACS students should be considered vulnerabilities to Temple University. You touched on the fact that we have access to so many great services including cloud drives, email, and flash drives. Access to all of these services certainly brings to light that security requirements are needed and it requires buy in from all temple students. There can be cases where 9 out 10 users on a shared drive quality security posture – but it only takes exploitation of the 1 user who has poor security posture to potentially expose any information that is on the shared drive to unauthorized users.
I would say it goes both ways for ITACS students and Temple University. If for instance a student were to be involved in a phishing attack when they open their Temple email account, this would certainly cause some kind of severe damage to both sides. As an educational institution, Temple has access to students contact information, academic records, etc. It would also be disastrous if a hacker had access to obtain countless student records, or even information from faculty and staff. That is why it is imperative that safety precautions are in place to help protect highly sensitive information from both parties.
I agree with you that ITACS students and Temple University are two-way. Because as a huge educational institution, it contains countless information, not only contact information, but more educational information is also easy to be stolen, and for these, safety precautions are important. The school protects students’ information security, while also maintaining their own safety and development
They represent vulnerabilities to both and to each other.
Students can unknowingly download malware if they click a suspicious link on the internet or via email. This could lead to a breach of their Temple account, or a security breach on a Temple computer (if they were using a Temple device). Students could also potentially be using recycled or insecure passwords, making themselves easy targets.
Classmates have varying amounts of info on their peers. Names, contact information, class schedules, etc. If their device or accounts are compromised, an attacker may gain access to this PII. Classmates can also unknowingly share malicious links or websites with their peers. TAs have access to additional information and pose a bigger risk. They have access to grades, projects, class rosters, etc.
Temple also represents a vulnerability to the student. Temple has a wealth of information on their students – academic records, financial information, social security numbers, contact information, addresses, PHI, emergency contact PII, etc. If Temple experienced a data breach, there could be a significant number of individuals affected – employees, students, alumni, and potentially even people who applied but were not accepted.
I agree with your statements. Humans are going to be the weakest link in any organization including Temple. With the amount of information that is accessible to us as well as the university our chances of getting attacked or inadvertently attacking ourselves (social engineering) drastically increase.
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain your answer.
The answer is Yes ITACS students do represent security vulnerabilities to both the University and each other. Any user of a system (or set of systems) represents a potential vulnerability. The risk that this potential vulnerability represents to the University is managed via policies, procedures, best practices, tools etc. (complex passwords, multi-factor authentication, RBAC, etc).
Likewise, the risk to each other should be managed in how we interact and work together – sharing a USB thumb drive, emailing docs to each other, not sharing passwords etc.
I definitely agree with you on how we interact and work together as sometimes we can have a virus in our devices without knowing it. The school also needs to always come up with new policies, rules, standards and softwares to protect their information security.
I believe ITACS students represent information security vulnerabilities to Temple in both ways. Nowadays everything has become computerized in a sense that made it easily for people like us to use technology to do anything. Having access to some platforms at Temple is great because as a student, it allows you to have all the information and resources you need to learn, do your work and be a good student. However, with the flexibility of having some students taking some online classes make it a little bit difficult for the school to control their information security. We use our own laptops, cell phones, iPads etc.. to log in to the school platform from our own internet or network sometimes unprotected for the school information security. For instance, we click on phishing email links or accessing websites inadvertently that bring virus to our own devices causing some technical difficulties on the school system. Among us, there are some malicious students that are downloading some apps to navigate through the school system to access others private information which causing he school to come up with new security ideas on how to protect those data.
It’s good that you brought up what some students may do to gain unauthorized access to private information. It is very unfortunate for security professionals and/or management to have to constantly bring ideas to the table and try to have a reliable security plan in place that will keep students, or any other unauthorized individual, from gaining access to information that they know is off limits.
ITACS students do provide an inherent security risk to Temple University(TU) and each other. This is because TU is a large university organization and as such is subject to many security risks, both by way of cyber hacks and physical or informational assets. Data is kept in a variety of formats ad thus can be exposed in many ways. Students and faculty are assets as well. Unintentionally they can relay information that may be deemed as needing to be secure. Per our readings in ‘Computer and Information Security’ personnel assets make up roughly 80% of the cases by mishandling and security risk violations of information and data. The size of a well known university such as Temple makes it a high value target for security vulnerabilities.
Temple University can also be at risk for unintentionally releasing student or faculty information via the student portal or faculty sites. Student or faculty information such as address and phone numbers, IDs and email are intended only for school purposes. Security vulnerabilities lie in the way we track such data. This information is kept online for paying staff, tracking students bills and addresses and phone numbers. This security vulnerability poses increase risk for all staff and students information.
I too believe that ITACS students represent information security vulnerabilities to each other as well as Temple. With Temple being a university in the midst of a pandemic who are still trying to be as active with their students as possible, this could lead to more opportunities for data breaches due to the higher volume of virtual activity going on. I also liked how the Temple staff was acknowledged as well and not only the students. If a data breach occurs within Temple’s system, the hackers could also gain access to staff payroll information, credit/debit card information, and social security numbers, putting Temple’s employees at just as much risk as their students.
