SlideShare une entreprise Scribd logo

ER&L 2023 - Invisible Threat, Cybercrime and the Library.pptx

Télécharger en tant que PPTX, PDF
M
Matthew Ragucci

Recent research suggests that cyberattacks in higher education are on the rise while libraries' competency in addressing cybersecurity is mixed. Join our panel of one publisher, one vendor, and one librarian as we discuss practical strategies and best practices for libraries to better protect themselves from increasing threats of cybercrime.

Technologie
1  sur  30
Tuesday, March 7, 2023 2:45 PM CST Invisible Threat: Cybercrime and the Library David W. Green Library Systems Analyst, State Library of Ohio Don Hamparian Senior Product Manager, OCLC Matthew Ragucci Associate Director of Product Marketing, Wiley Stacey Best-Ruel Director of Marketing, Springer Nature https://unsplash.com/photos/MQlVnTc4OBg
Stacey Best-Ruel Introductions & Agenda Director of Marketing, Key Accounts, Americas
Wiley Green External 2021-10.potx 3 ◊ Introductions ◊ OCLC perspective ◊ Library perspective ◊ Publisher perspective ◊ Questions Agenda https://unsplash.com/photos/ocJPz_-RA9w
Wiley Green External 2021-10.potx 4 Cybercrime Bresnick, Peggy. ”4 Reasons Cyber Criminals Are Targeting Higher Education” Fierce Education. March 8, 2021. https://www.fierceeducation.com/best-practices/4-reasons-cyber-criminals-are-targeting-higher-education-part-1 D’Agostino, Susan.”Ransomware Attacks Against Higher Education” Inside Higher Ed. July 22, 2022. https://www.insidehighered.com/news/2022/07/22/ransomware-attacks-against-higher-ed-increase. U.S. Department of Health and Human Services Office for Civil rights. “Cases Currently Under Investigation” Continuous update. Accessed on February 21, 2023 Known Higher Ed and Library Cyber Attacks Population Higher Education has a huge base of users, more opportunity for phishing emails Data Higher Ed institutions hold a huge amount of data on both current and past students, faculty, and vendors. Getting in equals a gold mine. Espionage Research conducted at Higher Ed Institutions is immensely valuable, especially medical and engineering research. Easy targets Crippling a college or university with potentially thousands of users pressures the institutions into fast, expensive solutions. It’s estimated that 75% of Higher Ed cyber attacks succeed. Why hackers target colleges and universities? * Paid $1.14 million *
Don Hamparian OCLC Perspectives on Cybersecurity Senior Product Manager
Why library cybersecurity matters Remote access to services Library technical infrastructure Information and digital literacy Privacy
Libraries as security advocates Libraries have the Relationships to Protect: ✔ Patron privacy ✔ Institution assets and reputation ✔ Publisher assets
Personal email accounts Personal financial information University research Department budgets Confidential information about personnel Licensed e-content What stolen credentials can access Social Media
Mitigate these risks and protect patrons Password policies & multifactor Systems management & IT relationship EZproxy & Server Configuration IT and vendor policies Security education
Attack vectors – EZproxy and other e-content access services EZproxy is popular making it an attack target; hosting provides additional protections Password guessing and stealing happen around malicious usage of valid accounts via smishing/ phishing Configuration attacks - Review Configuration, Logs, Intrusion Alerts, Security Rules Denial of service – Having a hardened network layer provides additional protections
Four EZproxy Configuration Tips Intrusion API Log or deny logins potentially malicious IP addresses Security Rules Real-time detection and notification of security events Pseudonymous Identifier Reduce IP blocks by publishers ; find compromised user credentials Login Intrusion Detection (User and IP) Log and Enforce intrusion detection and apply evasion periods
