I have question and answer for this question below , try to improve this answer and Feel free to agree or disagree with it (in few paragaraph)

Be detailed in your postings. Please ensure that your postings are civil and constructive.

QUESTION: Nearly a decade has passed since the National Academy of Engineers declared Cyber Security a "grand challenge for the next century." Every day there is news on ways in which cyber security challenges and responses are complicating every aspect of our lives. Can the challenge be solved?

As a first step to solving any problem, one must understand its nature. So, it is important for all cyber security analysts to keep on top of news stories in the field. In this discussion forum we will do just that with the hope that everyone will make it a daily habit throughout their career.

Today, some cyber news has been flooded out of the headlines by Hurricane Harvey, but as noted in this article, cyber concerns are front and center as students return to school.

https://www.cnet.com/news/cybersecurity-101-how-universities-are-dealing-with-hackers/

What do you think about the recommendations from Carnegie Mellon (link above)?

ANSWER:

Reading through the article it made me reflect on some similar issues I have faced in the past. For many years I headed up the IT operations and infrastructure for a global financial firm. Security was always a major issue that literally keep me up at night. I can appreciate the circumstances of a college environment where your dealing with numerous unknown personal devices. We had similar issues in our firm initially but we developed policies that required everyone to submit their device to the IT department for scanning and certification if they wanted to connect to our main network. We managed the personal device as a corporate device because we had more control of the environment.

We did create separate networks for devices that were not certified but they were limited in their connectivity. We also implemented multiple levels of firewalls, intrusion detection/prevention devices and virus/spam filtering devices. I like the idea of a tech literacy course. We implemented something similar and I found that we had to periodically provide refreshers so people would keep their guard up. I like Carnegie Mellons practice of being proactive by running the monthly phishing campaign. It is important for everyone to understand the basic issues and the impacts.

One the disappointing things from the article was that the major app stores like Google Play are not as effective as we would like in protecting us from harmful apps. The things to watch for mentioned in the article such as poorly written reviews and public domain emails for contacts seem like good warning signs.