ITACS students are liable to represent an information security vulnerability to Temple University, as well as each other. First I would say this is the case because although we are trying to become experts in this craft, we are still currently on the novice level. With that being said, we are very like to be negligent and not conform to the best practices which will mitigate vulnerabilities.
Some of us know more than others, and still don’t utilize the knowledge. For instance, I passed the CompTIA security+ certification in 2013. Even though I know the importance of security, I don’t even put a password on my iphone. I also use the same passwords for multiple accounts. I am 100% aware that my actions do not align with the objectives I learned for the security+ exam. Honestly speaking, ITACS students, (myself included) are not above negligence… which is a gateway to information / data being compromised in some form or fashion.
ITACS students would represent vulnerabilities to both Temple University and each other. Students represent a risk to Temple University by introducing a variety of threats that are often unintended. ITACS students in particular typically are more technical than the average end-user. However; in contrast they are equipped with a subset of skills that allows them to understand the context of the system which could pose a risk to Temple University if they are unware of exploits. That being said, security policies and configuration management likely in place at Temple results in existing mitigations/predisposing conditions results in a low residual risk.
Students pose a risk to each other by a variety of vulnerabilities. More often than not this is unintentional; for example sharing a thumb-drive or having your temple email hijacked and sending all of your peers faulty links via email. Students can also be bad actors and take advantage by other vantage points such as social engineering (i.e shoulder surfing).
Although the risk is relatively low; malicious actors exist in every environment and should always be taken account for.
Thanks for your thoughtful analysis but the Temple University need to use firewall protection, which is a digitally created barrier that prevent hackers from getting access into the Temple University’s computer system.
ITACS students represent information security vulnerabilities to both each other and Temple University. ITACS students provide a threat to the school itself because we are all signed into the TUPortal network, which grants us access to many different websites and information assets that Temple owns.
ITACS student represent information security vulnerabilities to each other via the vulnerabilities we represent to the university. I would relate this to when an employee of a large company, (say, T-mobile), makes a security mistake that results in millions of customers and coworkers social security numbers and ID information. The TUPortal network is a network just like T-mobiles business network, with valuable data being held in the network and an endpoint being us (students).
Hello Michael, I do agree with that the student represents a vulnerabilities to both each other and Temple University. If the malware (worm) is installed within the users devices then it could spread and be installed within other student devices without any end users interaction. Students could also unknowingly click on the phishing email or visit any website with malware could introduce the malware within the University’s network. Which could also possible allow an attackers an access to the University’s network.
I think that ITACS students represent the information security vulnerabilities of both Temple University. Because where there is information, it is easy to have information security problems, and it is difficult to ensure that the information is not leaked on the network where a large amount of information exists. ITACS student information may also be leaked out by major websites or software, and ITACS student information security also needs to be taken seriously. This means that the degree to which we attach importance to network security also reflects the degree of information security protection provided by Temple University. We need to pay attention to the protection of personal information and campus information, and the school should also have a corresponding protection system.
I agree with you Dan; it is critical that as information security professionals in-training, we put these best practices and ITACS principles into action. It is important for our professionalism, and to keep Temple as secure as possible.
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both?
I would say both. Temple University is a huge organization and a target for potential attackers. It houses students sensitive data and a student could a victim of a breach at any giving moment. Students also could represent IS vulnerabilities to each other. Who is to say an ITACS student is not an attacker themselves? Negligence will always be a possibility and with so many students in the mix there are bound to be security incidents. It only gets more risky as depending on the ITACS student, they may have access to security systems that other students do not, and could potentially cause much more damage if they are negligent.
ITACS students represent information security vulnerabilities to both Temple University and each other. As students we have access to many of Temple’s resources. With the computer labs that we have access to as students, we have a direct line to Temple’s systems. Humans are the biggest single source of loss due to negligence. Students may misuse these computer systems by unknowingly connect an infected USB or browse to a malicious site. And with BYOD being an accepted feature of Temple, our personal devices are connecting to these networks, and we are linking our accounts to access data conveniently outside of school.
Any time you share a network with other individuals or share a service like email where you are linked via an address book, you are at a potential risk. An infected device on the same network as you can lead to your own devices being infected. I think the biggest vulnerability would be with email, specifically regarding email compromise and phishing. If one of your fellow classmates had their email compromised and sent out a malicious link, there is a good chance that some other individuals are going to click this link and compromise their accounts. It is important to remember again that humans are the most prevalent security vulnerability, regardless of whether the relationship is Student to University (i.e. Employee to Employer) or Student to Student (i.e. Employee to Employee).
I believe ITACS students should definitely be considered as security vulnerabilities to Temple University as well as to other students. As the reading suggests, threat actors are increasingly setting their targets on individual employees rather than than the organization itself since they are typically investing more money in perimeter defenses. For example, malware is being sent as email attachments, asking recipients to open the attachment. The end user, who in more cases than not is unaware the email is from a threat actor, clicks on the link which subsequently infects the machine.