Pseudonymous Identifier Feedback Loop ● Publisher detects unauthorized user with ID​ ● Publisher contacts library and shares ID​ ● Library uses ID to identify compromised credentials​ ● Library implements security protocols​
David W. Green Library perspective Library Systems Analyst
Wiley Green External 2021-10.potx 14 Shared Responsibility Collaboration is Key • Not an IT problem • Attacks not unique to IT • …or to Fortune 500 companies • We’re vulnerable Worst thing to do is do nothing
Wiley Green External 2021-10.potx 15 Engagement Connections • Seek conference and workshop opportunities • EDUCAUSE • SNSI Upcoming Events What we’re doing • OPLIN, SEO, OhioLINK • Online webinars • Cybersecurity Conference
Wiley Green External 2021-10.potx 16 Awareness Campaign for Information Security • Consider patrons, faculty, yourself • Connect with IT for potential collaboration What we’re doing • Open Office Hours • Cybersecurity Awareness Month • Weekly Cyber Security Briefs • CISA
Wiley Green External 2021-10.potx 17 Mature Security Practices Authentication • Modern authentication • SAML / OpenID Connect What we’re doing • EZproxy • OHID (State of Ohio’s SSO) • Moving away from barcodes (TODO)
Wiley Green External 2021-10.potx 18 Mature Security Practices Passwords • Password managers • Complex • Unique What we’re doing • No more Post-It Notes! • Password Manager for all staff • Multi-Factor Authentication app
Wiley Green External 2021-10.potx 19 Mature Security Practices
Wiley Green External 2021-10.potx 20 Mature Security Practices Other things • Security Hygiene • SSL everywhere • Backup (and restore!) • Electronic resources • PaaS/SaaS What we’re doing • Let’s Encrypt • haveibeenpwned • “Tested” our backup… • Static websites
Wiley Green External 2021-10.potx 21 Have a Plan Incident Response… Cyber Attack… Business Continuity… Cybersecurity… Communications…
Matthew Ragucci Associate Director, B2B Product Marketing Publisher Perspectives on Cybersecurity
Wiley Green External 2021-10.potx 23 Content Protection & Privacy Security is a multi-stakeholder concern • Striking a balance • We can have both privacy and protection Abuse monitoring systems • Robust and effective • Protects content and institutions Obligations to protect user & institutional data Regulation compliance https://unsplash.com/photos/YccQtENMuXw
Wiley Green External 2021-10.potx 24 Institutional Scenarios Compromised credentials Disruptive IP blocks False/inflated usage data in COUNTER reports Ransomware attacks Going offline and diminished usage https://unsplash.com/photos/icrhAD-qidc
Wiley Green External 2021-10.potx 25 Protect user privacy and against disruption: ✔ EZproxy Pseudonymous Identifier SAML-based authentication: ✔ Federations ✔ Shibboleth ✔ OpenAthens Cross-industry, friction reduction initiatives: ✔ GetFTR ✔ Seamless Access ✔ Content Syndication Potential Solutions https://unsplash.com/photos/TQ3JV9ECgLM
Wiley Green External 2021-10.potx 26 About the Scholarly Networks Security Initiative ▪ The Scholarly Networks Security Initiative (SNSI) brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data. ▪ Members include large and small publishers, learned societies and university presses, libraries and others involved in scholarly communications. ACADEMIC IT SECURITY LIBRARY RESEARCH PUBLISHING
Wiley Green External 2021-10.potx 27 SNSI tips for academic librarians on building strong information security defenses at your institution
https://tinyurl.com/SNSITips
Questions? Ask the panelists https://unsplash.com/photos/YndHL7gQIJE
https://unsplash.com/photos/2DH-qMX6M4E Thank You!

