Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Working together to strengthen cybersecurity in...

Sam Searle
May 20, 2019
Technology
0
70

Working together to strengthen cybersecurity in university libraries

Presented at THETA 2019 (The Higher Education Technology Agenda), Wollongong, 20 May 2019.

University libraries are increasingly exposed to cybersecurity threats, with prominent recent examples including:

- a 3-day distributed denial of service (DDoS) attack on the Library of Congress
- ransomware attacks on PCs in US public libraries, and
- the Silent Librarian phishing campaign, which affected 26 Australian universities. Researchers mistakenly believed their library accounts would be closed and provided log-in credentials enabling the the of research.

As few librarians are trained in key aspects of cybersecurity there is an urgent need for greater collaboration with cybersecurity professionals to accurately identify and effectively mitigate risks. Griffith University’s Library Technology Services manages a portfolio of so ware applications, most of which are cloud-hosted. Applications and integrations are under increased scrutiny and we now engage more with staff from Cyber Security Services in Digital Solutions, particularly when we evaluate new applications or perform major upgrades.

Cyber Security Services offers support across three main categories: process, technology, and people. In this presentation I discussed both technical and non- technical actions being taken to uplift the Library’s overall cybersecurity maturity. This included increased focus on the security architecture of software applications, demanding more mature cybersecurity approaches from our vendors and service providers, regularly reviewing processes for protecting log-in credentials, and addressing staff information and training needs.

While this work is essential it is also challenging, in terms of project budgets and timelines, stakeholder perceptions, and the allocation of staff resources. I discussed how library and cybersecurity professionals can work together to build capability, both at the level of individual institutions and across the sector.

Sam Searle

May 20, 2019
Tweet

More Decks by Sam Searle

See All by Sam Searle
But I don't want to code! Three emerging IT skills for librarians (other than coding) and how to start developing them
samsearle
1
2.2k
Architectural Approaches to the Next Generation Library: a Case Study in Connecting Librarians and Architects at Griffith University
samsearle
0
250
Using scenarios in introductory research data management workshops for library staff
samsearle
0
1.4k
Passionate about projects! Potential, pitfalls, and how to build a career in project-focused librarianship
samsearle
0
310
Research data management: An overview of current activity in libraries in Australia
samsearle
0
360

Other Decks in Technology

See All in Technology
PHPからGoへのマイグレーション for DMMアフィリエイト
yabakokobayashi
1
160
オプトインカメラ:UWB測位を応用したオプトイン型のカメラ計測
matthewlujp
0
170
フロントエンド設計にモブ設計を導入してみた / 20241212_cloudsign_TechFrontMeetup
bengo4com
0
1.9k
KubeCon NA 2024 Recap / Running WebAssembly (Wasm) Workloads Side-by-Side with Container Workloads
z63d
1
240
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.8k
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
31k
Oracle Cloud Infrastructure:2024年12月度サービス・アップデート
oracle4engineer
PRO
0
160
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
190
なぜCodeceptJSを選んだか
goataka
0
150
Oracle Cloudの生成AIサービスって実際どこまで使えるの? エンジニア目線で試してみた
minorun365
PRO
4
270
.NET 9 のパフォーマンス改善
nenonaninu
0
360
継続的にアウトカムを生み出し ビジネスにつなげる、 戦略と運営に対するタイミーのQUEST(探求)
zigorou
0
500

Featured

See All Featured
Designing Experiences People Love
moore
138
23k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
810
Adopting Sorbet at Scale
ufuk
73
9.1k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
A better future with KSS
kneath
238
17k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.2k
It's Worth the Effort
3n
183
28k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
29
2k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k

Transcript

  1. Working together to strengthen cybersecurity in university libraries

  2. None

  3. Why do we need to work together?

  4. None

  5. 2004ACM/IEEE Joint Conference on Digital Libraries Not only will [digital

    libraries] serve as repositories of knowledge and information, and as the primary mechanism for its retrieval and distribution, but they will be the focal point for the integration of information and scholarship across all boundaries of application, language, and media… they will also inevitably become the target of malicious attack by people seeking unauthorized information. Joel Birnbaum, Hewlett Packard
  6. None

  7. Culture & comms Cybersecurity capacity in higher ed Cloud Legacy

    solutions Stagnant market conditions Accidental systems librarians Shadow library IT

  8. So what kinds of things can we usefully work on?

  9. People Awareness Knowledge & skills Communities Technology Vulnerability scans Penetration

    tests Password / account management Company ratings Process Data classification Product / vendor assessments Early adopters

  10. Sounds great! (In theory…) So why is it so hard

    in practice?

  11. Wood, Phillip. 2014. “Walls of Straw – the Cyber Risks

    to Higher Education.” Insights 27 (2): 192–97. https://doi.org/10.1629/2048-7754.160. The dilemma of information protection is a challenge in universities, where restricting access can inhibit information flow and the development of ideas…. This need to balance ‘need to know’ with ‘need to flow’ can mean that levels of protection need to be compromised so that information routes and the freedom to work within them can be maintained. This compromise is essential…
  12. None

  13. A proposition: How we work together is just as important

    as what we work on.

  14. Community Prudence Preparedness Integrity Trust Inclusion Access Diversity Exclusion Security

    Conformity

  15. Compare Australian Library and Information Association Core Values Statement with

    Australian Information Security Association Code of Ethics You may be surprised at how similar our values and concerns are.

  16. Costa, Arthur L., and Bena Kallick. 1993. “Through the Lens

    of a Critical Friend.” Educational Leadership 51(2): 49–51. A critical friend…is a trusted person who asks provocative questions, provides data to be examined through another lens, and offers critique of a person's work as a friend. A critical friend takes the time to fully understand the context of the work presented and the outcomes that the person or group is working toward. The friend is an advocate for the success of that work.

  17. Thanks to: • Tim Lane, IT Security Projects Manager, Griffith

    University and Chair, CAUDIT Cybersecurity Community of Practice • My Library Technology Services team Get in touch: Sam Searle Manager, Library Technology Services [email protected] https://orcid.org/0000-0002-0619-5756 LinkedIn | Twitter