We live in a world now where we want everything to work as easily and efficiently as possible. This trend has led to security being an afterthought due to it’s complex planning and implementation requirements. While 99.9% of users can take security very seriously, it only takes one person who uses, for example, a weak password to provide unauthorized access to a threat actor to perform malicious activities, which certainly would have an impact on the rest of the students and their personal information in the ITACS program.
Security can only be enforced if and when controls are in place to mitigate and prevent inherent risk. For risk to be contained, Infrastructure (traditional or cloud) must be secured. IT infrastructure encompasses Hardware, Software, the Network (internet) and Meatware (Human beings). The most critical and volatile of the four mentioned are human beings. People implement processes but the truth of the matter is that people are also the processes to control. The best technical controls within an enterprise are useless if controls do not exist to manage the people who configure, implement and use these controls. With regards to the question at hand, the students represent information security vulnerabilities to the school and vice versa. The students have access to the the University data, processes and procedures that could easily be compromised and misused to create data loss, theft and destruction. The school on the other hand extracts and holds student data (PII) that could be compromised without the proper privacy policies, practice, procedures and standards in place to protect same.
ITACS students represent information security vulnerabilities to both Temple University and each other. Before we started this semester, a few scams were sent out to all of Temple University’s faculty and students. How many people do you think clicked on this scam?
With my personal experience, I work as an IT Auditor. Banks do require phishing training to be done. A bank personnel will create a phishing hack and will be able to see how many employees click on it. Those employees who do click on it, are required training. If an employee does not pass the training with over an 80 percent, the training is repetitive until they do reach over that 80 percent.
This is so important to organizations because it can create a security breach. We as students, participate in so much more than classes. We join clubs, interviews, and the network. We and Temple University are at risk.
ITACS students should be considered as information security vulnerabilities to Temple University and to each other. Students can be thought of essentially as third parties. With that under consideration, an organization should constantly be protecting itself as well as any third party endpoints or systems with which it may come in contact. If a student’s machine were to be compromised and then proceed to access Temple University systems, servers, or websites, it could create a new vulnerable entry point between the associated network of Temple University and the other ITACS students.
ITACS students, unfortunately, represent vulnerabilities to the university as well as to each other. Humans create a vast amount of risk to information security–especially through ignoramus. Take the example of a student falling victim to a phishing scheme via email. Someone clicks something they should not click on a device connected to the Temple intranet, potentially losing confidential information (such as login data to Temple O365), which can then be used to contact individuals (i.e employees/professors) with higher system privileges. The spread of malware can then reach a multitude of assets, including fellow students. In this same example, if a hacker successfully breaches the Temple health department, thousands of students’ HIPAA-protected data is released. Hackers can sell this data on the dark web, tarnish Temple’s reputation, and so forth. In summarization, yes, students carry a strong human information security threat to both the welfare of the university, as well as to each other.
ITACS student’s do definitely represent information security vulnerability to both Temple University and to each other due to the fact that they are an integral part of the University. Students play a major role in information security and vulnerability, Intentionally or unintentionally.
Students have many software, and other devices such as smartphones, laptops which provide them resources and give them access to authorized privileges. Students can misuse these devices knowingly or unknowingly that can have a large impact on Temple University Information Security and on themselves.
Not everyone is aware how smartphones are part of the security concern. For example, if a student shares photographs of the University Campus he/she is trying to show what the university campus is like, however a hacker might look at the photographs to acquire information on perhaps the student, staff, campus location, and any other information they might find useful. This in itself is a huge security concern for the university or student.
The university is also part of the vulnerability if it doesn’t have strong security infrastructure or policies. Having a faulty security system can pose a huge security risk allowing hackers to hack into the system and steal information.
Temple university has a huge task of maintaining privacy and the security of the students and everyone in association with the university. Having strong security infrastructure can help mitigate the vulnerabilities that arise from the students and threats from within and outside the university
The ITACS students along with other individuals at the Temple University represents the information security vulnerabilities. As anyone could be a victim of any type of cyber-attack. Any misconfiguration within any of the systems or network (router or switches) could introduce the vulnerability within the organization. Allowing a personal device connecting to the University’s network could introduce the malware to the organizations network if the device has malware installed prior to connecting to the University’s network. If the students are sharing their password with other students or anyone could have get their account compromised by other individuals or could use those credentials to gain unauthorized access to that University’s network. Anyone could also be a victim of phishing email and if anyone would not be able to recognize that it’s a phishing email and clicks on any attachment or link could get the organizations network at risk.
I agree with you wholeheartedly with regard to your fantastic analysis on vulnerabilities attack at the Temple University but you must understand that the University need to have adequate anti-virus software and they must regularly updated their anti-virus software and that they must do that once a week in order to locate and eliminate any malware, spyware, viruses and other problems the students could bring in their bid to access the university websites.