Recommandé

Is Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson HelferIs Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson Helfer
MAX Technical Training
 
Application Security-Understanding The Horizon
Application Security-Understanding The HorizonApplication Security-Understanding The Horizon
Application Security-Understanding The Horizon
Lalit Kale
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
Tomppa Järvinen
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
Managing IT Risk and Assessing Vulnerability
Managing IT Risk and Assessing VulnerabilityManaging IT Risk and Assessing Vulnerability
Managing IT Risk and Assessing Vulnerability
AIS Network
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
Risk Crew
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick
 

Recommandé

Is Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson HelferIs Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson Helfer
MAX Technical Training
 
Application Security-Understanding The Horizon
Application Security-Understanding The HorizonApplication Security-Understanding The Horizon
Application Security-Understanding The Horizon
Lalit Kale
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
Tomppa Järvinen
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
Managing IT Risk and Assessing Vulnerability
Managing IT Risk and Assessing VulnerabilityManaging IT Risk and Assessing Vulnerability
Managing IT Risk and Assessing Vulnerability
AIS Network
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
Risk Crew
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
Ernest Staats
 
SGCI OAC webinar 4 18-19
SGCI OAC webinar 4 18-19SGCI OAC webinar 4 18-19
SGCI OAC webinar 4 18-19
Nancy Wilkins-Diehr
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risks
Liming Zhu
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
Splunk
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
Aggregage
 
Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summit
administrator_confidis
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security Overview
Noah Jaehnert
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
Kim Jensen
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
Florence Hudson
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android Apps
Symosis Security (Previously C-Level Security)
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
Infosec train
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
priyanshamadhwal2
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
Infosec train
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
priyanshamadhwal2
 
Security+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfSecurity+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdf
infosecTrain
 
CompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseCompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training Course
InfosecTrain Education
 
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docxAssignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
rock73
 
Exploring New Methods for Protecting and Distributing Confidential Research ...
Exploring New Methods for Protecting and Distributing Confidential Research ...Exploring New Methods for Protecting and Distributing Confidential Research ...
Exploring New Methods for Protecting and Distributing Confidential Research ...
Bryan Beecher
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Innovators
 
NISO Plus 2023 - Publisher Perspectives on Metadata Quality and Completeness....
NISO Plus 2023 - Publisher Perspectives on Metadata Quality and Completeness....NISO Plus 2023 - Publisher Perspectives on Metadata Quality and Completeness....
NISO Plus 2023 - Publisher Perspectives on Metadata Quality and Completeness....
Matthew Ragucci
 
Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
Matthew Ragucci
 

Contenu connexe

Similaire à ER&L 2023 - Invisible Threat, Cybercrime and the Library.pptx

Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summit
administrator_confidis
 
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docxAssignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
rock73
 

Similaire à ER&L 2023 - Invisible Threat, Cybercrime and the Library.pptx (20)

Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
SGCI OAC webinar 4 18-19
SGCI OAC webinar 4 18-19SGCI OAC webinar 4 18-19
SGCI OAC webinar 4 18-19
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risks
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
 
Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summit
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security Overview
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android Apps
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
 
CompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdfCompTIA_Security_plus_SY0-701_course_content.pdf
CompTIA_Security_plus_SY0-701_course_content.pdf
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
Security+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfSecurity+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdf
 
CompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training CourseCompTIA Security+ (Plus) Certification Training Course
CompTIA Security+ (Plus) Certification Training Course
 
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docxAssignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
Assignment 2Reflecting on Your Writing Paraphrasing and Academi.docx
 
Exploring New Methods for Protecting and Distributing Confidential Research ...
Exploring New Methods for Protecting and Distributing Confidential Research ...Exploring New Methods for Protecting and Distributing Confidential Research ...
Exploring New Methods for Protecting and Distributing Confidential Research ...
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015
 

Plus de Matthew Ragucci

Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
Matthew Ragucci
 
NASIG 2022 - Common Ground
NASIG 2022 - Common GroundNASIG 2022 - Common Ground
NASIG 2022 - Common Ground
Matthew Ragucci
 
NASIG 2021 Don't wait automate! Industry perspectives on KBART automation
NASIG 2021 Don't wait automate! Industry perspectives on KBART automationNASIG 2021 Don't wait automate! Industry perspectives on KBART automation
NASIG 2021 Don't wait automate! Industry perspectives on KBART automation
Matthew Ragucci
 
AMIGOS 2021 - Oh the Places You'll Go: Improving the Content Platform Migrati...
AMIGOS 2021 - Oh the Places You'll Go: Improving the Content Platform Migrati...AMIGOS 2021 - Oh the Places You'll Go: Improving the Content Platform Migrati...
AMIGOS 2021 - Oh the Places You'll Go: Improving the Content Platform Migrati...
Matthew Ragucci
 
CIL 2020 - Bringing Collections to the Screen
CIL 2020 - Bringing Collections to the ScreenCIL 2020 - Bringing Collections to the Screen
CIL 2020 - Bringing Collections to the Screen
Matthew Ragucci
 
NASIG 2020 - Walk this way
NASIG 2020 - Walk this wayNASIG 2020 - Walk this way
NASIG 2020 - Walk this way
Matthew Ragucci
 
