SlideShare a Scribd company logo

Carver IT Security for Librarians

National Information Standards Organization (NISO)
National Information Standards Organization (NISO)

This presentation was provided by Blake Carver of Lyrasis during the NISO webinar, DIgital Security: Protecting Library Resources against Piracy, held on November 16, 2016.

Education
1 of 64
Download to read offline
IT Security For Librarians: Outrunning The Bear @ Your Library Blake Carver – blake.carver@lyrasis.org LYRASIS Systems Administrator
Attackers are economically rational – they take scarce resources and apply them efficiently to achieve a desired outcome. As a defender, making the target less attractive or too expensive for that economically rational actor means they will go after something else. “It’s like the old saying: you don’t have to outrun the bear. You just have to outrun your friend.” Brad Arkin, Adobe's chief security officer
Everything You Need To Know Build a Defensible Library Lock Everything Down Assume your secrets are not safe Threat Modeling Training
From: Geraldo Spence <email@example.com> To: <somone@example.com> Subject: FW: Order Status #001204 Date: Tue, 22 Mar 2016 07:01:47 +0300 Dear someone, We would like to thank you for your recent order. Order Status updated on: 21/03/2016 Your Customer ID: 001204 Your Order ID: 4081F78D45-M-2016 Invoice Number: 5978299 Delivery Note: We received your order and payment on 17/03/2016 Your order details are attached. Best regards, Geraldo Spence Chief Executive Officer - Food Packaging Company
Libraries Live Below The Security Poverty Line(Wendy Nather) We simply can't afford to reach a great level of security Few or no IT People Few or no Security People Hard to keep up with technology and security Maintenance, planning, strategy are 2nd to OMG Depend on consultants, vendors, family, patrons, friends, volunteers, etc...
This leaves us in a bad place  Defaults  Old and outdated  Workarounds  Not much control  No time to focus  "We'll fix it later"
So what can we do?  Budget?  Buy things that are more secure.  Question our vendors and partners on security.  Use our consortia
So what can we do?  Develop a good Threat Model  Set achievable security goals  Learning, Planning & Training  Develop IT- and security-focused community groups for the exchange of ideas, information and known security threats. (Associations and Conferences)
Make Your Library Defensible
Able To Be Defended • Defensible does not mean secure • There are more things to defend than there are resources to defend with • Defensibility focuses on what, why, how, when and from whom
Defensible Libraries • A change in mindset • Awareness of limitations & weaknesses • Awareness of threats • An admission of inconvenience • A lot of hard, detailed and underappreciated work.
So Let’s Think About… • What do we have to secure? • Who wants it? • How could they acquire it? • How could they benefit from its use? –Can they sell it? –Can they hold it hostage? –Can they use & abuse it? • How damaging would the loss of data be? • How would this effect library operations? • How secure do we really need to be?
But We’re Just A Library IT Security For Libraries
We Are All Targets IT Security For Libraries
Why A Library? Easy Access to PII Organizational Rigidity Limited Resources Academic Mindset Target Rich Environment
Krebs on Security. Hacked Library
Every access point to the internet is potential breach.
83% targets of opportunity 92% of attacks were easy 85% were found by a 3rd party IT Security For Libraries Verizon Data Breach Investigations Report
84% were found by a 3rd party Bad guys were in for 175 days before they were discovered. Trustwave 2012 Global Security Report IT Security For Libraries
It’s Easy Being Bad IT Security For Libraries
The attacker only needs to succeed once... IT Security For Libraries
While we need to catch every single thing... IT Security For Libraries
Staying safe takes more than just a firewall & AV/AM... IT Security For Libraries
Passwords
Your security software / hardware is a seat belt – not a force field. IT Security For Libraries
Complexity is the Enemy of Security • We have no shortage of access points • We deal with any number of vendors • Threats come from outside the libraries • Threats come from inside the libraries •Our libraries are full of people IT Security For Libraries
“If It Ain’t Broke...” • The vast majority of attacks… –Won’t be targeted –Will Be Easily Avoidable –Will be invisible Do something.... Do Anything! IT Security For Libraries
Don't Make Things Easy
There are more things to defend than there are resources to defend with Not every asset in your organization is equally valuable
An attacker will always pick the weakest point of entry… …but you can't know which point that is
The Weakest Point In A Library?
Public Access Computers IT Security For Libraries