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both?
I believe that ITACS students represent information security vulnerabilities to Temple University as well as each other. As a student, I’ve received multiple phishing emails over my time at Temple. Students have the freedom to accidently download malware through one of these emails via clicking the link within the email. This could result in their Temple account being hacked, or if they’re working from a school computer like one in the Tech Center, this could result in Temple’s entire system being breached. This affects each student as well because Temple has access to very important records of each student. These records include your name, date of birth, address, billing information etc. These records being breached are a great vulnerability.
I agree that ITAC Students represent a security information vulnerabilities to the Temple University because of new technology is being released everyday and it is often came with new gadgets that have some form of internet access that Students could conceal and use them to access the University information with no plan for security measures being implemented to ensure its effectiveness. And this would certainly pose an inherent risk to the University.. The rapid advancement of technology is testament to innovators, but security appears to be lagging severely in that regard. Cybercriminals are using social media as arena for distributing a complex geographical attack called water holding and should the University allow the students to use their facilities to access social media would be prone to unexpected cyber attacks. This is so because the attackers identify and infect a cluster of websites they are of notion that members of targeted
organization will visit.
I think it’s all there. Because temple university’s database has a lot of valuable and essential information, it is a natural target for attack. And students can have their school’s information stolen by receiving phishing emails. So students need to pay attention to personal data protection, and the school should have a corresponding protection system.
Both students and the university represent security vulnerabilities to each other. Temple University has a duty to the university and the students to protect them from any type of IT threat. The university for example has to have the most reliable and up to date network security, internet security and spam blocking technology. Temple represents a large business in the city as any of the major universities and they are likely attacked on a daily basis from outside threats. Temple needs to keep the university and students vulnerabilities protected daily. As for students, students need to be educated on how to protect themselves and the university from being attacked. Example would be phishing emails. As a student, I have already seen multiple emails from “temple university” accounts about potential job opportunities. With being educated on these types of attacks, I not only am able to protect myself but Temple university.
The human factor in IT security is really high and sometimes people within the organization might lead dramatic consequences. As students we are a part of big organization and target. Phishing emails for example targets randomly every user of organization, more students mean more people might become victim and student are less careful to these attacks compare to faculty members and employees. If any incident happens, bad actor can reach other student’s PII and information that would put us vulnerability for rest of the ITACS community as well.
Both, ITACS Students represent an information security vulnerability with Temple University as does Temple to Students. This is due to the fact that Universities are large organizations that are targeted by many cyber attacks a day as they contain valuable information from students and staff within their database that can be extracted if there is not a proper set of security measures. For example, Temple University must have training and policy guidelines for students and staff to prevent any insider malicious attacks that can occur through phishing emails, but on the other end Temple also has to prevent phishing emails getting through the network and into students and staff inboxes by utilizing spam blocking software, and make sure it is up to date with the practice and policy standards within the IS. In conclusion, both parties must do their part on their ends to prevent any breach from occurring,
I agree with your post and appreciate your mention of policy. Clearly defined policies, that users understand, are critical to the success of a security program. To that end, security awareness training may be the most important component of mitigating cyber risk.
ITACS students represent information security vulnerabilities to Temple University as well as each other. Considering that humans are the primary vector for loss, this makes sense. Coupled along with the inconvenience that comes with security, current social media trends that tend to lead to oversharing of information, and the desire to access information from anywhere, ITACS students can and should be considered a security vulnerability. ITACS students may also fall victim to social engineering and phishing attacks, which makes it more important than ever to be aware of the importance of information security and risk management.
Yes, human failure is typically the vector for loss. This is due to the fact that humans can be very mis-caring at times and this could lead to very bad outcomes to potentially breaching the entire system due to an accident.
ITACS students, being the human factor within the overall security chain, can represent information security vulnerabilities to Temple University if we do not practice proper security hygiene. These vulnerabilities can be present in what websites we access while using campus networks, using our Temple email address to sign up for various services. If these services get breached the exposed academic email address can be used to gain unauthorized access to Temple resources.
The potential vulnerability ITACS students represent to our classmates is low but not zero, as we are sharing media devices and granting access to shared drives to complete projects. If we do not utilize proper access controls for media sharing, we can inadvertently expose potentially sensitive information to unauthorized viewers.
I agree with you with class mates being inadvertently a risk. However; I’d also like to suggest that sometimes malicious attackers are people we know. When we are introducing removable media to other individuals that we are working with everyday. I wouldn’t be surprised if students extracted information via social engineering or had malicious intent when working with other group members and their devices. It’s extremely unlikely and we wouldn’t want to think about it; but strangers are unpredictable.
I appreciate this viewpoint, Michael, as it opens the conversation to some points in regard to social engineering. As a student at a university, entering a building and holding the door for friends, or even people we do not know, is rather commonplace, as one would normally expect people wandering about a university campus to belong there. This creates a risk to the university, and to other students, if for example the person tailgating did not actually belong, and was a malicious actor. However, despite policy in place often advising against holding the door for people, it is a common social engineering abuse that people want to help other people.