ER&L 2017 - Evidence based acquisition: a real life account of managing the p...
ER&L 2017 - Evidence based acquisition: a real life account of managing the p...ER&L 2017 - Evidence based acquisition: a real life account of managing the p...
ER&L 2017 - Evidence based acquisition: a real life account of managing the p...
Matthew Ragucci
 

Plus de Matthew Ragucci (18)

NISO Plus 2023 - Publisher Perspectives on Metadata Quality and Completeness....
NISO Plus 2023 - Publisher Perspectives on Metadata Quality and Completeness....NISO Plus 2023 - Publisher Perspectives on Metadata Quality and Completeness....
NISO Plus 2023 - Publisher Perspectives on Metadata Quality and Completeness....
 
Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
Charleston 2022 - Cybersecurity 101 - What Every Librarian Needs to Know abou...
 
NASIG 2022 - Common Ground
NASIG 2022 - Common GroundNASIG 2022 - Common Ground
NASIG 2022 - Common Ground
 
NISO Plus 2022 - Content Platform Migrations Working Group Update
NISO Plus 2022 - Content Platform Migrations Working Group UpdateNISO Plus 2022 - Content Platform Migrations Working Group Update
NISO Plus 2022 - Content Platform Migrations Working Group Update
 
ER&L 2022 - Set It and Forget It: Librarian, Publisher, and Vendor Perspectiv...
ER&L 2022 - Set It and Forget It: Librarian, Publisher, and Vendor Perspectiv...ER&L 2022 - Set It and Forget It: Librarian, Publisher, and Vendor Perspectiv...
ER&L 2022 - Set It and Forget It: Librarian, Publisher, and Vendor Perspectiv...
 
Charleston 2021 - Hit the ground running - Best practices for navigating cont...
Charleston 2021 - Hit the ground running - Best practices for navigating cont...Charleston 2021 - Hit the ground running - Best practices for navigating cont...
Charleston 2021 - Hit the ground running - Best practices for navigating cont...
 
NASIG 2021 Don't wait automate! Industry perspectives on KBART automation
NASIG 2021 Don't wait automate! Industry perspectives on KBART automationNASIG 2021 Don't wait automate! Industry perspectives on KBART automation
NASIG 2021 Don't wait automate! Industry perspectives on KBART automation
 
AMIGOS 2021 - Oh the Places You'll Go: Improving the Content Platform Migrati...
AMIGOS 2021 - Oh the Places You'll Go: Improving the Content Platform Migrati...AMIGOS 2021 - Oh the Places You'll Go: Improving the Content Platform Migrati...
AMIGOS 2021 - Oh the Places You'll Go: Improving the Content Platform Migrati...
 
CIL 2020 - Bringing Collections to the Screen
CIL 2020 - Bringing Collections to the ScreenCIL 2020 - Bringing Collections to the Screen
CIL 2020 - Bringing Collections to the Screen
 
ER&L 2020 - When the grass is greener
ER&L 2020 - When the grass is greenerER&L 2020 - When the grass is greener
ER&L 2020 - When the grass is greener
 
NASIG 2020 - Walk this way
NASIG 2020 - Walk this wayNASIG 2020 - Walk this way
NASIG 2020 - Walk this way
 
CONRICYT 2020 - Charla para bibliotecarios: Referenica virtual como servicio ...
CONRICYT 2020 - Charla para bibliotecarios: Referenica virtual como servicio ...CONRICYT 2020 - Charla para bibliotecarios: Referenica virtual como servicio ...
CONRICYT 2020 - Charla para bibliotecarios: Referenica virtual como servicio ...
 
SANLIC 2019 - 99 Knowledgebase problems: a KBART crash course
SANLIC 2019 - 99 Knowledgebase problems: a KBART crash courseSANLIC 2019 - 99 Knowledgebase problems: a KBART crash course
SANLIC 2019 - 99 Knowledgebase problems: a KBART crash course
 
SANLIC 2019 - Dressing your library for success: the Importance of electronic...
SANLIC 2019 - Dressing your library for success: the Importance of electronic...SANLIC 2019 - Dressing your library for success: the Importance of electronic...
SANLIC 2019 - Dressing your library for success: the Importance of electronic...
 
