UNIVERSITY

CYBER-SECURITY
Beginning the new age challenge

Ariana Negron
Joseph Jackson
Kyle Hobkirk
Yoo Jin Shin
 Table of Contents

Page Number

2 Executive Summary

3 Introduction & Cyber Security Basics

⟶ Harm & Protection

4 UNF Cyber Security

⟶ The Next Generation Firewall
⟶ Benefits of the NGFW

5,6 Non-technical issues in Cyber Security

→Responsibility From the Top
→Student Attitudes and Tendencies

6,7 Knowledge as a Real Solution & Conclusion

8 References

1
Executive Summary
This paper examines the new age importance of cyber-security and cyber-safety in Universities,
using the case of the University of North Florida. The complexity of networking on a college
campus makes the huge issue of cyber security that much more complicated.

Palo Alto Networks -- the software company offering the Next Generation Firewall (NGFW) --
is currently the official firewall company in association with the University of North Florida as
of May 2017. The Next Generation Firewall is examined, coming to the conclusion that the
update in firewall services by UNF absolutely has the capability to protect the network, yet
issues regarding the actual people using this network being where the main problem lies.

Two main issues were identified as risks for data breaches for colleges and universities:
● hiring and retaining cyber security specialists and qualified staff, updating the knowledge
and skills of existing technology staff
● the risky behavior and lack of knowledge of cyber security of the millennial generation in
particular

Palo Alto Networks, seeking partnership with UNF, aims to improve university culture and life,
specifically the online and cyber presence and culture as it is an important, emerging global issue
that will be present for the rest of the lives of students.

Possible solutions involve the spread knowledge of cyber security and safety to all digitally
connected peoples, students and IT staff specifically, by employing a single person that has the
knowledge, capability, organizing skills and experience to begin an unheard of practice, the
integration of a higher education institution and a technology company for the means of
protecting the UNF network.

Palo Alto Networks is offering an employee of this nature that could improve the culture
surrounding cyber security and reduce the risk of data breaches. This position will be offered
until the following year.

2
Introduction

This white paper will focus on the complex issue of cyber security and its non-technical
components such as college students’ self protection against the threat of hacking or data
breaches. While firewalls and technical solutions are important, the focus on college students
begs a change in culture and outlook, starting with the current environment and general
knowledge of cyber security and what the issues are.

Cyber Security Basics

As the digital age rises and flourishes, the downside and threat of cyber security is increasingly
important. Modern media has certainly not forgotten about this topic, students often hear about
things like data breaches, Ransomware attacks or state-of-the-art hacking events that target big
corporations and small businesses alike. What about these events have we learned?

VIRUS a program that loads itself onto your
computer and executes instructions that can
damage your files and even delete them. Viruses
can use up your computer's memory, can prevent
it from booting, and will spread to other
computers.
ANTIVIRUS software prevents the virus with
series of protection systems. While there are
many different anti-virus programs, the main
purpose of this software is to search for and
destroy the virus.

RANSOMWARE malware that locks your FIREWALL a network security system

computer or prevents you from accessing
personal data using private key encryption until
you pay a ransom, usually spread through file
attachments. (Richardson, Ronny & North,
Max. (2017) Ransomware: Evolution,
Mitigation and Prevention)
designed to prevent unauthorized access to or
from a private network. It is worked as both
software and hardware. (Sharma, Richa &
Parekh, Chandresh. Firewalls: A Study and
Its Classification)

Harm & Protection

While antiviruses and firewalls protect computer devices and information, viruses and
ransomware are both serious threats. Protection through firewalls is important in institutions like
colleges and businesses and is the norm. The UNF network uses Next Generation Firewall since
May 2017.

3
UNF Cyber Security Status

The following descriptions show that the newly implemented UNF firewall seemed to be
effective. Lack of evidence supporting any data breaches at the university also support this idea.