Kelly, I agree, students should be more aware about the dangers that we can present to each other when using media devices in a public setting such as Temple. Without proper access controls it can be very detrimental not just to students but the whole University. At my workplace, you have to ask and let the security department know ahead of time when plugging in a usb device, this is due to the fact that security for IT department is more secure than other departments because we have so much more access.
ITACS students represent security vulnerabilities to both Temple University and each other. These vulnerabilities may arise from phishing emails, breeches, malware, and other means that capitalize on the technology connections shared by students, faculty, and administrators.
For example, a student may fall victim to a phishing email and unknowingly surrender their login to a bad actor through a credential harvesting site. This actor can then use the student’s account to send additional emails with malicious intent. Anyone in the student’s contacts is a potential victim and this could quickly spread across the university.
Another example is the possibility of vendors employed by Temple University experiencing a breach and exposing sensitive student information, e.g. emails, phone numbers, social security numbers, etc. used with their service. This information could then be used to commit fraud and other illegal activities in the student’s name.
Hey Matthew,
I agree that ITACS students represent vulnerabilities to both Temple University and each other.
I also liked how you included examples of each case – I think it’s super important that students (and Temple University!) are aware of all the potential avenues attackers may take to exploit vulnerabilities in a system.
ITACS students represent information security vulnerabilities to both Temple and each other, but we are not alone. Other members at Temple, be it the student body, faculty or staff, represent the same vulnerabilities. In a security model, no matter how strong, humans will always be the weakest link because we are error-prone. Those of us in the ITACS program, along with the other members at Temple, may become prey to a hacker’s phishing attacks or accidentally install malware which, if connected back to the university’s network could pose a larger issue.
Now in today’s world, security has become more of an inconvenience, even for something as small and simple as two-factor authentication. This goes hand in hand with what Vacca stated in his book Computer and Information Security that the trend is to share data not protect it. As students of Temple University, we can share and receive data as we please from sources inside and outside of the organization, and we do this with little concern about the security risk. We have access to cloud drives, email, and flash drives which is great in terms of global access to data and sharing among classmates, but, a curious mind will take that flash drive or download an attachment as a harmless act and unintentionally introduce malware to their personal computer or the university/organizations system.
Security vulnerabilities caused by human error can’t be prevented, but they can be mitigated with the proper training, provided not only to faculty and staff but the student body as well.
Hi Dhaval thanks for sharing! I liked your insights regarding how ITACS students should be considered vulnerabilities to Temple University. You touched on the fact that we have access to so many great services including cloud drives, email, and flash drives. Access to all of these services certainly brings to light that security requirements are needed and it requires buy in from all temple students. There can be cases where 9 out 10 users on a shared drive quality security posture – but it only takes exploitation of the 1 user who has poor security posture to potentially expose any information that is on the shared drive to unauthorized users.
I would say it goes both ways for ITACS students and Temple University. If for instance a student were to be involved in a phishing attack when they open their Temple email account, this would certainly cause some kind of severe damage to both sides. As an educational institution, Temple has access to students contact information, academic records, etc. It would also be disastrous if a hacker had access to obtain countless student records, or even information from faculty and staff. That is why it is imperative that safety precautions are in place to help protect highly sensitive information from both parties.
I agree with you that ITACS students and Temple University are two-way. Because as a huge educational institution, it contains countless information, not only contact information, but more educational information is also easy to be stolen, and for these, safety precautions are important. The school protects students’ information security, while also maintaining their own safety and development
They represent vulnerabilities to both and to each other.
Students can unknowingly download malware if they click a suspicious link on the internet or via email. This could lead to a breach of their Temple account, or a security breach on a Temple computer (if they were using a Temple device). Students could also potentially be using recycled or insecure passwords, making themselves easy targets.
Classmates have varying amounts of info on their peers. Names, contact information, class schedules, etc. If their device or accounts are compromised, an attacker may gain access to this PII. Classmates can also unknowingly share malicious links or websites with their peers. TAs have access to additional information and pose a bigger risk. They have access to grades, projects, class rosters, etc.
Temple also represents a vulnerability to the student. Temple has a wealth of information on their students – academic records, financial information, social security numbers, contact information, addresses, PHI, emergency contact PII, etc. If Temple experienced a data breach, there could be a significant number of individuals affected – employees, students, alumni, and potentially even people who applied but were not accepted.
I agree with your statements. Humans are going to be the weakest link in any organization including Temple. With the amount of information that is accessible to us as well as the university our chances of getting attacked or inadvertently attacking ourselves (social engineering) drastically increase.
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain your answer.
The answer is Yes ITACS students do represent security vulnerabilities to both the University and each other. Any user of a system (or set of systems) represents a potential vulnerability. The risk that this potential vulnerability represents to the University is managed via policies, procedures, best practices, tools etc. (complex passwords, multi-factor authentication, RBAC, etc).
