[IS&T Security-FYI] Newsletter, November 2, 2007

Fri Nov 2 12:23:48 EDT 2007

In this issue:

1. MA's Initiative to Combat Cyber Crime
2. Schools in the News: Lost USB Drive Contains Student Information

---------------------------------------------------
1. MA's Initiative to Combat Cyber Crime
---------------------------------------------------

On October 31, Massachusetts Attorney General Martha Coakley, in  
collaboration with Microsoft Corporation, hosted a cyber crime  
training session for Massachusetts law enforcement. The day-long  
training, entitled “Cyber Crimes 101,” was attended by more than 300  
law enforcement officers from across the state.

The training of law enforcement is one of several key priorities  
highlighted in “The Massachusetts Strategic Plan for Cyber Crime”  
developed as part of the Attorney General's Cyber Crime Initiative.  
The plan, unveiled last week, was designed in order to help the  
Commonwealth develop a statewide capacity to prevent, investigate,  
and prosecute cyber crime. The training was the first step in meeting  
one of several key priorities established in the Strategic Plan.

The Attorney General’s Office takes a broad view of cyber crime,  
defining it to include both crimes facilitated by computers and those  
involving digital evidence. Surveys prior to the initiative revealed  
that a lack of training was the number one impediment facing law  
enforcement when investigating crimes with a cyber component.

Microsoft has provided similar training to law enforcement in  
Alabama, Colorado, Georgia, Kansas, New Hampshire, South Carolina,  
and Utah.

More about the story can be found here:
<http://www.allamericanpatriots.com/ 
48736166_massachusetts_massachusetts_ag_and_microsoft_host_cyber_crime_t 
raining_law_enforcement_offi>

------------------------------------------------------------------------ 
----------------
2. Schools in the News: Lost USB Drive Contains Student Information
------------------------------------------------------------------------ 
----------------

Last June I wrote a story for this newsletter discussing the risks of  
putting sensitive data on USB flash drives. They are small and  
portable, which can cause problems when they fall into the wrong  
hands. Stories of data at risk on lost or stolen drives appear in the  
news regularly.

Last week another possible student data breach occurred due to a lost  
flash drive. An employee from the University of Nevada reported  
losing a flash drive containing an electronic file with names and  
social security numbers for nearly 16,000 current and former students.

Most universities have policies to limit this from happening, and  
it's worth reminding people what the policy is.

MIT's policy 13.2.2 states: "Individuals who manage or use the  
information and computing resources required by the Institute to  
carry out its mission must protect them from unauthorized  
modification, disclosure, and destruction. Information -- including  
data and software -- is to be protected, regardless of the form or  
medium that carries the information. Protection shall be commensurate  
with the risk of exposure and with the value of information and of  
the computing resources."

It is best practice to not place sensitive data files on portable  
devices, including mobile smart phones, laptops, flash drives or any  
other portable hard drive. If you have no other choice, assess the  
risk of doing so first and then take the necessary precautions to  
keep the data protected. A strong password or encryption software  
could help but doesn't guarantee 100 percent protection.

Read tips on securing your computer and its contents:
<http://web.mit.edu/ist/topics/security/infoprotect.html>

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security