Dr. Veysel Erdag, Chief Information Security Officer at UA Little Rock, was the featured lecturer at the Engineering and Information Technology (EIT) Colloquium in February.
The well attended event included an attentive audience of EIT students and faculty who were treated to a comprehensive overview of the importance of information technology (IT) as a critical component that drives business processes. A lively question and answer discussion followed the presentation. The event was also broadcast live via a Blackboard Collaborate web conference – a recording of the colloquium is available.
As part of his lecture, Dr. Erdag described the current cyberattacks UA Little Rock is receiving and the security controls that have been implemented to reduce the risks. He used an example of the CIA Triad model as the definition of what is information security:
- CONFIDENTIALITY – Confidentially prevents unauthorized disclosure of information.
- INTEGRITY – Integrity ensures that data cannot be modified in an unauthorized manner.
- AVAILABILITY – Information should be readily available for authorized users.
Dr. Erdag noted that IT is even more embedded in business processes as well as our daily lives, resulting in IT becoming more complex than ever before.
This complexity also increases the vulnerabilities, and hence the possibility, of cyberattacks. Specifically, in higher education, institutions are increasingly finding themselves the target of such improved and elaborate attacks.
Dr. Erdag advised that using security technologies and devices is not enough to provide high levels of security. Every device used in UA Little Rock cyber infrastructure produces huge amounts of information and data analysis is the only way to detect all high-level attacks. During the session he explained how data analysis and visualization can be used to increase efficiency and effectiveness of the security systems.
Topics discussed included:
- Data Breach root causes and components
- Attacks from ransomware, scams, zombie systems, command-control, intellectual property stealing
- Vulnerabilities from protocol, design flaws, human psychology, national.international politics, configuration errors
- Security Controls consist of firewalls, endpoint security solutions, security controls on devices, policies, sandboxing systems
- Monitoring, visibility, security analytics, analyzing data
- EIT – IT Services collaboration