- GNU Bourne-Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278)
- Backoff Point-of-Sale Malware
- GameOver Zeus P2P Malware
- OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)
- Review your credit reports routinely
- Don't buy anything from a spammer
- Use common sense when reviewing your email
- Five Security Tips
The Information Security Office
The Information Security Office (ISO) is responsible for the privacy and security of the Institute’s information resources.
The goals of the ISO are:
- Provide useful resources and information security training materials to aid the Wentworth community in improving data and computer security practices.
- Develop and implement information security initiatives based on risks to make the best use of the resources available
- Provide the Wentworth community with effective leadership in information security and privacy, as well as regulatory and industry standards compliance.
To achieve these goals, the ISO develops an information security strategy that is based on four principles. These principles form the four service domains offered by the ISO.
Information Security Risk Management
Basing an information security strategy on risks ensures that the strategy is focused on the actual threats and vulnerabilities that are most prevalent and significant to the Institute. This approach allows for a program that makes the most efficient and effective use of resources.
Incident & Contingency Planning
Although most attempts are made to identify and address all potential risks, the ever-changing threat landscape will guarantee the potential for a new weakness, unidentified risk, or an uncontrollable event, such as a natural disaster, may circumvent the Institute’s countermeasures. Therefore, it is vital that the Institute be prepared for handling and responding to incidents of varying severity.
Information Security Governance
The ISO will work with representatives throughout the Institute to formulate the strategy that will influence and audit the information security policies and procedures that will form the foundation and guiding principles for the controls and countermeasures chosen to address the information security risks that threaten the security and privacy of the Institute’s data and information systems.
Information Security Education & Training
All the planning, policies, governance and technical tools available to the mitigate risks cannot provide a completely successful information security strategy without the proper training and awareness. Keeping up-to-date with the materials that will be continually developed, distributed, and updated, will enable all members of the Wentworth community to be a vital participant in ensuring the effectiveness of the information security plan.
Visit the ISO initiatives page for active and planned projects.
Report an Incident
Follow us on Twitter.
@InfoSec_WIT – InfoSec at Wentworth
@DTSatWIT – DTS at Wentworth