The Next Generation Firewall

● enables small- to medium sized organizations, branch offices, school campuses and
government agencies to have multi-layered protection from sophisticated attacks
● brings increased security to the campus community and greater flexibility to meet the
university's business and educational needs
● control over applications while also ensuring optimal network performance and total of
cost of ownership.
● provides a host of enhancements typically reserved for large enterprises and 10 GbE
connectivity to this industry segment for the first time.
(Networks Update (2013) Dell Deploys Ngfw Network Security Appliance)

Visual Representation of a the Next Generation Firewall at a University

Benefits of the NGFW

The basic definition of an NGFW requires stageful inspection, application awareness and
control, integrated threat prevention, and the ability to account for additional contextual
information, such as user and device identity. Value-add features refer to any significant security
functionality offered beyond these foundational capabilities. (Luk, Kevin (2011) Choosing Your
Next-Generation Firewall).

4
The NGFW and current cyber security status of UNF displays to us that while prevention of
cyber attacks is technical in nature, the actions of people are important as well when considering
solutions, given that the UNF firewall has observably been effective.

Non-technical issues in Cyber Security

Network Complexity of Universities

For higher education institutions such as UNF, cyber security is more complex than for industry
and business because of academic values and the collaborative nature of research and education
environments, colleges must provide open academic environments for learning and
accommodate a wide array of electronic devices that students, faculty staff and visitors use on
campus and access remotely via college networks. The decentralized and distributed nature of
larger institutions creates greater risks that data will be exposed if they are not professionally
protected or centrally maintained. (Patton, Madeline (2015) Battling Data Breaches: For Higher
Education Institutions, Data Breach Prevention is More Complex than for Industry and
Business)

Responsibility From the Top

While you might assume the number one problem in IT would be cyber security, the top IT Issue
identified by EDUCAUSE in 2015 is “hiring and retaining qualified staff, and updating the
knowledge and skills of existing technology staff.” (Patton, Madeline (2015) Battling Data
Breaches: For Higher Education Institutions, Data Breach Prevention is More Complex than for
Industry and Business) In many cases, gaining the necessary expertise to deal with the
complexity of higher education networks may be a matter of investing in current employees.

A strategy recently used by colleges includes forming a Security Work Action Team (SWAT) of
cross-campus leaders, benefitting the institution by the threat-information sharing it facilitates
and the variety of professional development it offers. An organized and collaborative
information sharing team of accredited IT employees encourage greater knowledge and spread of
accurate information that can encourage safe work practices and prevent data breaches on a large
scale.

While the number of data breaches in higher education seems quite high, according to
EDUCAUSE data reports, the number of records exposed has been quite low when compared to
other industry sectors like the government, financial and insurance services, and retail and
merchant services.

5
Student attitudes and tendencies

While investing in employees can be helpful, a crucial part of protection against cyber attacks
has the capacity to be totally dependant on the individual. This is most evident with the
millennial generation, who present security threats to themselves and to the online community at
large through their unsafe online practices.

In a national survey, millennials aged 18–29 living in the USA had higher rates of deleting
cookies manually or through browser settings, but still only half used automated browser cookie
controls. (Mensch, Scott (2011) Information Security Activities of College Students: an
Exploratory Study) Millennials were more vigilant than older adults in avoiding hacker threats
but also much more likely to engage in practices that enable hacker attacks, such as posting
photos or dates of birth.

Personal data from social networks can also be mined for purposes of conducting phishing
attacks. It is thus important to inform students about phishing attacks and practices to avoid.

In a study evaluating attitudes towards cyber security, attitude scores of information technology
majors were 16+ points higher than healthcare majors, the lowest scoring group by major.
(Mensch, Scott (2011) Information Security Activities of College Students: an Exploratory Study)
Students in technology-related majors also had the lowest phishing success rates in this study:
0% control; 36% social network. This can show us that those who have knowledge about IT
often practice safer online conduct. Additionally, there is proof of different attitudes by gender;
on average, male security attitude scores were 4+ points higher than female scores.

Knowledge as a Real Solution

What makes college students want to behave safely online? To answer this very question, a study
extends Protection Motivation Theory, which conceptualises individuals’ motivations to protect
themselves against threats and has been applied to consumer privacy and security issues.
(Boehmer, Jan. LaRose, R. etc. (2015) Determinants of online safety behaviour: towards an
intervention strategy for college students)

It was found that there is a positive relationship between the perceived likelihood of threat and
the adoption of protective security behaviors, but simply listing negative consequences of not
acting on security threats had a limited impact on the implementation of security measures, such
as password protection. It was observed that students are affected by the severity but not by
susceptibility.