Likewise, the risk to each other should be managed in how we interact and work together – sharing a USB thumb drive, emailing docs to each other, not sharing passwords etc.
I definitely agree with you on how we interact and work together as sometimes we can have a virus in our devices without knowing it. The school also needs to always come up with new policies, rules, standards and softwares to protect their information security.
I believe ITACS students represent information security vulnerabilities to Temple in both ways. Nowadays everything has become computerized in a sense that made it easily for people like us to use technology to do anything. Having access to some platforms at Temple is great because as a student, it allows you to have all the information and resources you need to learn, do your work and be a good student. However, with the flexibility of having some students taking some online classes make it a little bit difficult for the school to control their information security. We use our own laptops, cell phones, iPads etc.. to log in to the school platform from our own internet or network sometimes unprotected for the school information security. For instance, we click on phishing email links or accessing websites inadvertently that bring virus to our own devices causing some technical difficulties on the school system. Among us, there are some malicious students that are downloading some apps to navigate through the school system to access others private information which causing he school to come up with new security ideas on how to protect those data.
Hi Ornella,
It’s good that you brought up what some students may do to gain unauthorized access to private information. It is very unfortunate for security professionals and/or management to have to constantly bring ideas to the table and try to have a reliable security plan in place that will keep students, or any other unauthorized individual, from gaining access to information that they know is off limits.
ITACS students do provide an inherent security risk to Temple University(TU) and each other. This is because TU is a large university organization and as such is subject to many security risks, both by way of cyber hacks and physical or informational assets. Data is kept in a variety of formats ad thus can be exposed in many ways. Students and faculty are assets as well. Unintentionally they can relay information that may be deemed as needing to be secure. Per our readings in ‘Computer and Information Security’ personnel assets make up roughly 80% of the cases by mishandling and security risk violations of information and data. The size of a well known university such as Temple makes it a high value target for security vulnerabilities.
Temple University can also be at risk for unintentionally releasing student or faculty information via the student portal or faculty sites. Student or faculty information such as address and phone numbers, IDs and email are intended only for school purposes. Security vulnerabilities lie in the way we track such data. This information is kept online for paying staff, tracking students bills and addresses and phone numbers. This security vulnerability poses increase risk for all staff and students information.
Hi Emily,
I too believe that ITACS students represent information security vulnerabilities to each other as well as Temple. With Temple being a university in the midst of a pandemic who are still trying to be as active with their students as possible, this could lead to more opportunities for data breaches due to the higher volume of virtual activity going on. I also liked how the Temple staff was acknowledged as well and not only the students. If a data breach occurs within Temple’s system, the hackers could also gain access to staff payroll information, credit/debit card information, and social security numbers, putting Temple’s employees at just as much risk as their students.
ITACS students are liable to represent an information security vulnerability to Temple University, as well as each other. First I would say this is the case because although we are trying to become experts in this craft, we are still currently on the novice level. With that being said, we are very like to be negligent and not conform to the best practices which will mitigate vulnerabilities.
Some of us know more than others, and still don’t utilize the knowledge. For instance, I passed the CompTIA security+ certification in 2013. Even though I know the importance of security, I don’t even put a password on my iphone. I also use the same passwords for multiple accounts. I am 100% aware that my actions do not align with the objectives I learned for the security+ exam. Honestly speaking, ITACS students, (myself included) are not above negligence… which is a gateway to information / data being compromised in some form or fashion.
ITACS students would represent vulnerabilities to both Temple University and each other. Students represent a risk to Temple University by introducing a variety of threats that are often unintended. ITACS students in particular typically are more technical than the average end-user. However; in contrast they are equipped with a subset of skills that allows them to understand the context of the system which could pose a risk to Temple University if they are unware of exploits. That being said, security policies and configuration management likely in place at Temple results in existing mitigations/predisposing conditions results in a low residual risk.
Students pose a risk to each other by a variety of vulnerabilities. More often than not this is unintentional; for example sharing a thumb-drive or having your temple email hijacked and sending all of your peers faulty links via email. Students can also be bad actors and take advantage by other vantage points such as social engineering (i.e shoulder surfing).
Although the risk is relatively low; malicious actors exist in every environment and should always be taken account for.
Thanks for your thoughtful analysis but the Temple University need to use firewall protection, which is a digitally created barrier that prevent hackers from getting access into the Temple University’s computer system.
ITACS students represent information security vulnerabilities to both each other and Temple University. ITACS students provide a threat to the school itself because we are all signed into the TUPortal network, which grants us access to many different websites and information assets that Temple owns.
ITACS student represent information security vulnerabilities to each other via the vulnerabilities we represent to the university. I would relate this to when an employee of a large company, (say, T-mobile), makes a security mistake that results in millions of customers and coworkers social security numbers and ID information. The TUPortal network is a network just like T-mobiles business network, with valuable data being held in the network and an endpoint being us (students).