ER&L 2019 - Forming a More Perfect Knowledgebase: A Tale of Publisher, Vendor...
ER&L 2019 - Forming a More Perfect Knowledgebase: A Tale of Publisher, Vendor...ER&L 2019 - Forming a More Perfect Knowledgebase: A Tale of Publisher, Vendor...
ER&L 2019 - Forming a More Perfect Knowledgebase: A Tale of Publisher, Vendor...
 
PSP 2018 - The Changing discovery landscape: Tools and services from wiley
PSP 2018 - The Changing discovery landscape: Tools and services from wileyPSP 2018 - The Changing discovery landscape: Tools and services from wiley
PSP 2018 - The Changing discovery landscape: Tools and services from wiley
 
CONRICYT 2018 - Formacion de formadores (para bibliotecarios y referencista d...
CONRICYT 2018 - Formacion de formadores (para bibliotecarios y referencista d...CONRICYT 2018 - Formacion de formadores (para bibliotecarios y referencista d...
CONRICYT 2018 - Formacion de formadores (para bibliotecarios y referencista d...
 
ER&L 2017 - Evidence based acquisition: a real life account of managing the p...
ER&L 2017 - Evidence based acquisition: a real life account of managing the p...ER&L 2017 - Evidence based acquisition: a real life account of managing the p...
ER&L 2017 - Evidence based acquisition: a real life account of managing the p...
 