Public Access Computers Staying Safe On This Computer: –Make Sure You Log Out –Don’t Access Sensitive Sites –Beware of the "remember me" option –Don't send personal or financial information via email or insecure websites IT Security For Libraries
Technical Countermeasures
Most exploits used “old” issues that have been patched
There is no longer a window to patch when a vulnerability or exploit is discovered, in public or private.Brad Arkin, Adobe
Locking Down Public Access Computers • Patching and Updating –OS and *ALL* Applications • Whitelisting • Passwords • SteadyState / DeepFreeze / SmartShield • Don’t use Windows? • Don’t use IE? IT Security For Libraries
35 Strategies to Mitigate Targeted Cyber Intrusions
Library Information Security System Assessment Model (LISSAM) Awareness Creation Administrative Tools and Methods Procedures and Control Information Security Policy Technological Security Foundation
Change your mindset YOU are the attacker • What are you library’s most valuable assets? Where are these assets? How can they be accessed? • If you were the attacker how would you spread malware? And who are the most ‘vulnerable’ targets in the organization? • Do you have a view on the ‘normal’ behavior of your organization (people, behavior, locations and systems)?
Level the playing field… Hack Your library!
Library Information Security System Assessment Model (LISSAM) Awareness Creation Administrative Tools and Methods Procedures and Control Information Security Policy Technological Security Foundation
Also... • Check usernames/passwords for your library - ● osint-opsec-tool ● pastebin.com • HTTPS • Someone needs to stay current • Is your domain name going to expire? • 2FA • Password Managers IT Security For Libraries
- Training - Non-technical Countermeasures Train A Security Mindset Quickly forgotten without practice and reminders Regular low level of training and awareness Build Cybersecurity Champions IT Security For Libraries
Training does not work It's not worth it because someone will still mess up People already know what to do This stuff us easy / obvious
Good security awareness programs help all employees know where to get help Who they should call when there is trouble Where they can look for guidance & policies They should know that they will not be looked down on for making a mistake Someone’s job is to help them through whatever difficulty they are having
We can't make everyone an expert We do NOT need to train the non-technical employees about what the deep level geek employees already know.
Building Good Habits “Being secure” is something that is learned over time and eventually becomes a habit. Make the security mindset the default Consistent reinforcement of the importance of IT Security
Understanding awareness, training, and development What we want is policies that reinforce good security principles that will foster over time a new instinct in people, a new way of looking at things, a new way of acting in a more secure way. This will require a huge amount of patience and buy in from every at your library.
IT Security For Libraries
Carver, Blake Name 123456 ID Number 00123456 User ID carver Password 05/01/2012 End Date
Training • Phishing • Social Engineering • Privacy • Passwords • Email Attachments • Virus Alerts • How to practice safe social networking • Keeping things updated IT Security For Libraries
What we want is policies that reinforce good security principles that will foster over time a new instinct in people, a new way of looking at things, a new way of acting in a more secure way.
The goal is to make doing things the right way become the default in your library
Training…. Patrons? • Your patrons don't care much for security • Their habits are inviting malware • Look for ways to make things safer in ways that don't interfere with people's everyday tasks as much as possible. • Principle of Least Privilege IT Security For Libraries
http://www.pewinternet.org/files/2015/09/2015-09-15_libraries_FINAL.pdf Offer Training At Your Library
Library Security Mantra • Security • Privacy • Confidentiality • Integrity • Availability • Access (based on Net Sec 101 Ayre and Lawthers 2001) IT Security For Libraries
Preparation - Practical Resources • SANS 20 Critical Security Controls – sans.org • Securing Library Technology: A How-To-Do-It Manual – Earp & Wright • Strategies to Mitigate Targeted Cyber Intrusions – Australian Signals Directorate • Library Information Security System Assessment Model – (LISSAM) – Malaysian Journal of Library & Information Science, Vol. 16, no. 2  Virtual Privacy Lab from the San José Public Library https://www.sjpl.org/privacy  Library Freedom Project https://libraryfreedomproject.org/ IT Security For Libraries
IT Security For Librarians: Outrunning The Bear @ Your Library Blake Carver – blake.carver@lyrasis.org LYRASIS Systems Administrator

