$30 off During Our Annual Pro Sale. View Details »

Working together to strengthen cybersecurity in university libraries

Sam Searle
May 20, 2019
Technology
0
43

Working together to strengthen cybersecurity in university libraries

Presented at THETA 2019 (The Higher Education Technology Agenda), Wollongong, 20 May 2019.

University libraries are increasingly exposed to cybersecurity threats, with prominent recent examples including:

- a 3-day distributed denial of service (DDoS) attack on the Library of Congress
- ransomware attacks on PCs in US public libraries, and
- the Silent Librarian phishing campaign, which affected 26 Australian universities. Researchers mistakenly believed their library accounts would be closed and provided log-in credentials enabling the the of research.

As few librarians are trained in key aspects of cybersecurity there is an urgent need for greater collaboration with cybersecurity professionals to accurately identify and effectively mitigate risks. Griffith University’s Library Technology Services manages a portfolio of so ware applications, most of which are cloud-hosted. Applications and integrations are under increased scrutiny and we now engage more with staff from Cyber Security Services in Digital Solutions, particularly when we evaluate new applications or perform major upgrades.

Cyber Security Services offers support across three main categories: process, technology, and people. In this presentation I discussed both technical and non- technical actions being taken to uplift the Library’s overall cybersecurity maturity. This included increased focus on the security architecture of software applications, demanding more mature cybersecurity approaches from our vendors and service providers, regularly reviewing processes for protecting log-in credentials, and addressing staff information and training needs.

While this work is essential it is also challenging, in terms of project budgets and timelines, stakeholder perceptions, and the allocation of staff resources. I discussed how library and cybersecurity professionals can work together to build capability, both at the level of individual institutions and across the sector.

Sam Searle

May 20, 2019
Tweet

More Decks by Sam Searle

See All by Sam Searle
But I don't want to code! Three emerging IT skills for librarians (other than coding) and how to start developing them
samsearle
1
1.8k
Architectural Approaches to the Next Generation Library: a Case Study in Connecting Librarians and Architects at Griffith University
samsearle
0
230
Using scenarios in introductory research data management workshops for library staff
samsearle
0
1k
Passionate about projects! Potential, pitfalls, and how to build a career in project-focused librarianship
samsearle
0
240
Research data management: An overview of current activity in libraries in Australia
samsearle
0
240

Other Decks in Technology

See All in Technology
キャリア理論をもとに考えるエンジニアのキャリア/Engineers' careers based on career theory
dskst
0
130
【Microsoft社員が振り返る】Microsoft Ignite
yutoy
1
580
EMのスケールとマネジメントがチームになるということ / Team Building And Scaling Engineering Managers
yoshikiiida
2
960
GPTsによるアシスタント業務の改善
neonankiti
3
410
Integration Test で パフォーマンス計測する
kumamotone
0
120
pmconf 2023 プロダクトと事業を無限にスケールするための最強のロードマップの作り方 / The Greatest Roadmap for Unlimited Scaling your Business and Products
yamamuteki
18
10k
「成長サイクル」でVUCAの時代を乗りこなす
ar_tama
1
400
CircleCIの高速化🚀 / CircleCI faster
sinsoku
3
680
地域発展の新たなフロンティアを探そう、地方企業こそサーバーレスを活用すべき3つの理由 / Local Startup With Serverless
_kensh
0
160
10分でわかる株式会社ログラス − エンジニア向け会社説明資料 / Loglass in 10 min for Engineers
loglass2019
2
910
顧客に価値を届け続けられる プロダクトであるために ~B2B SaaSにおいてプロダクトビジョン・戦略を改めて 策定するまでの道のり~
satoshihirose
1
130
JPPC2023_BI08_セマンティックモデルを覗き見る(公開用)
hanaseleb
0
900

Featured

See All Featured
Six Lessons from altMBA
skipperchong
18
2.7k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
12
1.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
4.1k
For a Future-Friendly Web
brad_frost
168
8.5k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
51k
Building Applications with DynamoDB
mza
87
5.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
140k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.7k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
Designing Experiences People Love
moore
133
23k

Transcript

  1. Working together to strengthen
    cybersecurity in university libraries

    View Slide

  2. View Slide

  3. Why do we need to work together?

    View Slide

  4. View Slide

  5. 2004ACM/IEEE Joint Conference on Digital Libraries
    Not only will [digital libraries] serve as repositories of
    knowledge and information, and as the primary
    mechanism for its retrieval and distribution, but they will
    be the focal point for the integration of information and
    scholarship across all boundaries of application,
    language, and media… they will also inevitably become
    the target of malicious attack by people seeking
    unauthorized information.
    Joel Birnbaum, Hewlett Packard

    View Slide

  6. View Slide

  7. Culture
    & comms
    Cybersecurity
    capacity in
    higher ed
    Cloud
    Legacy
    solutions
    Stagnant
    market
    conditions
    Accidental
    systems
    librarians
    Shadow
    library
    IT

    View Slide

  8. So what kinds of things
    can we usefully work on?

    View Slide

  9. People
    Awareness
    Knowledge & skills
    Communities
    Technology
    Vulnerability scans
    Penetration tests
    Password / account
    management
    Company ratings
    Process
    Data classification
    Product / vendor
    assessments
    Early adopters

    View Slide

  10. Sounds great!
    (In theory…)
    So why is it so hard in practice?

    View Slide

  11. Wood, Phillip. 2014. “Walls of Straw – the Cyber Risks to Higher Education.”
    Insights 27 (2): 192–97. https://doi.org/10.1629/2048-7754.160.
    The dilemma of information protection is a challenge in
    universities, where restricting access can inhibit
    information flow and the development of ideas…. This
    need to balance ‘need to know’ with ‘need to flow’ can
    mean that levels of protection need to be compromised
    so that information routes and the freedom to work
    within them can be maintained. This compromise is
    essential…

    View Slide

  12. View Slide

  13. A proposition:
    How we work together
    is just as important as
    what we work on.

    View Slide

  14. Community
    Prudence
    Preparedness
    Integrity
    Trust
    Inclusion
    Access
    Diversity
    Exclusion
    Security
    Conformity

    View Slide

  15. Compare
    Australian Library and Information Association
    Core Values Statement
    with
    Australian Information Security Association
    Code of Ethics
    You may be surprised at how similar our values
    and concerns are.

    View Slide

  16. Costa, Arthur L., and Bena Kallick. 1993. “Through the Lens of a Critical
    Friend.” Educational Leadership 51(2): 49–51.
    A critical friend…is a trusted person who asks provocative
    questions, provides data to be examined through
    another lens, and offers critique of a person's work as a
    friend. A critical friend takes the time to fully understand
    the context of the work presented and the outcomes
    that the person or group is working toward. The friend is
    an advocate for the success of that work.

    View Slide

  17. Thanks to:
    • Tim Lane, IT Security Projects Manager, Griffith University and Chair,
    CAUDIT Cybersecurity Community of Practice
    • My Library Technology Services team
    Get in touch:
    Sam Searle
    Manager, Library Technology Services
    [email protected]
    https://orcid.org/0000-0002-0619-5756
    LinkedIn | Twitter

    View Slide