Email Updates RSS
Search

Applied IT Security Concerns for Instructional Designers

By IGI Global on Aug 5, 2011
IGI Global would like to thank Shalin Hai-Jew for contributing this article regarding the security concerns that instructors, and the rest of the public, face when traveling or handling sensitive material. Dr. Hai-Jew's newest publication, Constructing Self-Discovery Learning Spaces Online: Scaffolding and Decision Making Technologies, will become available this winter. An excellent resource for any library, her edited research volume, Virtual Immersive and 3D Learning Spaces: Emerging Technologies and Trends, is currently available in the IGI Global Bookstore.

Security is one of those issues that affect all of us who work in information technology (IT). It affects us as much as or more than those who go online for learning, socializing, banking, and the many other things which are the electronic stuff of life. While most instructional designers do not handle deeply sensitive information, we do handle materials that have implications for the faculty and subject matter experts.

Some faculty can be highly over-protective of their teaching resources, whether that data is original or not, but it probably helps to realize that the institution of higher education's resources do cost the society a fair amount of investment and time. Also, a lot of the current raft of digital rights management protections have publicly available ways to break them, such as freeware software that enables one to break through protected DVDs.

They are designed for particular teaching, learning, and research purposes. Some of it may be open-sourced for a mainstream audience, but a lot of it should be used in a particular higher education context.

What is sensitive information that we might handle? Once, I worked with a principal investigator (PI) who had tens of thousands of images from his professional work in a memory device that he gave to me to use for the development of a learning resource. When I was done with the information, I did a full Eraser wipe of all his files at his request. (That's not to say that the collection wasn't already captured on server backup tapes.) The images were sensitive in part because of his huge investment in the work. Further, the images were tagged with metadata that would have had implications for various businesses. Another example of sensitive information would be any student data because students are protected under the Family Education Rights and Privacy Act (FERPA).

On a lighter note, there may be data like unique executable plans or curricular modules that were expensive to build that should not be appropriated by others and possibly misused. (So often, our budgets do not reflect the full human costs of creating contents, and given the high costs of technologies and people time and expertise, costs can add up very quickly.)

Unless various digital learning objects are water-marked, it would be hard to know if others have swiped it and are hosting it on their servers. That information may help one know that a compromise has occurred. In the open-source atmosphere of the world wide webs and Internet, many find it very easy to download resources and to appropriate them for their own uses—even if the works are protected by copyright.

Human Intimacy with Technologies

David Rice in "Geekonomics" talks about an asymmetry of intimacy that people have with the software that runs so many aspects of their lives. He suggests that intimacy takes time to evolve and build, and it requires two-way understandings of the other. There is an asymmetrical relationship in terms of human intimacy with technology, with the human element limited and the technological one almost intrusive.

He writes:
"Intimacy requires a certain amount of transparency and reflection and the time to employ both. Intimacy requires a period for evaluation, consideration, and an accounting of those who wish to be intimate. If anything, we are not intimate with our software though software's involvement in our private and sensitive information increases and deepens daily. We are not intimate with the very thing that is most intimate with our identities and existence in cyberspace. We cannot touch software, we cannot evaluate it, we cannot even seem to control it. Yet it touches us, evaluates us in a myriad of different algorithms, and determines what we can and cannot do from the simplest mouse movement to trying to print a document. The angst and unease created by this asymmetry of intimacy becomes more and more apparent, yet we feel inexorably pulled forward by the momentum and speed of technology adoption" (2008, pp. 136 – 137).

Without even understanding all the dependencies and weaknesses in software, suffice it to say that there are plenty of vulnerabilities that may be exploited. Code itself is apparently so complex that it's easy to put in some coding without considering various exploits that might come from that or from multiple functionalities that may be combined in different ways for unintended and malicious effects. So what does it mean for an instructional designer to practice due diligence?

Due Diligence

One part of security involves where information is placed. Something put on a thumb drive, a smart phone, an external hard drive—or even a laptop—is much more mobile and difficult to secure. (Such technologies are often the target of thieves. Some security folks suggest that only semi-disposable mobile devices—scrubbed of sensitive data—should be brought on overseas travels. For further safety, some suggest using laptop locking cables and a high attentiveness to the locales of the various devices at all times. Anything out of the owner's sight may be compromised. Further, many travel experts suggest having paper copies of travel destination addresses, flight numbers, and so on).