Recommended

Carver-IT Security for Librarians
Carver-IT Security for LibrariansCarver-IT Security for Librarians
Carver-IT Security for LibrariansNational Information Standards Organization (NISO)
 
Ayala mar23
Ayala mar23Ayala mar23
Ayala mar23National Information Standards Organization (NISO)
 
Goans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryGoans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryNational Information Standards Organization (NISO)
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
 
Security & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedSecurity & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedAlan Eardley
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 

Recommended

Carver-IT Security for Librarians
Carver-IT Security for LibrariansCarver-IT Security for Librarians
Carver-IT Security for LibrariansNational Information Standards Organization (NISO)
 
Ayala mar23
Ayala mar23Ayala mar23
Ayala mar23National Information Standards Organization (NISO)
 
Goans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryGoans-Helms-IT Security at Georgia Tech Library
Goans-Helms-IT Security at Georgia Tech LibraryNational Information Standards Organization (NISO)
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
 
Security & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedSecurity & Compliance: Core Concepts Explained
Security & Compliance: Core Concepts ExplainedAlan Eardley
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesSecurity Innovation
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Falgun Rathod
 
ILTA Product Briefing: How are your users sharing confidential information?
ILTA Product Briefing: How are your users sharing confidential information? ILTA Product Briefing: How are your users sharing confidential information?
ILTA Product Briefing: How are your users sharing confidential information? TitanFile
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Aaron Hnatiw
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypresFairSay
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Caston Thomas
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness trainingSandeep Taileng
 
Database Security Risks You Might Not Have Considered, but Need To
Database Security Risks You Might Not Have Considered, but Need To Database Security Risks You Might Not Have Considered, but Need To
Database Security Risks You Might Not Have Considered, but Need To IDERA Software
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Intro to information security
Intro to information securityIntro to information security
Intro to information securityViraj Ekanayake
 
Cyber security
Cyber securityCyber security
Cyber securityPeter Henley
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNorth Texas Chapter of the ISSA
 
Introduction to Raspberry Pi
Introduction to Raspberry PiIntroduction to Raspberry Pi
Introduction to Raspberry PiCyberGuider IT Services Inc.
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
Butler - Security Lessons Learned from an Ezproxy Admin
Butler - Security Lessons Learned from an Ezproxy AdminButler - Security Lessons Learned from an Ezproxy Admin
Butler - Security Lessons Learned from an Ezproxy AdminNational Information Standards Organization (NISO)
 
Lavignino Do You Know Your Privacy Risks
Lavignino Do You Know Your Privacy RisksLavignino Do You Know Your Privacy Risks
Lavignino Do You Know Your Privacy RisksNational Information Standards Organization (NISO)
 

More Related Content

What's hot

Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesSecurity Innovation
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Falgun Rathod
 
ILTA Product Briefing: How are your users sharing confidential information?
ILTA Product Briefing: How are your users sharing confidential information? ILTA Product Briefing: How are your users sharing confidential information?
ILTA Product Briefing: How are your users sharing confidential information? TitanFile
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Aaron Hnatiw
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypresFairSay
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Caston Thomas
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations Damir Delija
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness trainingSandeep Taileng
 
Database Security Risks You Might Not Have Considered, but Need To
Database Security Risks You Might Not Have Considered, but Need To Database Security Risks You Might Not Have Considered, but Need To
Database Security Risks You Might Not Have Considered, but Need To IDERA Software
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Intro to information security
Intro to information securityIntro to information security
Intro to information securityViraj Ekanayake
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNorth Texas Chapter of the ISSA
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 