Hello Michael, I do agree with that the student represents a vulnerabilities to both each other and Temple University. If the malware (worm) is installed within the users devices then it could spread and be installed within other student devices without any end users interaction. Students could also unknowingly click on the phishing email or visit any website with malware could introduce the malware within the University’s network. Which could also possible allow an attackers an access to the University’s network.
I think that ITACS students represent the information security vulnerabilities of both Temple University. Because where there is information, it is easy to have information security problems, and it is difficult to ensure that the information is not leaked on the network where a large amount of information exists. ITACS student information may also be leaked out by major websites or software, and ITACS student information security also needs to be taken seriously. This means that the degree to which we attach importance to network security also reflects the degree of information security protection provided by Temple University. We need to pay attention to the protection of personal information and campus information, and the school should also have a corresponding protection system.
I agree with you Dan; it is critical that as information security professionals in-training, we put these best practices and ITACS principles into action. It is important for our professionalism, and to keep Temple as secure as possible.
I agree with you, students and schools must pay attention to protecting personal information and preventing information leakage.
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both?
I would say both. Temple University is a huge organization and a target for potential attackers. It houses students sensitive data and a student could a victim of a breach at any giving moment. Students also could represent IS vulnerabilities to each other. Who is to say an ITACS student is not an attacker themselves? Negligence will always be a possibility and with so many students in the mix there are bound to be security incidents. It only gets more risky as depending on the ITACS student, they may have access to security systems that other students do not, and could potentially cause much more damage if they are negligent.
ITACS students represent information security vulnerabilities to both Temple University and each other. As students we have access to many of Temple’s resources. With the computer labs that we have access to as students, we have a direct line to Temple’s systems. Humans are the biggest single source of loss due to negligence. Students may misuse these computer systems by unknowingly connect an infected USB or browse to a malicious site. And with BYOD being an accepted feature of Temple, our personal devices are connecting to these networks, and we are linking our accounts to access data conveniently outside of school.
Any time you share a network with other individuals or share a service like email where you are linked via an address book, you are at a potential risk. An infected device on the same network as you can lead to your own devices being infected. I think the biggest vulnerability would be with email, specifically regarding email compromise and phishing. If one of your fellow classmates had their email compromised and sent out a malicious link, there is a good chance that some other individuals are going to click this link and compromise their accounts. It is important to remember again that humans are the most prevalent security vulnerability, regardless of whether the relationship is Student to University (i.e. Employee to Employer) or Student to Student (i.e. Employee to Employee).
I believe ITACS students should definitely be considered as security vulnerabilities to Temple University as well as to other students. As the reading suggests, threat actors are increasingly setting their targets on individual employees rather than than the organization itself since they are typically investing more money in perimeter defenses. For example, malware is being sent as email attachments, asking recipients to open the attachment. The end user, who in more cases than not is unaware the email is from a threat actor, clicks on the link which subsequently infects the machine.
We live in a world now where we want everything to work as easily and efficiently as possible. This trend has led to security being an afterthought due to it’s complex planning and implementation requirements. While 99.9% of users can take security very seriously, it only takes one person who uses, for example, a weak password to provide unauthorized access to a threat actor to perform malicious activities, which certainly would have an impact on the rest of the students and their personal information in the ITACS program.
Security can only be enforced if and when controls are in place to mitigate and prevent inherent risk. For risk to be contained, Infrastructure (traditional or cloud) must be secured. IT infrastructure encompasses Hardware, Software, the Network (internet) and Meatware (Human beings). The most critical and volatile of the four mentioned are human beings. People implement processes but the truth of the matter is that people are also the processes to control. The best technical controls within an enterprise are useless if controls do not exist to manage the people who configure, implement and use these controls. With regards to the question at hand, the students represent information security vulnerabilities to the school and vice versa. The students have access to the the University data, processes and procedures that could easily be compromised and misused to create data loss, theft and destruction. The school on the other hand extracts and holds student data (PII) that could be compromised without the proper privacy policies, practice, procedures and standards in place to protect same.
ITACS students represent information security vulnerabilities to both Temple University and each other. Before we started this semester, a few scams were sent out to all of Temple University’s faculty and students. How many people do you think clicked on this scam?
With my personal experience, I work as an IT Auditor. Banks do require phishing training to be done. A bank personnel will create a phishing hack and will be able to see how many employees click on it. Those employees who do click on it, are required training. If an employee does not pass the training with over an 80 percent, the training is repetitive until they do reach over that 80 percent.
This is so important to organizations because it can create a security breach. We as students, participate in so much more than classes. We join clubs, interviews, and the network. We and Temple University are at risk.
ITACS students should be considered as information security vulnerabilities to Temple University and to each other. Students can be thought of essentially as third parties. With that under consideration, an organization should constantly be protecting itself as well as any third party endpoints or systems with which it may come in contact. If a student’s machine were to be compromised and then proceed to access Temple University systems, servers, or websites, it could create a new vulnerable entry point between the associated network of Temple University and the other ITACS students.