Dernier

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

ER&L 2023 - Invisible Threat, Cybercrime and the Library.pptx

  • 1. Tuesday, March 7, 2023 2:45 PM CST Invisible Threat: Cybercrime and the Library David W. Green Library Systems Analyst, State Library of Ohio Don Hamparian Senior Product Manager, OCLC Matthew Ragucci Associate Director of Product Marketing, Wiley Stacey Best-Ruel Director of Marketing, Springer Nature https://unsplash.com/photos/MQlVnTc4OBg
  • 2. Stacey Best-Ruel Introductions & Agenda Director of Marketing, Key Accounts, Americas
  • 3. Wiley Green External 2021-10.potx 3 ◊ Introductions ◊ OCLC perspective ◊ Library perspective ◊ Publisher perspective ◊ Questions Agenda https://unsplash.com/photos/ocJPz_-RA9w
  • 4. Wiley Green External 2021-10.potx 4 Cybercrime Bresnick, Peggy. ”4 Reasons Cyber Criminals Are Targeting Higher Education” Fierce Education. March 8, 2021. https://www.fierceeducation.com/best-practices/4-reasons-cyber-criminals-are-targeting-higher-education-part-1 D’Agostino, Susan.”Ransomware Attacks Against Higher Education” Inside Higher Ed. July 22, 2022. https://www.insidehighered.com/news/2022/07/22/ransomware-attacks-against-higher-ed-increase. U.S. Department of Health and Human Services Office for Civil rights. “Cases Currently Under Investigation” Continuous update. Accessed on February 21, 2023 Known Higher Ed and Library Cyber Attacks Population Higher Education has a huge base of users, more opportunity for phishing emails Data Higher Ed institutions hold a huge amount of data on both current and past students, faculty, and vendors. Getting in equals a gold mine. Espionage Research conducted at Higher Ed Institutions is immensely valuable, especially medical and engineering research. Easy targets Crippling a college or university with potentially thousands of users pressures the institutions into fast, expensive solutions. It’s estimated that 75% of Higher Ed cyber attacks succeed. Why hackers target colleges and universities? * Paid $1.14 million *
  • 5. Don Hamparian OCLC Perspectives on Cybersecurity Senior Product Manager
  • 6. Why library cybersecurity matters Remote access to services Library technical infrastructure Information and digital literacy Privacy
  • 7. Libraries as security advocates Libraries have the Relationships to Protect: ✔ Patron privacy ✔ Institution assets and reputation ✔ Publisher assets
  • 9. Mitigate these risks and protect patrons Password policies & multifactor Systems management & IT relationship EZproxy & Server Configuration IT and vendor policies Security education
  • 10. Attack vectors – EZproxy and other e-content access services EZproxy is popular making it an attack target; hosting provides additional protections Password guessing and stealing happen around malicious usage of valid accounts via smishing/ phishing Configuration attacks - Review Configuration, Logs, Intrusion Alerts, Security Rules Denial of service – Having a hardened network layer provides additional protections
  • 11. Four EZproxy Configuration Tips Intrusion API Log or deny logins potentially malicious IP addresses Security Rules Real-time detection and notification of security events Pseudonymous Identifier Reduce IP blocks by publishers ; find compromised user credentials Login Intrusion Detection (User and IP) Log and Enforce intrusion detection and apply evasion periods
  • 12. Pseudonymous Identifier Feedback Loop ● Publisher detects unauthorized user with ID​ ● Publisher contacts library and shares ID​ ● Library uses ID to identify compromised credentials​ ● Library implements security protocols​
  • 13. David W. Green Library perspective Library Systems Analyst
  • 14. Wiley Green External 2021-10.potx 14 Shared Responsibility Collaboration is Key • Not an IT problem • Attacks not unique to IT • …or to Fortune 500 companies • We’re vulnerable Worst thing to do is do nothing
  • 15. Wiley Green External 2021-10.potx 15 Engagement Connections • Seek conference and workshop opportunities • EDUCAUSE • SNSI Upcoming Events What we’re doing • OPLIN, SEO, OhioLINK • Online webinars • Cybersecurity Conference
  • 16. Wiley Green External 2021-10.potx 16 Awareness Campaign for Information Security • Consider patrons, faculty, yourself • Connect with IT for potential collaboration What we’re doing • Open Office Hours • Cybersecurity Awareness Month • Weekly Cyber Security Briefs • CISA
  • 17. Wiley Green External 2021-10.potx 17 Mature Security Practices Authentication • Modern authentication • SAML / OpenID Connect What we’re doing • EZproxy • OHID (State of Ohio’s SSO) • Moving away from barcodes (TODO)
  • 18. Wiley Green External 2021-10.potx 18 Mature Security Practices Passwords • Password managers • Complex • Unique What we’re doing • No more Post-It Notes! • Password Manager for all staff • Multi-Factor Authentication app
  • 19. Wiley Green External 2021-10.potx 19 Mature Security Practices
  • 20. Wiley Green External 2021-10.potx 20 Mature Security Practices Other things • Security Hygiene • SSL everywhere • Backup (and restore!) • Electronic resources • PaaS/SaaS What we’re doing • Let’s Encrypt • haveibeenpwned • “Tested” our backup… • Static websites
  • 21. Wiley Green External 2021-10.potx 21 Have a Plan Incident Response… Cyber Attack… Business Continuity… Cybersecurity… Communications…
  • 22. Matthew Ragucci Associate Director, B2B Product Marketing Publisher Perspectives on Cybersecurity
  • 23. Wiley Green External 2021-10.potx 23 Content Protection & Privacy Security is a multi-stakeholder concern • Striking a balance • We can have both privacy and protection Abuse monitoring systems • Robust and effective • Protects content and institutions Obligations to protect user & institutional data Regulation compliance https://unsplash.com/photos/YccQtENMuXw
  • 24. Wiley Green External 2021-10.potx 24 Institutional Scenarios Compromised credentials Disruptive IP blocks False/inflated usage data in COUNTER reports Ransomware attacks Going offline and diminished usage https://unsplash.com/photos/icrhAD-qidc
  • 25. Wiley Green External 2021-10.potx 25 Protect user privacy and against disruption: ✔ EZproxy Pseudonymous Identifier SAML-based authentication: ✔ Federations ✔ Shibboleth ✔ OpenAthens Cross-industry, friction reduction initiatives: ✔ GetFTR ✔ Seamless Access ✔ Content Syndication Potential Solutions https://unsplash.com/photos/TQ3JV9ECgLM
  • 26. Wiley Green External 2021-10.potx 26 About the Scholarly Networks Security Initiative ▪ The Scholarly Networks Security Initiative (SNSI) brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data. ▪ Members include large and small publishers, learned societies and university presses, libraries and others involved in scholarly communications. ACADEMIC IT SECURITY LIBRARY RESEARCH PUBLISHING
  • 27. Wiley Green External 2021-10.potx 27 SNSI tips for academic librarians on building strong information security defenses at your institution