What's hot (20)

Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to Vulnerabilities
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
 
ILTA Product Briefing: How are your users sharing confidential information?
ILTA Product Briefing: How are your users sharing confidential information? ILTA Product Briefing: How are your users sharing confidential information?
ILTA Product Briefing: How are your users sharing confidential information?
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypres
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
 
Deep Web and Digital Investigations
Deep Web and Digital Investigations Deep Web and Digital Investigations
Deep Web and Digital Investigations
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
 
Database Security Risks You Might Not Have Considered, but Need To
Database Security Risks You Might Not Have Considered, but Need To Database Security Risks You Might Not Have Considered, but Need To
Database Security Risks You Might Not Have Considered, but Need To
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
 
Cyber security
Cyber securityCyber security
Cyber security
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
 
Introduction to Raspberry Pi
Introduction to Raspberry PiIntroduction to Raspberry Pi
Introduction to Raspberry Pi
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular users
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 

Viewers also liked

Koha presentation
Koha presentationKoha presentation
Koha presentationBibLibre
 
L’acquisition d’un outil de découverte_Expérience de l'Université Sherbrooke_...
L’acquisition d’un outil de découverte_Expérience de l'Université Sherbrooke_...L’acquisition d’un outil de découverte_Expérience de l'Université Sherbrooke_...
L’acquisition d’un outil de découverte_Expérience de l'Université Sherbrooke_...nst2011
 

Viewers also liked (20)

Butler - Security Lessons Learned from an Ezproxy Admin
Butler - Security Lessons Learned from an Ezproxy AdminButler - Security Lessons Learned from an Ezproxy Admin
Butler - Security Lessons Learned from an Ezproxy Admin
 
Lavignino Do You Know Your Privacy Risks
Lavignino Do You Know Your Privacy RisksLavignino Do You Know Your Privacy Risks
Lavignino Do You Know Your Privacy Risks
 
Opac customization
Opac customizationOpac customization
Opac customization
 
Koha presentation
Koha presentationKoha presentation
Koha presentation
 
Presentation of NISO Altmetrics RP - Charleston Library Conference
Presentation of NISO Altmetrics RP - Charleston Library ConferencePresentation of NISO Altmetrics RP - Charleston Library Conference
Presentation of NISO Altmetrics RP - Charleston Library Conference
 
Carpenter: Getting Access Control from Here to There
Carpenter: Getting Access Control from Here to ThereCarpenter: Getting Access Control from Here to There
Carpenter: Getting Access Control from Here to There
 
Chris Shillum: Overview of the RA21 proejct presentation
Chris Shillum: Overview of the RA21 proejct presentationChris Shillum: Overview of the RA21 proejct presentation
Chris Shillum: Overview of the RA21 proejct presentation
 
Ralph Youngen: Evolving Identity & Access Management at ACS Presentation
Ralph Youngen: Evolving Identity & Access Management at ACS PresentationRalph Youngen: Evolving Identity & Access Management at ACS Presentation
Ralph Youngen: Evolving Identity & Access Management at ACS Presentation
 
Wheeler & Benedict -- Enabling the Preservation Relay
Wheeler & Benedict -- Enabling the Preservation RelayWheeler & Benedict -- Enabling the Preservation Relay
Wheeler & Benedict -- Enabling the Preservation Relay
 
Goethals Harvard Library's Digital Preservation Repository
Goethals Harvard Library's Digital Preservation RepositoryGoethals Harvard Library's Digital Preservation Repository
Goethals Harvard Library's Digital Preservation Repository
 
Ferrante Durable Access to Digital Primary Sources
Ferrante Durable Access to Digital Primary SourcesFerrante Durable Access to Digital Primary Sources
Ferrante Durable Access to Digital Primary Sources
 
Wittenberg Portico: Lessons From a Community Supported Archive
Wittenberg Portico: Lessons From a Community Supported ArchiveWittenberg Portico: Lessons From a Community Supported Archive
Wittenberg Portico: Lessons From a Community Supported Archive
 