People will leave such devices plugged into machines or abandoned somewhere, and the work is often gone. IT folks often suggest placing sensitive information on servers, which tend to be much more protected. This may be accessible in the university's closed "cloud" through virtual private network (VPN) log-in from anywhere in the world. In this case, the server option is a fairly robust one—even for those who have to travel extensively as a part of their work.

Sometimes, sensitive information has to be stored on a portable device given the limitations of computing in different environments. It then helps to have a secure log-in for all devices and robust malware protection that is constantly updated.

Regular maintenance of a computer is also important. Before downloading software, it's important to make sure that it is being downloaded from a trusted company with a strong reputation. Freeware should be downloaded only after it has been checked for malware, so if a third-party site is used, C/NET ( www.download.com) is usually a preferred company. Then, software should also be kept up-to-date, so that any exploits that have been discovered may be patched. This is especially true for anti-virus and anti-malware software. A very common challenge for faculty members is that they do not update their systems, which then leaves them vulnerable to hacks.

It also is at least an emotional salve to stay read-up on cyber threats, even though true security really depends on the front-line experts to update malware profiles and to prevent machine infections. Still, there is information that may be helpful—such as the idea of not picking up any old "found" or "gift" thumb drive and putting it into a laptop or desktop machine. Knowledge can head-off some unintentionally poor IT decisions.

Many who habitually handle sensitive information will use encrypted files on their machines. (One freeware version is called TrueCrypt.) They will have tracking devices on their machines. They will use remote wipes or erasures of their hard drives from a distance if any machine goes missing.

While Traveling

When people travel with their technologies, there are multiplicative security challenges. For example, wireless sites may be set up in insecure ways in public places, particularly peer-to-peer wireless networks. These wireless fidelity (Wi-Fi) networks may leave all traffic open to monitoring and interception.

Various public web cafes may have untrustworthy computers with security that is not updated and potentially ridden with malware including key loggers and Trojan Horses (including those that open backdoors to allow others to access one's machine). Public web accessible kiosks are also considered dangerous because many who run these will not patch their machines, leaving them open to security compromise. Apparently, shoulder surfers (people who read over one's shoulder) in various public areas may compromise security regimes. Good practices such as cleaning Web browser caches, fully exiting Web browsers, and rebooting publicly available computers would be advisable.

Those who go to ATMs in untrusted places may be victimized by thieves or unobtrusive devices that fit over the card reader at the various banks known as card skimmers. Depending on the travel destinations, there are various strategies regarding the handling of cash and the accessing of electronic funds. For U.S.-based readers, the U.S. State Department offers helpful advice tailored to various locales. The country-specific drop-down menu helps to tailor the information to a specific locale. There are some basic, wise precautions to take while traveling.

Social networking sites may have unique ways of becoming compromised, such as the takeover of some social networking accounts due to the interception of account information.

The more sophisticated travelers use their own devices to launch wireless connectivity to the Internet or to launch browsers. They will have their own anti-virus software programs. They'll have an email client which launches from their own devices. They'll have a virtual private network (VPN) connection. They'll have their own high-secure erase programs. They are wise in what information they access while abroad. They use one-time credit cards. They change passwords on their accounts on their return stateside. They may bring encrypted drives on their travels.

It is said that those who would compromise security go for the low-hanging fruit—the easy stuff, but no matter how unsophisticated the compromise, any loss of critical information will be a headache to mop up, and by then, reputations may have been compromised as well.

Single or multiple compromises may result in the theft of data which negatively affects one's life and potentially others' lives. The point is not to be the weak point in the various security arrays that comprise an imperfect security. It is said that security has to be balanced with usability, and safe practices really may seem onerous (and incomplete) if seen in totality, but once they become a part of common work practice, they really are not so hard to use.

