Division of Information Technology
University of South Carolina
Monthly
News, updates, and tips from the SecureCarolina team - August 2015
Patching: An Ongoing Challenge
The annual Data Breach Investigations Report (DBIR)
by Verizon is an industry standard in security research and
metric analysis. Its data is often used to support strategic
decision making in information security. Despite the
importance of patching, the 2014 edition suggests we may be
losing the battle to update software.
According to Verizon’s 2008 report, 71 percent of
exploited vulnerabilities had a patch available for a year or
more. The most recent edition of the report (2014) suggests
the problem has worsened, insisting “99.9% of the exploited
vulnerabilities had been compromised more than a year after
the CVE was published.”
These numbers should remind us that it is important
to have a patching strategy. Rather than rushing to patch
vulnerabilities, it is important that we find ways to deploy
patches regularly and strategically to reverse this trend.
Now is a great time to develop a plan to deploy patches in
your area. The SecureCarolina team is here to help any way
we can!
CISO’s Corner
In this month’s newsletter, you’ll notice
an emphasis on password security. Safe
password practices are a simple way to
improve information security for users and the university. Stronger passwords
have a direct and immediate impact on information security.
It is time to learn how to create and manage stronger
passwords. We’ll share a few techniques, and maybe make
you aware of some resources to simplify the process!
- James D. Perry
http://security.sc.edu
The University of South Carolina is an equal opportunity institution.
STH: Module of the Month
Your password is often the first—and
sometimes only—line of defense
in protecting data from hackers.
Unfortunately, most people do not
manage passwords well. It is not enough to build a good
password; one must understand how to protect it. Our
team recommends that everyone review the “Passwords”
module on Securing the Human. Log in with your USCColumbia Network Username and password at https://usc.
securingthehuman.org. If you experience any problems,
contact the UTS Service Desk at (803) 777-1800.
Passwords: Time for a Change
Passwords, as we know them today, made their debut in
1980. The ways we collect, store, compute, and share data
has changed a lot since then! Password practices have changed
some as well, but not necessarily for the better. In 1980, most
passwords were a string of randomly-generated characters.
The passwords were difficult to memorize but provided great
security. Today’s passwords are often easy to remember,
providing little security.
Passwords alone offer little protection from modern
threats. The University Information Security Office has
partnered with Professional Development to offer a “Password
Bootcamp” workshop on October 13th. One major point
of discussion will be how users can make the transition to
“passphrases”. Passphrases can offer the best of both worlds, by
being easy to recall and difficult to guess. We will also discuss
using password management solutions, like Lastpass, and how
incorporating DUO multifactor into your authentication
routine adds a significant level of protection to your accounts.
Click to enroll in “Password Bootcamp” on October 13th.