Educause Security Discussion mailing list archives
Re: Cybersecurity Students
From: "Burns, Denis" <denis.burns () MED FSU EDU>
Date: Fri, 5 Apr 2019 13:01:05 +0000
Hi Andrew, I think my take on this question is a little different than some others. Are you asking whether they should be allowed to test your infrastructure, or are they being asked to evaluate it from an academic methodology. You have had plenty of responses to the former and I agree wholeheartedly that all such activity should occur in a lab setting that is isolated from any of your live network. To the latter, I would caution against that as well. I make a strong point of not disclosing even vendor names of products that we use, much less the products or configurations to anyone outside the operations staff that work the magic. The old adage of “loose lips sink ship” fits into the cybersecurity realm like a glove. I would work up tabletop exercises that may simulate the installed infrastructure, but leave enough details out, or alter them, such that a disgruntled, or ambitious, student can’t exploit an area that you know may have some of your weaker controls. Like all of the advice that you’ve gotten, mine is worth every penny you paid. Best, -denis Denis Burns Information Security and Privacy Officer - College of Medicine - Florida State University (850) 644-3648 – denis.burns () med fsu edu<mailto:denis.burns () med fsu edu> *** Be a cyberhero! Build a safe cyberspace at Florida State. *** From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pete, Andrew Sent: Thursday, April 4, 2019 1:45 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Cybersecurity Students [Notice: This email originated outside of the College of Medicine.] ________________________________ Hi Everyone, I was brought on a little over a year ago to help improve the organization’s overall security posture and build out an information security program. Historically, we have authorized our faculty to let students evaluate the security posture of our infrastructure as part of their teaching efforts. I have started an internal discussion around ceasing these types of activities by faculty and students for security reasons. I was curious what other institutions are doing in regards to this area? Thanks, Andrew Pete Information Security Architect New England Institute of Technology One New England Tech Boulevard East Greenwich, RI 02818-1205 401-780-4460 (Direct) apete () neit edu<mailto:apete () neit edu> [NEIT_Full_Stack_H_White_BG_PNG1]
Current thread:
- Cybersecurity Students Pete, Andrew (Apr 04)
- Re: Cybersecurity Students Greg Williams (Apr 04)
- Re: Cybersecurity Students Zachary Yamada (Apr 04)
- Re: Cybersecurity Students Frank Barton (Apr 04)
- Re: Cybersecurity Students Zachary Yamada (Apr 04)
- Re: Cybersecurity Students Burns, Denis (Apr 05)
- Re: Cybersecurity Students Nicholas Garigliano (Apr 05)
- Re: Cybersecurity Students Pete, Andrew (Apr 05)
- Re: Cybersecurity Students Brian Basgen (Apr 05)
- Re: Cybersecurity Students Bob Mahoney (Apr 05)
- Re: Cybersecurity Students Pete, Andrew (Apr 05)
- Re: Cybersecurity Students Giacobe, Nick (Apr 05)
- Re: Cybersecurity Students Greg Williams (Apr 04)
- Re: Cybersecurity Students Rob Milman (Apr 05)
- Re: Cybersecurity Students Giacobe, Nick (Apr 05)
- Re: Cybersecurity Students Michael Duff (Apr 05)
- Re: [EXTERNAL]Re: [SECURITY] Cybersecurity Students Baillio, Aaron (Apr 05)
- Re: [EXTERNAL]Re: [SECURITY] Cybersecurity Students Michael Duff (Apr 05)
- Re: Cybersecurity Students Giacobe, Nick (Apr 05)