6
Again, in this particular study, a positive correlation existed between users’ technical knowledge
of online phishing risks and their intention to adopt the matching responses to questions
regarding how to safely use the internet. (Boehmer, Jan. LaRose, R. etc. (2015) Determinants of
online safety behaviour: towards an intervention strategy for college students)

Thus, Internet users must be transformed into protectors of online security – a task that has been
described as the greatest challenge to information security. An effective way to do this would be
to focus on the severity of issues when spreading awareness.

It is based on the information that we suggest there be one person in charge of Cyber Security
awareness and effectiveness in every university, we are suggesting someone who…

● has proof of knowledge and credibility regarding the specific applications that protect the
network
● is required to pay attention to important news regarding cyber security
● additional credentials and experience in customer service in order to be able to encourage
the topic of cyber security to be taken seriously by students
● can work with the IT department in both the UNF spectre and those in the company
associated with the firewall

CONCLUSION

Two main problems in information security reveal solutions to the complex problem: the
knowledge of college students about safe online practices, and the importance of employee
integration, collaboration and education.

One solution can be offered that fixes both issues: the integration of UNF and Palo Alto
Networks as a force to improve cyber security on campus.

Palo Alto Networks can offer a position of this kind as an employee of Palo Alto Networks in
collaboration with the UNF IT department. This employee will have all the necessary
credentials, experience and know-how and will have a mission of protecting the UNF network
actively as an accredited technical official. As this is a new and unheard of concept for this
University and Palo Alto Networks, this position will be offered for an extended period of time
officially until the following year (February 14, 2019).

7
REFERENCES

Luk, Kevin. "Choosing Your Next-Generation Firewall." Networkworld Asia, vol. 8, no. 1,
Mar/Apr2011, pp. 38-39. EBSCOhost
login.dax.lib.unf.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN
=101434347&site=ehost-live&scope=site.

“Dell Deploys Ngfw Network Security Appliance." Networks Update, vol. 25, no. 6, June 2013,
pp. 1-2. EBSCOhost
http://eds.b.ebscohost.com/ehost/pdfviewer/pdfviewer?vid=1&sid=5b1ab6d8-332a-4799-a9f6-
b488448a3761%40sessionmgr120

Richardson, Ronny & North, Max. (2017) “Ransomware: Evolution, Mitigation and Prevention.”
International Management Review, vol. 13, no. 1, pp. 10–21.

Sharma, Richa & Parekh, Chandresh. “Firewalls: A Study and Its Classification.” International
Journal of Advanced Research in Computer Science, vol. 8, no. 5, pp. 1979–1983.

“Battling Data Breaches: For Higher Education Institutions, Data Breach Prevention is More
Complex than for Industry and Business” Community College Journal, v86 n1 p20-24 Aug-Sep
2015. 5 pp. EBSCOhost
http://content.ebscohost.com/ContentServer.asp?T=P&P=AN&K=109021166&S=R&D=eue&E
bscoContent=dGJyMNLr40Sep7E4xNvgOLCmr1Cep7RSr664TbCWxWXS&ContentCustomer
=dGJyMPGssFCvqLBIuePfgeyx84bk4ud6

“Determinants of online safety behaviour: towards an intervention strategy for college students.”
Behaviour & Information Technology. Oct2015, Vol. 34 Issue 10, p1022-1035. 14p. 4 Charts, 1
Graph. EBSCOhost
http://content.ebscohost.com/ContentServer.asp?T=P&P=AN&K=108755536&S=R&D=bth&E
bscoContent=dGJyMNLr40Sep7E4xNvgOLCmr1Cep7RSsqy4SbWWxWXS&ContentCustomer
=dGJyMPGssFCvqLBIuePfgeyx84bk4ud6

“Information Security Activities of College Students: An Exploratory Study.” Academy of

Information & Management Sciences Journal. 2011, Vol. 14 Issue 2, p91-116. 26p. 1 Chart, 1
Graph. EBSCOhost
http://content.ebscohost.com/ContentServer.asp?T=P&P=AN&K=64876551&S=R&D=bth&Ebs
coContent=dGJyMNLr40Sep7E4xNvgOLCmr1Cep7ZSsau4SrGWxWXS&ContentCustomer=d
GJyMPGssFCvqLBIuePfgeyx84bk4ud6