Question 1 August 4, 2022 by William Bailey 11 Comments Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain your answer.
Jill Brummer says
ITACS students represent information security vulnerabilities to both Temple University and each other. While using Temple technology on campus, while using the Temple network, students could visit questionable websites, download unsafe software, respond to phishing emails, and if used, be careless with portable drives (i.e. USB drives). These vulnerabilities could give bad actors access to PII, including student social security numbers, addresses, phone numbers, bank account information, etc.
They could also pose a threat to each other by being careless with other students’ information. For example, exchanging contact information (phone number, email, address) for a group project, if not kept in a safe, secure location could pose a vulnerability. Another vulnerability with students could be unknowingly sharing or forwarding phishing emails.
David Vanaman says
Anyone that has access to your system and interacts with your data is potentially a security vulnerability. So yes, students present a potential vulnerability to both Temple and each other. How much of a risk those potential vulnerabilities represent is proportional to the amount and type of access and data they have. For example, another ITACS student that is working on a collaborative project with me will have the access to and potential to modify, delete, or outright steal any of our shared files.
Nicholas Foster says
The direct definition of vulnerability is “the quality or state of being exposed to the possibility of being attacked or harmed”. In the more detailed case of Information security, I believe ITACS students most definitely represent information security vulnerabilities to Temple. Temple is the custodian of the student’s data. By having student’s information such as financial data, address, phone numbers, and additional pieces of PII, this makes Temple an ideal target. Thus, being a student of Temple increases Temple’s information security vulnerability by exposing them “to the possibility of being attacked or harmed”. However, I do not believe ITACS students represent infosec vulnerabilities to each other, at least not inherently. No one student has privileged access to other students financial or PII data. That is not to say that information between students can’t be shared and then said information is shared on a public forum regardless of intent creating an infosec vulnerability. For example, if a student notes that their parent is a very influential person such as a celebrity, political power or fortune 50 CEO and later that day a fellow student goes to Reddit to share they’re in the same class with the child of one of said influential people. This can now create an infosec vulnerability as that student is now a high-profile target for those who may dislike the influential person. Data of this student may now be targeted for leverage over the influential person as blackmail. However, I believe just being a fellow student does not inherently “bring exposure to the possibility of being attacked or harmed”. Whereas myself as a student having PII and financial data on Temple’s sites does make me an infosec vulnerability.
Kenneth Saltisky says
ITACS students represent information security vulnerabilities to both Temple University and each other. Temple is a large university that contains the personal information of both faculty and students and needs to have security in place to prevent not only external threats but also internal threats to this information. In understanding how ITACS students are security vulnerabilities to Temple, examine the issue surrounding account compromise due to phishing or some other hack on an individual student. If a student’s account is compromised, Temple needs to deal with the potential effects of a compromised account including the potential exposure of sensitive information. In terms of how students are vulnerable to each other, a compromised account can result in a similar outcome by perpetuating phishing attempts or other malware to other accounts. As such, Temple must also ensure as much security as possible to reduce the potential threats that ITACS students can have on Temple by ensuring security policies are up-to-date and configuring anti-phishing and anti-spam policies within emails.
Nik Fuchs says
Both. ITACS students, like all Temple students and faculty, are users of Temple’s network and university tools such as Canvas and TUPay. End users of any network or system are a security vulnerability because they could ignore security protocols and leave the door open for others to steal or change sensitive information. Therefore, ITACS students could cause an intrusion by simply forgetting to logout on a library computer or sharing their campus wi-fi credentials with a stranger.
Additionally, as ITACS students gain more knowledge about cyber intrusion and develop key technical skills related to cyber security, we will be interacting more throughout the program and learning more about each other. This could provide a malicious student the opportunity to apply that information to gain access to another student’s account.
Shepherd Shenjere says
We are currently living in a world that is data driven and mostly stored online through traditional platforms, servers, and cloud platforms. I honestly believe that ITACS students represent information security vulnerabilities to both Temple University and each other for several reasons. Temple University is a huge organization which makes it a target for the attackers since it holds a huge sensitive amount of data for students like PII (Personally Identifiable Information), Intellectual property, emails and contact data. Social engineering techniques like phishing and vishing are the most common tactics that the attackers may use to lure anyone within Temple University’s network or any other organization. Any slight mistake whether its intentional/unintentional will affect both the students and the University. So, it is very crucial for the University to provide Cybersecurity Training Awareness to ensure that everyone with access to the University network.
Christa Giordano says
ITACS students represent information security vulnerabilities to each other and to the university. Human error is the cause of many unintended breaches or attacks. For example, phishing attacks happen on almost a daily occurrence. An individual may unknowingly or carelessly click on a link which could corrupt applications and servers within the university as well as other students in that person’s contact list. Another example of human error or carelessness is not safeguarding user names and passwords, either by not logging out of a community computer or leaving it written down could enable the information to fall into the wrong hands which could lead to an attack or breach.
Samuel Omotosho says
I would say it goes both ways for ITACS students and Temple University. If for instance a student were to be involved in a phishing attack when they open their Temple email account, this would certainly cause some kind of severe damage to both sides. As an educational institution, Temple has access to students contact information, academic records, etc. It would also be disastrous if a hacker had access to obtain countless student records, or even information from faculty and staff. That is why it is imperative that safety precautions are in place to help protect highly sensitive information from both parties.
Matthew Stasiak says
Temple University ITACS students most definitely represent security vulnerabilities to each other and to Temple as a whole. I work in the second-floor computer lab in the TECH Center and my responsibility is to image the iOS devices that are available to use for students. We have numerous safety measures in place to ensure that students can’t download malicious software or files, along with the network firewall, but there is always something new that can peek its way through. I also notice a lot of students in the lab leave some of their devices unattended and unlocked when taking a walk to the bathroom or water fountain so who knows what could happen when they’re gone and leave their electronics unattended. Temple University even had an internal audit review and deemed that “based on the results of the penetration test, there were no critical and high-risk findings”. But who knows what students of ITACS could be doing to individuals’ devices compared to Temple’s devices.
Maxwell ODonnell says
Temple ITACS students represent huge security threats to themselves as well as the University itself; the human element is often the weakest link in any given system. Students, faculty, and guests to the University all provide liability when it comes to the security of our network and data. Students may unintentionally reveal private information online, become victims of phishing attacks, or inadvertently download malicious programs onto their personal or school computers. Faculty, depending on the department, may have administrative access or security credentials that make them more appealing targets for online attackers looking for a way into the privileged system. The more people that have access to a system the more susceptible it is to attacks, and Temple University, with its 40,000 students, is no exception.
Abayomi Aiyedebinu says
Temple ITACS students represent huge security threats and vulnerabilities to themselves as well as the University as a whole. Firstly, the major vector form transmission of virus and malware is people. Students inclusive one can imagine the amount of information transfer and overload that occurs through exchanges of emails, documents and files intra and inter campus. The fact that we communicate and send information securely or insecurely represents and inherent vulnerability and this in turns becomes a threat if this information has been tampered with either in transit, before sending or at rest. In addition to that there are several input and output devices that are used on campus without thorough system in place to check this device for viruses and malware they could create an access to opportunistic vulnerability that can be taken advantage of by hackers.