[IS&T Security-FYI] SFYI Newsletter, June 3, 2013
Monique Yeaton
myeaton at MIT.EDU
Mon Jun 3 17:31:59 EDT 2013
In this issue:
1. June is Internet Safety Month
2. Why Prevention is Better Than Protection
-------------------------------------------
1. June is Internet Safety Month
-------------------------------------------
June is national Internet Safety Month, thanks to the work of the National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cybersecurity awareness and education for digital citizens. The month is used to raise awareness about cyber issues to help us all navigate the Internet safely and responsibly.
The best place to start as an adult is to take a few moments to teach a young person about better online safety so that they use good judgment and behavior all year long.
NCSA released research in November 2011 that found that less than half of the population (46%) reports that it feels safe from viruses, malware and hackers while roughly half (48%) of parents are not completely confident their kids can use the Internet safely. Both youth and adults alike can benefit from better Internet safety practices and should become more aware of potential threats.
The advice of the NCSA is to "Stop. Think. Connect." Stop to take time to understand the risks and how to spot potential problems. Think about how your actions online could impact your safety or that of your family. Connect knowing you've taken the right steps to safeguard yourself, your family and your computer.
Learn more at StaySafeOnline.org<http://www.staysafeonline.org/>.
----------------------------------------------------------
2. Why Prevention is Better Than Protection
----------------------------------------------------------
An analysis of the cost of a breach that occurred at Idaho State University (ISU) shows that this one incident will cost the university four times as much (about $1M over two years) as the university would have normally spent on IT security in the same amount of time.
The cost of avoiding the incident (prevention), which was blamed on a change in firewall policies that exposed servers, would have cost the university only $75,000, that is 7.5% of the cost of the incident. This preventative cost includes critical security control (secure configurations for firewalls, routers and switches), continuous vulnerability assessment and remediation, and maintenance, monitoring and analysis of audit logs.
The bottom line: spending $75,000 would have avoided the $1 million price tag of the breach. Read the full story online<http://www.sans.org/security-trends/2013/05/30/analyzing-the-cost-of-a-hipaa-related-breach-through-the-lens-of-the-critical-security-controls>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130603/bf9b3b1f/attachment.htm
More information about the ist-security-fyi
mailing list