CISOCast: Password Managers (4:29) https://web.uvic.ca/~navbassi/podcasts/CISOCast-18Apr2022.mp3 [Accessible version including closed captioning and playback controls.] Our officially-supported password manager: KeePass and its newer open-source sibling KeePassXC.  KeePass is a cross-platform local password manager that stores passwords in an encrypted password file on your computer or a file server.  The main limitation is that you can only access your passwords from that computer or a computer that can access that file server.  It works well for employees managing passwor ..read more

https://web.uvic.ca/~navbassi/podcasts/CISOCast16-CISOChat-17Feb2022.mp4 [Accessible version including closed captioning and playback controls.] The University of Victoria is a public body under British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA), and FIPPA has implications for activities at the university.  The most widely referenced section specific to information systems and security is section 30, specifically 30.1 which speaks to Canadian data residency.  Recently, the provincial government has passed changes to FIPPA. Brad Weldon is the Chi ..read more

CISOCast: Information Security Careers (4:29) https://web.uvic.ca/~navbassi/podcasts/CISOCast17-23Jan2022.mp3 [Accessible version including closed captioning and playback controls.] Career opportunities with University Systems, including those in our Information Security Office, can be found on UVic Careers. This post is also this blog’s 2-year anniversary!  The first post was January 26, 2020. Thoughts? Join the conversation by posting a comment below ..read more

CISOVlog: Log4J Vulnerability (8:02) https://web.uvic.ca/~navbassi/vlogs/CISOVlog10-16Jan2022.mp4 [Accessible version including closed captioning and playback controls.] Last year began with the major SolarWinds Cyberattack and ended with a major software vulnerability that kept IT personnel in organizations very busy. The Apache Software Foundation’s Log4J had a critical security vulnerability that would allow remote attackers to take control of a vulnerable server. This logging package is widely used by many (if not most) software packages and it presented attackers with the means to take co ..read more

https://web.uvic.ca/~navbassi/podcasts/CISOCast15-CISOChat-Nov2021.mp4   The University of Victoria is a public body under British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA), and FIPPA has implications for activities at the university.  The most widely referenced section specific to information systems and security is section 30, specifically 30.1 which speaks to Canadian data residency.  Recently, the provincial government has proposed changes to FIPPA. Brad Weldon is the Chief Privacy Officer and Legal Counsel at the University of Victoria, and lea ..read more

QR codes have been around for a while.  I used to have one on my CV that used to direct people to my website.  I don’t think anyone ever used it and eventually I removed it because I wasn’t sure if people would even know how to read it.  Today, QR code scanners are actually included with most mobile operating systems (e.g. Scan a QR code with your iPhone, iPad, or iPod touch). During the pandemic, I began encountering more QR codes. Restaurants began using them in lieu of paper menus and scanning the code would take you to an online version of the current menu, which was nice.&n ..read more

https://web.uvic.ca/~navbassi/podcasts/CISOCast14-CISOChat-Oct2021.mp4   Collaboration is critical in responding to cybersecurity threats and managing risks.  Higher education has a strong culture of collaboration and this serves us well when it comes to the challenges of cybersecurity. Knowledge is power, particularly when it comes to preventing and managing cyber security risks. The Canadian Shared Security Operations Centre (CanSSOC) was created on the principle that we cannot tackle cyber security problems alone.   The Canadian higher education sector must come together to ..read more

CISOVlog: UVic MFA Is Here (6:06) https://web.uvic.ca/~navbassi/vlogs/CISOVlog9-18Oct2021.mp4   A strong passphrase + UVic MFA is the best thing you can do to protect your account. To protect your account by enrolling in UVic MFA: Install the Duo Mobile app on your device Duo Mobile for iOS (iPhone/iPad) Duo Mobile for Android (Note that the above apps include a Security Checkup feature you may wish to run to ensure your devices are as secure as possible.) Visit https://uvic.ca/mfa to enroll If you are enrolled in UVic MFA and you get a prompt to authorise a login that you don’t reco ..read more

CISOCast: Cyber Security Awareness Month 2021 (4:29) https://web.uvic.ca/~navbassi/podcasts/CISOCast13-02Oct2021.mp3   UVic CyberAware Campaign Visit https://uvic.ca/uviccyberaware to learn about about our campaign!  Encourage students to take the training and quiz, and enter the contest. National Cyber Security Awareness Month (CSAM) Visit https://www.getcybersafe.gc.ca/en to get tips from the Government of Canada. Phishing Awareness Training Visit https://www.uvic.ca/systems/support/informationsecurity/phishing/ to sign up for our online Phishing Awareness Training. PhishBowl ..read more

CISOVlog: Obsolete Software (7:15) https://web.uvic.ca/~navbassi/vlogs/CISOVlog8-19Sep2021.mp4   UVic Information Security Standards require the timely installation of security updates. If software cannot receive security updates due to lack of vendor support, then it is not compliant with our security standards. Note that we do not need to wait for obsolete software to be compromised before taking action; our Information Security Policy (IM7800) includes associated Procedures for Addressing Security Vulnerabilities of University Electronic Information Resources and Information Systems&nb ..read more