VanDyck Long-Term Preservation of Digital Scholarly Literature
VanDyck Long-Term Preservation of Digital Scholarly LiteratureVanDyck Long-Term Preservation of Digital Scholarly Literature
VanDyck Long-Term Preservation of Digital Scholarly Literature
 
Madsen Digital Preservation Policy & Strategy
Madsen Digital Preservation Policy & StrategyMadsen Digital Preservation Policy & Strategy
Madsen Digital Preservation Policy & Strategy
 
Waraksa Digital Library of the Middle East
Waraksa Digital Library of the Middle EastWaraksa Digital Library of the Middle East
Waraksa Digital Library of the Middle East
 
Herdrich -The Digital Library of the Middle East (DLME)
Herdrich -The Digital Library of the Middle East (DLME)Herdrich -The Digital Library of the Middle East (DLME)
Herdrich -The Digital Library of the Middle East (DLME)
 
Kettler Information Digitization in the Humanities
Kettler Information Digitization in the HumanitiesKettler Information Digitization in the Humanities
Kettler Information Digitization in the Humanities
 
L’acquisition d’un outil de découverte_Expérience de l'Université Sherbrooke_...
L’acquisition d’un outil de découverte_Expérience de l'Université Sherbrooke_...L’acquisition d’un outil de découverte_Expérience de l'Université Sherbrooke_...
L’acquisition d’un outil de découverte_Expérience de l'Université Sherbrooke_...
 
Gonzalez Creating a Digital Makerspace
Gonzalez Creating a Digital MakerspaceGonzalez Creating a Digital Makerspace
Gonzalez Creating a Digital Makerspace
 
Neylon From Principles to Action
Neylon From Principles to ActionNeylon From Principles to Action
Neylon From Principles to Action
 

Similar to Carver IT Security for Librarians

Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secureLYRASIS
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcareNicholas Davis
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Robi Sen
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
I am my worst enemy — A first person look at Insider Threat
I am my worst enemy — A first person look at Insider ThreatI am my worst enemy — A first person look at Insider Threat
I am my worst enemy — A first person look at Insider ThreatAhmed Masud
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkPrasad Calyam
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
ISOL536Security Architecture and DesignWeek 6Web Threa.docx
ISOL536Security Architecture and DesignWeek 6Web Threa.docxISOL536Security Architecture and DesignWeek 6Web Threa.docx
ISOL536Security Architecture and DesignWeek 6Web Threa.docxvrickens
 

Similar to Carver IT Security for Librarians (20)

Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secure
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
I am my worst enemy — A first person look at Insider Threat
I am my worst enemy — A first person look at Insider ThreatI am my worst enemy — A first person look at Insider Threat
I am my worst enemy — A first person look at Insider Threat
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
 
Summers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker TalkSummers@Mizzou 2017 Hacker Tracker Talk
Summers@Mizzou 2017 Hacker Tracker Talk
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
ISOL536Security Architecture and DesignWeek 6Web Threa.docx
ISOL536Security Architecture and DesignWeek 6Web Threa.docxISOL536Security Architecture and DesignWeek 6Web Threa.docx
ISOL536Security Architecture and DesignWeek 6Web Threa.docx
 

More from National Information Standards Organization (NISO)

More from National Information Standards Organization (NISO) (20)

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Bazargan "NISO Webinar, Sustainability in Publishing"
Bazargan "NISO Webinar, Sustainability in Publishing"Bazargan "NISO Webinar, Sustainability in Publishing"
Bazargan "NISO Webinar, Sustainability in Publishing"
 
Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"
 
Compton "NISO Webinar, Sustainability in Publishing"
Compton "NISO Webinar, Sustainability in Publishing"Compton "NISO Webinar, Sustainability in Publishing"
Compton "NISO Webinar, Sustainability in Publishing"
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
Hazen, Morse, and Varnum "Spring 2024 ODI Conformance Statement Workshop for ...
Hazen, Morse, and Varnum "Spring 2024 ODI Conformance Statement Workshop for ...Hazen, Morse, and Varnum "Spring 2024 ODI Conformance Statement Workshop for ...
Hazen, Morse, and Varnum "Spring 2024 ODI Conformance Statement Workshop for ...
 