This brings up the question of how much to tell our faculty clients about security, given that they may not have much background in safe practices. It seems like a good idea to encourage updating patching. It also seems advisable to support safe travel. However, that would be an issue of their particular circumstances at a particular time.
Dr. Shalin Hai-Jew works as an instructional designer at Kansas State University (K-State); she teaches for WashingtonOnline (WAOL).

An excellent addition to any university library, the International Journal of Cyber Ethics in Education(IJCEE) provides state-of-the-art research on the impact and general principles of ethical computer use in academics, while also emphasizing the cyberphilosophical aspect of human-computer interaction. As a quarterly journal, IJCEE publishes empirical research, theoretical studies, case studies, and book reviews that focus on the integrity of computer use in education. Also, readers interested in reading more about privacy protection might want check out several of IGI Global's recent and forthcoming releases highlighting information security and privacy:

Browse for more posts in:
EducationSecurity and ForensicsInstructional Design

No comments Comments

Log in or sign up to comment.
Be the first to comment!

More from IGI Global

Apr 18, 2024 Uniting Nations with Multinational Electronic Health Records to Stop Lassa Fever's Pandemic Threat!
The World Health Organization (WHO) has reported a surge in Lassa fever cases in Nigeria, emphasizing the urgent need for containment measures.
IGI GlobalRead More
Medical, Healthcare, and Life SciencesHealthcare Information SystemsBooks & E-BooksResearch Trends
Apr 16, 2024 IGI Global Announces the 2024 Journal Reviewers Award Winners
IGI Global congratulates the winners of this year's Journal Reviewer Award
IGI GlobalRead More
JournalsAwards & RecognitionOpen Access
Apr 15, 2024 What Defines Authorship and Who Should Be Included in a Manuscript’s Byline?
For decades, academic publishing has been plagued with discrepancies surrounding authorship of scholarly research...
IGI GlobalRead More
Books & E-BooksAcquisitions
Apr 15, 2024 Doody’s Selects IGI Global Books for Special Topics List
Two IGI Global publications have been recognized by Doody's for their excellence and niche topic focus.
IGI GlobalRead More
Medical, Healthcare, and Life SciencesMedia and CommunicationsBooks & E-BooksAwards & Recognition
Apr 11, 2024 Technology is Making Disparities Worse
Digital Inclusion Week underscored the urgent need for a national digital equity plan in the US due to disparities in internet access and digital skills.
IGI GlobalRead More
Apr 8, 2024 Nearly 90% of IGI Global’s Frontlist Books Now Indexed in Scopus
The majority of IGI Global's books Frontlist is now indexed by Scopus. Learn what this prestigious recognition means for the publisher and the experts behind these books.
IGI GlobalRead More
Books & E-BooksAwards & RecognitionReviews & Indexing
Apr 4, 2024 Navigating Neglected Maintenance and Safety Risks of Flight Travel
A United Airlines Flight 837 bound for Tokyo from San Francisco could not take off due to a mechanical issue.
IGI GlobalRead More
Business and ManagementComputer Science and Information TechnologyScience & EngineeringHospitality, Travel & Tourism ManagementAerospace EngineeringBooks & E-BooksResearch Trends
Apr 3, 2024 Introducing the New IGI Book Topic Brochures
IGI Global is excited to introduce a new initiative to provide detailed insights into various fascinating subjects. Our brochures offer a comprehensive overview of timely publications covering the latest research topics...
IGI GlobalRead More
EducationBusiness and ManagementComputer Science and Information TechnologySocial Sciences and HumanitiesBooks & E-Books
Apr 3, 2024 Interview with a Global Guru in Education
Hear from Dr. Velliaris, who was voted as a Top 30 Global Guru in Education.
EducationBooks & E-BooksInterviewAuthor News
Mar 29, 2024 Cocoa Prices Skyrocket
Cocoa prices surging to $10,000 per metric ton challenge chocolate manufacturers and consumers, risking supply chain stability and higher retail prices...
IGI GlobalRead More
Business and ManagementEnvironmental, Agricultural, and Physical SciencesSustainable DevelopmentBooks & E-BooksResearch Trends
First Previous 1 2 3 4 5 6 7 8 9 10  ... Next Last