[7650] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, June 3, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jun 3 17:33:57 2013
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 3 Jun 2013 21:31:59 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F2F2ABABF@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1944826343=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1944826343==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2ABABFOC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2ABABFOC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. June is Internet Safety Month
2. Why Prevention is Better Than Protection
-------------------------------------------
1. June is Internet Safety Month
-------------------------------------------
June is national Internet Safety Month, thanks to the work of the National =
Cyber Security Alliance (NCSA), a non-profit public-private partnership foc=
used on cybersecurity awareness and education for digital citizens. The mon=
th is used to raise awareness about cyber issues to help us all navigate th=
e Internet safely and responsibly.
The best place to start as an adult is to take a few moments to teach a you=
ng person about better online safety so that they use good judgment and beh=
avior all year long.
NCSA released research in November 2011 that found that less than half of t=
he population (46%) reports that it feels safe from viruses, malware and ha=
ckers while roughly half (48%) of parents are not completely confident thei=
r kids can use the Internet safely. Both youth and adults alike can benefit=
from better Internet safety practices and should become more aware of pote=
ntial threats.
The advice of the NCSA is to "Stop. Think. Connect." Stop to take time to u=
nderstand the risks and how to spot potential problems. Think about how you=
r actions online could impact your safety or that of your family. Connect k=
nowing you've taken the right steps to safeguard yourself, your family and =
your computer.
Learn more at StaySafeOnline.org<http://www.staysafeonline.org/>.
----------------------------------------------------------
2. Why Prevention is Better Than Protection
----------------------------------------------------------
An analysis of the cost of a breach that occurred at Idaho State University=
(ISU) shows that this one incident will cost the university four times as =
much (about $1M over two years) as the university would have normally spent=
on IT security in the same amount of time.
The cost of avoiding the incident (prevention), which was blamed on a chang=
e in firewall policies that exposed servers, would have cost the university=
only $75,000, that is 7.5% of the cost of the incident. This preventative =
cost includes critical security control (secure configurations for firewall=
s, routers and switches), continuous vulnerability assessment and remediati=
on, and maintenance, monitoring and analysis of audit logs.
The bottom line: spending $75,000 would have avoided the $1 million price t=
ag of the breach. Read the full story online<http://www.sans.org/security-t=
rends/2013/05/30/analyzing-the-cost-of-a-hipaa-related-breach-through-the-l=
ens-of-the-critical-security-controls>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2ABABFOC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <10C42CF8EA704F4B9274E17EEE22F38D@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; ">In this issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. June is Internet Safe=
ty Month</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Why Prevention is Bet=
ter Than Protection</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. June is Internet Safe=
ty Month</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">June is national Interne=
t Safety Month, thanks to the work of the National Cyber Security Alliance =
(NCSA), a non-profit public-private partnership focused on cybersecurity aw=
areness and education for digital
citizens. The month is used to raise awareness about cyber issues to help =
us all navigate the Internet safely and responsibly. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The best place to start =
as an adult is to take a few moments to teach a young person about better o=
nline safety so that they use good judgment and behavior all year long.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">NCSA released research i=
n November 2011 that found that less than half of the population (46%) repo=
rts that it feels safe from viruses, malware and hackers while roughly half=
(48%) of parents are not completely
confident their kids can use the Internet safely. Both youth and adults al=
ike can benefit from better Internet safety practices and should become mor=
e aware of potential threats.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The advice of the NCSA i=
s to "Stop. Think. Connect." Stop to take time to understand the =
risks and how to spot potential problems. Think about how your actions onli=
ne could impact your safety or that of your
family. Connect knowing you've taken the right steps to safeguard yourself=
, your family and your computer.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Learn more at <a href=3D=
"http://www.staysafeonline.org/">
StaySafeOnline.org</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Why Prevention is Bet=
ter Than Protection</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">An analysis of the cost =
of a breach that occurred at Idaho State University (ISU) shows that this o=
ne incident will cost the university four times as much (about $1M over two=
years) as the university would have
normally spent on IT security in the same amount of time. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The cost of avoiding the=
incident (prevention), which was blamed on a change in firewall policies t=
hat exposed servers, would have cost the university only $75,000, that is 7=
.5% of the cost of the incident. This
preventative cost includes critical security control (secure configuration=
s for firewalls, routers and switches), continuous vulnerability assessment=
and remediation, and maintenance, monitoring and analysis of audit logs.</=
p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The bottom line: spendin=
g $75,000 would have avoided the $1 million price tag of the breach.
<a href=3D"http://www.sans.org/security-trends/2013/05/30/analyzing-the-cos=
t-of-a-hipaa-related-breach-through-the-lens-of-the-critical-security-contr=
ols">
Read the full story online</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Read all Se=
curity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2ABABFOC11EXPO24excha_--
--===============1944826343==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1944826343==--