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
 
Mattingly "Text and Data Mining: Building Data Driven Applications"
Mattingly "Text and Data Mining: Building Data Driven Applications"Mattingly "Text and Data Mining: Building Data Driven Applications"
Mattingly "Text and Data Mining: Building Data Driven Applications"
 
Mattingly "Text and Data Mining: Searching Vectors"
Mattingly "Text and Data Mining: Searching Vectors"Mattingly "Text and Data Mining: Searching Vectors"
Mattingly "Text and Data Mining: Searching Vectors"
 
Mattingly "Text Mining Techniques"
Mattingly "Text Mining Techniques"Mattingly "Text Mining Techniques"
Mattingly "Text Mining Techniques"
 
Mattingly "Text Processing for Library Data: Representing Text as Data"
Mattingly "Text Processing for Library Data: Representing Text as Data"Mattingly "Text Processing for Library Data: Representing Text as Data"
Mattingly "Text Processing for Library Data: Representing Text as Data"
 
Carpenter "Designing NISO's New Strategic Plan: 2023-2026"
Carpenter "Designing NISO's New Strategic Plan: 2023-2026"Carpenter "Designing NISO's New Strategic Plan: 2023-2026"
Carpenter "Designing NISO's New Strategic Plan: 2023-2026"
 
Ross and Clark "Strategic Planning"
Ross and Clark "Strategic Planning"Ross and Clark "Strategic Planning"
Ross and Clark "Strategic Planning"
 
Mattingly "Data Mining Techniques: Classification and Clustering"
Mattingly "Data Mining Techniques: Classification and Clustering"Mattingly "Data Mining Techniques: Classification and Clustering"
Mattingly "Data Mining Techniques: Classification and Clustering"
 
Straza "Global collaboration towards equitable and open science: UNESCO Recom...
Straza "Global collaboration towards equitable and open science: UNESCO Recom...Straza "Global collaboration towards equitable and open science: UNESCO Recom...
Straza "Global collaboration towards equitable and open science: UNESCO Recom...
 
Lippincott "Beyond access: Accelerating discovery and increasing trust throug...
Lippincott "Beyond access: Accelerating discovery and increasing trust throug...Lippincott "Beyond access: Accelerating discovery and increasing trust throug...
Lippincott "Beyond access: Accelerating discovery and increasing trust throug...
 
Kriegsman "Integrating Open and Equitable Research into Open Science"
Kriegsman "Integrating Open and Equitable Research into Open Science"Kriegsman "Integrating Open and Equitable Research into Open Science"
Kriegsman "Integrating Open and Equitable Research into Open Science"
 
Mattingly "Ethics and Cleaning Data"
Mattingly "Ethics and Cleaning Data"Mattingly "Ethics and Cleaning Data"
Mattingly "Ethics and Cleaning Data"
 
Mercado-Lara "Open & Equitable Program"
Mercado-Lara "Open & Equitable Program"Mercado-Lara "Open & Equitable Program"
Mercado-Lara "Open & Equitable Program"
 