ITACS students, unfortunately, represent vulnerabilities to the university as well as to each other. Humans create a vast amount of risk to information security–especially through ignoramus. Take the example of a student falling victim to a phishing scheme via email. Someone clicks something they should not click on a device connected to the Temple intranet, potentially losing confidential information (such as login data to Temple O365), which can then be used to contact individuals (i.e employees/professors) with higher system privileges. The spread of malware can then reach a multitude of assets, including fellow students. In this same example, if a hacker successfully breaches the Temple health department, thousands of students’ HIPAA-protected data is released. Hackers can sell this data on the dark web, tarnish Temple’s reputation, and so forth. In summarization, yes, students carry a strong human information security threat to both the welfare of the university, as well as to each other.
ITACS student’s do definitely represent information security vulnerability to both Temple University and to each other due to the fact that they are an integral part of the University. Students play a major role in information security and vulnerability, Intentionally or unintentionally.
Students have many software, and other devices such as smartphones, laptops which provide them resources and give them access to authorized privileges. Students can misuse these devices knowingly or unknowingly that can have a large impact on Temple University Information Security and on themselves.
Not everyone is aware how smartphones are part of the security concern. For example, if a student shares photographs of the University Campus he/she is trying to show what the university campus is like, however a hacker might look at the photographs to acquire information on perhaps the student, staff, campus location, and any other information they might find useful. This in itself is a huge security concern for the university or student.
The university is also part of the vulnerability if it doesn’t have strong security infrastructure or policies. Having a faulty security system can pose a huge security risk allowing hackers to hack into the system and steal information.
Temple university has a huge task of maintaining privacy and the security of the students and everyone in association with the university. Having strong security infrastructure can help mitigate the vulnerabilities that arise from the students and threats from within and outside the university
The ITACS students along with other individuals at the Temple University represents the information security vulnerabilities. As anyone could be a victim of any type of cyber-attack. Any misconfiguration within any of the systems or network (router or switches) could introduce the vulnerability within the organization. Allowing a personal device connecting to the University’s network could introduce the malware to the organizations network if the device has malware installed prior to connecting to the University’s network. If the students are sharing their password with other students or anyone could have get their account compromised by other individuals or could use those credentials to gain unauthorized access to that University’s network. Anyone could also be a victim of phishing email and if anyone would not be able to recognize that it’s a phishing email and clicks on any attachment or link could get the organizations network at risk.
I agree with you wholeheartedly with regard to your fantastic analysis on vulnerabilities attack at the Temple University but you must understand that the University need to have adequate anti-virus software and they must regularly updated their anti-virus software and that they must do that once a week in order to locate and eliminate any malware, spyware, viruses and other problems the students could bring in their bid to access the university websites.
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both?
I believe that ITACS students represent information security vulnerabilities to Temple University as well as each other. As a student, I’ve received multiple phishing emails over my time at Temple. Students have the freedom to accidently download malware through one of these emails via clicking the link within the email. This could result in their Temple account being hacked, or if they’re working from a school computer like one in the Tech Center, this could result in Temple’s entire system being breached. This affects each student as well because Temple has access to very important records of each student. These records include your name, date of birth, address, billing information etc. These records being breached are a great vulnerability.
I agree that ITAC Students represent a security information vulnerabilities to the Temple University because of new technology is being released everyday and it is often came with new gadgets that have some form of internet access that Students could conceal and use them to access the University information with no plan for security measures being implemented to ensure its effectiveness. And this would certainly pose an inherent risk to the University.. The rapid advancement of technology is testament to innovators, but security appears to be lagging severely in that regard. Cybercriminals are using social media as arena for distributing a complex geographical attack called water holding and should the University allow the students to use their facilities to access social media would be prone to unexpected cyber attacks. This is so because the attackers identify and infect a cluster of websites they are of notion that members of targeted
organization will visit.
I think it’s all there. Because temple university’s database has a lot of valuable and essential information, it is a natural target for attack. And students can have their school’s information stolen by receiving phishing emails. So students need to pay attention to personal data protection, and the school should have a corresponding protection system.
Both students and the university represent security vulnerabilities to each other. Temple University has a duty to the university and the students to protect them from any type of IT threat. The university for example has to have the most reliable and up to date network security, internet security and spam blocking technology. Temple represents a large business in the city as any of the major universities and they are likely attacked on a daily basis from outside threats. Temple needs to keep the university and students vulnerabilities protected daily. As for students, students need to be educated on how to protect themselves and the university from being attacked. Example would be phishing emails. As a student, I have already seen multiple emails from “temple university” accounts about potential job opportunities. With being educated on these types of attacks, I not only am able to protect myself but Temple university.
The human factor in IT security is really high and sometimes people within the organization might lead dramatic consequences. As students we are a part of big organization and target. Phishing emails for example targets randomly every user of organization, more students mean more people might become victim and student are less careful to these attacks compare to faculty members and employees. If any incident happens, bad actor can reach other student’s PII and information that would put us vulnerability for rest of the ITACS community as well.