In a world in which we are inundated with information from an ever-expanding portfolio of sources, for many of us, the line between our offline and online lives has become indistinguishable. In these tech-powered times, our homes, societal and mental well-being, economic prosperity and organizational security are all impacted by the internet. To ensure we all have the resources we need to stay safer and more secure online, the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security has established National Cybersecurity Awareness Month (NCSAM) – which is observed every October.
Under the overarching theme of "Own IT. Secure IT. Protect IT.", the 16th annual NCSAM is focused on encouraging personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers:
- Own IT.
- Never Click and Tell: Staying safe on social media
- Update Privacy Settings
- Keep Tabs on Your Apps: Best practices for device application
- Secure IT.
- Shake Up Your Passphrase Protocol: Create strong, unique passphrases
- Double Your Login Protection: Turn on multi-factor authentication
- Shop Safe Online
- Play Hard to Get with Strangers: How to spot and avoid phish
- Protect IT.
- If You Connect, You Must Protect: Updating to the latest security software, web browser and operating systems
- Stay Protected While Connected: Wi-Fi safety
- If You Collect It, Protect It: Keeping customer/consumer data and information safe
What is NEOMED Doing in Support of NCSAM?
While we have provided monthly information security and cybersecurity articles within The Pulse, we are kicking things up a gear for NCSAM by promoting a variety of stories, tips, training and initiatives throughout the month to help raise awareness of the importance of cybersecurity and information security, both here at and outside of NEOMED. The stories and tips shared throughout the month will align with the topics under the “Own IT. Secure IT. Protect IT” theme.
We are also supplementing this month of awareness by rolling out updates to two required University trainings: PCI DSS Training and IT Security Training. The IT Security Training this year will be broken into smaller components, with each one covering a specific topic. Please stay tuned for more information regarding these trainings coming this month!
Additionally, in conjunction with our ongoing Records Management efforts, we are capping off NCSAM with a University-wide “Clean Sweep” day, which will take place on Wednesday, October 30th. Stay tuned for more details on “Clean Sweep”, but, this effort will enable and encourage faculty and staff to utilize the NEOMED Records Retention Schedule and review and appropriately dispose of records. Appropriate information/record disposal is a key component to any information security program, and we are extremely excited to be able to sponsor this effort as a part of NCSAM.
To kick off NCSAM, below is the first tip of the month: an answer to “Is ‘cybersecurity’ and ‘information security’ the same?”
TIP #1: Is Cybersecurity and Information Security the Same?
As the first tip for National Cybersecurity Awareness Month, we need to have a better understanding of what cybersecurity and information security is, how they are related and how they are different. First, the definitions!
- Cybersecurity: The prevention of damage to, unauthorized use of, exploitation of, and—if needed—the restoration of electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity and availability of these systems.
- Source: NISTIR 8074 Vol. 2 under Cybersecurity
- Information Security: The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide confidentiality, integrity, and availability.
- Source: NIST SP 800-171 Rev. 1 (44 U.S.C., Sec. 3542)
Many utilize the terms “cybersecurity” and “information security” interchangeably, and based on the definitions above, they certainly appear one in the same since they both involve security systems and information and ensuring confidentiality, integrity and availability; however, there is a difference between two. Cybersecurity focuses on the security of anything within the electronic realm, while information security is focused on the broader security of information and information systems, regardless of the realm. So, you can think of Cybersecurity as a subset of Information Security (pictured below).
Here at NEOMED, we take great pride in our information security efforts, which includes cybersecurity, and as the University’s Information Security program continues to evolve, focuses will continued to be placed on how NEOMED can strengthen its cybersecurity controls.
Additional Resources
In addition to the resources being provided throughout the month of October, below are some additional resources you can utilize to help strengthen your awareness of the University’s information security and cybersecurity efforts, as well as where best to direct your questions:
- Previous Information Security Awareness Pulse Articles
- Information Security-related University Policies
- Information Security
- Information Security Program
- Classification of University Data and Systems
- Acceptable Use of Computing Resources
- Data Security Incident Response Plan
- Questions
- Information Technology – For questions related to the University’s information security and cybersecurity programs and policies, contact help@neomed.edu.
- Compliance – Questions related to IT-related regulatory compliance matters, contact compliance@neomed.edu.
Stay tuned for more tips, articles and other resources that will be made available throughout the month of October, including awareness training!
-Submitted by Jonathan Wagner