Recently uploaded

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 

Recently uploaded (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 

Carver IT Security for Librarians

  • 1. IT Security For Librarians: Outrunning The Bear @ Your Library Blake Carver – blake.carver@lyrasis.org LYRASIS Systems Administrator
  • 2. Attackers are economically rational – they take scarce resources and apply them efficiently to achieve a desired outcome. As a defender, making the target less attractive or too expensive for that economically rational actor means they will go after something else. “It’s like the old saying: you don’t have to outrun the bear. You just have to outrun your friend.” Brad Arkin, Adobe's chief security officer
  • 3. Everything You Need To Know Build a Defensible Library Lock Everything Down Assume your secrets are not safe Threat Modeling Training
  • 4. From: Geraldo Spence <email@example.com> To: <somone@example.com> Subject: FW: Order Status #001204 Date: Tue, 22 Mar 2016 07:01:47 +0300 Dear someone, We would like to thank you for your recent order. Order Status updated on: 21/03/2016 Your Customer ID: 001204 Your Order ID: 4081F78D45-M-2016 Invoice Number: 5978299 Delivery Note: We received your order and payment on 17/03/2016 Your order details are attached. Best regards, Geraldo Spence Chief Executive Officer - Food Packaging Company
  • 5.
  • 6. Libraries Live Below The Security Poverty Line(Wendy Nather) We simply can't afford to reach a great level of security Few or no IT People Few or no Security People Hard to keep up with technology and security Maintenance, planning, strategy are 2nd to OMG Depend on consultants, vendors, family, patrons, friends, volunteers, etc...
  • 7. This leaves us in a bad place  Defaults  Old and outdated  Workarounds  Not much control  No time to focus  "We'll fix it later"
  • 8. So what can we do?  Budget?  Buy things that are more secure.  Question our vendors and partners on security.  Use our consortia
  • 9. So what can we do?  Develop a good Threat Model  Set achievable security goals  Learning, Planning & Training  Develop IT- and security-focused community groups for the exchange of ideas, information and known security threats. (Associations and Conferences)
  • 10. Make Your Library Defensible
  • 11. Able To Be Defended • Defensible does not mean secure • There are more things to defend than there are resources to defend with • Defensibility focuses on what, why, how, when and from whom
  • 12. Defensible Libraries • A change in mindset • Awareness of limitations & weaknesses • Awareness of threats • An admission of inconvenience • A lot of hard, detailed and underappreciated work.
  • 13. So Let’s Think About… • What do we have to secure? • Who wants it? • How could they acquire it? • How could they benefit from its use? –Can they sell it? –Can they hold it hostage? –Can they use & abuse it? • How damaging would the loss of data be? • How would this effect library operations? • How secure do we really need to be?
  • 14. But We’re Just A Library IT Security For Libraries
  • 15. We Are All Targets IT Security For Libraries
  • 16. Why A Library? Easy Access to PII Organizational Rigidity Limited Resources Academic Mindset Target Rich Environment
  • 18. Every access point to the internet is potential breach.
  • 19. 83% targets of opportunity 92% of attacks were easy 85% were found by a 3rd party IT Security For Libraries Verizon Data Breach Investigations Report
  • 20. 84% were found by a 3rd party Bad guys were in for 175 days before they were discovered. Trustwave 2012 Global Security Report IT Security For Libraries
  • 21. It’s Easy Being Bad IT Security For Libraries
  • 22. The attacker only needs to succeed once... IT Security For Libraries
  • 23. While we need to catch every single thing... IT Security For Libraries
  • 24. Staying safe takes more than just a firewall & AV/AM... IT Security For Libraries
  • 26. Your security software / hardware is a seat belt – not a force field. IT Security For Libraries
  • 27. Complexity is the Enemy of Security • We have no shortage of access points • We deal with any number of vendors • Threats come from outside the libraries • Threats come from inside the libraries •Our libraries are full of people IT Security For Libraries
  • 28. “If It Ain’t Broke...” • The vast majority of attacks… –Won’t be targeted –Will Be Easily Avoidable –Will be invisible Do something.... Do Anything! IT Security For Libraries
  • 30. There are more things to defend than there are resources to defend with Not every asset in your organization is equally valuable
  • 31. An attacker will always pick the weakest point of entry… …but you can't know which point that is
  • 32. The Weakest Point In A Library?
  • 33. Public Access Computers IT Security For Libraries
  • 34. Public Access Computers Staying Safe On This Computer: –Make Sure You Log Out –Don’t Access Sensitive Sites –Beware of the "remember me" option –Don't send personal or financial information via email or insecure websites IT Security For Libraries
  • 36. Most exploits used “old” issues that have been patched
  • 37. There is no longer a window to patch when a vulnerability or exploit is discovered, in public or private.Brad Arkin, Adobe
  • 38. Locking Down Public Access Computers • Patching and Updating –OS and *ALL* Applications • Whitelisting • Passwords • SteadyState / DeepFreeze / SmartShield • Don’t use Windows? • Don’t use IE? IT Security For Libraries
  • 39. 35 Strategies to Mitigate Targeted Cyber Intrusions
  • 40. Library Information Security System Assessment Model (LISSAM) Awareness Creation Administrative Tools and Methods Procedures and Control Information Security Policy Technological Security Foundation
  • 41. Change your mindset YOU are the attacker • What are you library’s most valuable assets? Where are these assets? How can they be accessed? • If you were the attacker how would you spread malware? And who are the most ‘vulnerable’ targets in the organization? • Do you have a view on the ‘normal’ behavior of your organization (people, behavior, locations and systems)?
  • 42. Level the playing field… Hack Your library!
  • 43.
  • 44.
  • 45. Library Information Security System Assessment Model (LISSAM) Awareness Creation Administrative Tools and Methods Procedures and Control Information Security Policy Technological Security Foundation
  • 46. Also... • Check usernames/passwords for your library - ● osint-opsec-tool ● pastebin.com • HTTPS • Someone needs to stay current • Is your domain name going to expire? • 2FA • Password Managers IT Security For Libraries
  • 47. - Training - Non-technical Countermeasures Train A Security Mindset Quickly forgotten without practice and reminders Regular low level of training and awareness Build Cybersecurity Champions IT Security For Libraries
  • 48. Training does not work It's not worth it because someone will still mess up People already know what to do This stuff us easy / obvious
  • 49. Good security awareness programs help all employees know where to get help Who they should call when there is trouble Where they can look for guidance & policies They should know that they will not be looked down on for making a mistake Someone’s job is to help them through whatever difficulty they are having
  • 50. We can't make everyone an expert We do NOT need to train the non-technical employees about what the deep level geek employees already know.
  • 51. Building Good Habits “Being secure” is something that is learned over time and eventually becomes a habit. Make the security mindset the default Consistent reinforcement of the importance of IT Security
  • 52.
  • 53. Understanding awareness, training, and development What we want is policies that reinforce good security principles that will foster over time a new instinct in people, a new way of looking at things, a new way of acting in a more secure way. This will require a huge amount of patience and buy in from every at your library.
  • 54.
  • 55. IT Security For Libraries
  • 56. Carver, Blake Name 123456 ID Number 00123456 User ID carver Password 05/01/2012 End Date
  • 57. Training • Phishing • Social Engineering • Privacy • Passwords • Email Attachments • Virus Alerts • How to practice safe social networking • Keeping things updated IT Security For Libraries
  • 58. What we want is policies that reinforce good security principles that will foster over time a new instinct in people, a new way of looking at things, a new way of acting in a more secure way.
  • 59. The goal is to make doing things the right way become the default in your library
  • 60. Training…. Patrons? • Your patrons don't care much for security • Their habits are inviting malware • Look for ways to make things safer in ways that don't interfere with people's everyday tasks as much as possible. • Principle of Least Privilege IT Security For Libraries
  • 62. Library Security Mantra • Security • Privacy • Confidentiality • Integrity • Availability • Access (based on Net Sec 101 Ayre and Lawthers 2001) IT Security For Libraries
  • 63. Preparation - Practical Resources • SANS 20 Critical Security Controls – sans.org • Securing Library Technology: A How-To-Do-It Manual – Earp & Wright • Strategies to Mitigate Targeted Cyber Intrusions – Australian Signals Directorate • Library Information Security System Assessment Model – (LISSAM) – Malaysian Journal of Library & Information Science, Vol. 16, no. 2  Virtual Privacy Lab from the San José Public Library https://www.sjpl.org/privacy  Library Freedom Project https://libraryfreedomproject.org/ IT Security For Libraries
  • 64. IT Security For Librarians: Outrunning The Bear @ Your Library Blake Carver – blake.carver@lyrasis.org LYRASIS Systems Administrator