Abstracts
Concurrent Sessions I
People, not Products!
Presenter: Josh Karp, Managing Partner, The CISO Group
New security products are always the latest buzz at trade shows, in magazine reviews and Internet message boards. How fast is the latest IPS? How many signatures does the new AV or Vulnerability Management product have? How granular can this DLP product go? That’s all great and well, but what about the existing products in your network? Do you have stale firewall rules? Do you have out of date AV signatures? Is everyone patched up to current levels? Is anyone really going through your IDS logs? Most organizations cannot answer yes to all of the above, yet they continue to feel the need to buy more products.
People are far more valuable than products and can have a much bigger impact on overall security, not to mention a much smaller impact on your budget. Start focusing on the people and products you already have in place and watch your costs drop, your security increase, and overall ease of manageability skyrocket!
An Application Service Model for Network Security Applications
Presenter: Livio Ricciulli,
President, MetaFlows Inc.
Network security devices (NSDs) such as Anti-virus, Intrusion Detection/Prevention, spam/phishing filtering, and bandwidth anomaly detection systems have become an integral part of our networks as they provide invaluable services in maintaining data integrity and confidentiality, while protecting the availability of our computing resources. The programming and maintenance of NSDs is today a very significant obstacle to their wider adoption. The most common and significant complaints of existing NSDs users are (1) excessive amounts of false positive events (events that should not be generated) and the difficulty in analyzing security events (2) their extreme sensitivity to the timeliness of the security updates to catch emerging threats and (3) the expertise required in the installation, maintenance and operation of these systems. These obstacles limit adoption by many smaller companies that cannot afford to hire expert system administrators and network security analysts. MetaFlows seeks to capitalize on these deficiencies by providing ways to outsource this complexity. We are developing a subscription-based service that allows Enterprises to constantly refine their security policies using innovative global relevance correlation technology derived from Google's page ranking algorithms. Besides improving the objective security of our networks, these services and their future extensions will (1) promote a wider adoption of network security products in general and (2) will improve the state-of-the-art in security information sharing across Cyberspace. In this talk we will explore some of the key technological ingredients of our solution.
Virtual Tabletop Exercises
Presenter: Dr. Marjorie Windelberg, CISM, CISSP, UMUC
The presentation will discuss web-based tabletop exercises as an alternative to traditional face-to-face tabletops, based on experiences of graduate students taking a course on business continuity, disaster recovery, and emergency management. The course has used the virtual tabletop since Fall 2006. Benefits of online tabletops include these: Participants do not have to be away from their offices for an entire day and can contribute any time of day or night. All that is needed is a virtual environment for threaded discussions, posting documents, and chat features. There is no need to reserve a conference room or provide refreshments. The interpersonal dynamics also seem to be different. One student who was experienced in leading traditional tabletop exercises marveled that people seemed to cooperate more and concomitantly displayed less likelihood of dominating discussions. Other advantages of the virtual tabletop will be covered, as well as some the drawbacks. The supporting materials, along with the scenario used, will be demonstrated.
Concurrent Sessions II
Security Policy Management
Presenter: Dr. Sridhar Muppidi, Senior Security Architect, IBM Software Group
The emerging trends and increasing focus on compliance, business transformation and adoption of SOA based approach, and a flexible business model drives the need to establish a flexible approach to address the challenges. When these are taken in the context of a heterogeneous environment, and assessing risk in the context of information access, controlling access to applications, data, and infrastructure becomes critical. The goals established and driven by the business need to be implemented and enforced by the infrastructure.
Fundamental to the success of achieving these goals is a policy driven approach. Enterprises need to control access based on a number of attributes, like user attributes, resource attributes, resource context, etc. and have historically customized this into each and every individual application. This approach has a number of issues from development cost to compliance related. By externalizing fine-grained authorization policy from application logic and delivering it as a standards-based service, one can change the nature of application entitlement management. This session will discuss a policy management framework and approach and show how to simplify the process of defining, managing, and enforcing message protection, access control and entitlements.
Hyper-V Security
Presenter: Thomas Talley
With the push for virtualization, the planning of the protection of this new environment should be considered. This session will review the architecture of Hyper-V, security overview and best practices.
Teaching Network Forensics: A Laboratory View
Presenter: Dr. Jim Chen, University of Maryland University College, Professor and Director of Information Assurance.
Traces are always left behind in a network system if an attack or an intrusion occurs in it. How can we identify, acquire, authenticate, preserve, examine, and analyze the evidence in a network environment? How can we present the evidence to the court of law? How shall we teach our students to perform these investigative tasks under the guidance of relevant regulations, standards, and best practice? These are the challenges that educators of information assurance and security are facing. This paper attempts to discuss one solution that we have implemented.
In this solution, we have focused on the legal and ethical aspect as well as the technical aspect of the investigation. With the help of the industry vendors, we have selected a few network forensics tools. One of those tools that we have used is NetWitness. We have designed and developed a few lab exercises using these tools in order to provide students with some hands-on experiences. We have assessed the effectiveness of these lab exercises in enhancing student learning. In this paper, we demonstrate the process that we have gone through in designing and developing these lab exercises. We show how these lab exercises have helped us in achieving the objectives of teaching network forensics. We evaluate the assessment results. We discuss the benefits and limitations of this approach. We share the pedagogical lessons that we have learned. We then explore the possible ways of further improving the quality of the lab exercises in network forensics.
Concurrent Sessions III
The 1 Risk Most Security Folks Ignore: PAPER
Presenter:
George Bandarian II, ECMp, CDIA+, President, – AMI The Paperless Company
Come attend this session to learn more about best-practices other organizations have adopted to digitize, secure, store, access, distribute and manage paper files. More and more, IT is being called on to help users with their “paperless” and document management goals. This session will arm you with data and information to….
An Outside-In Approach to Wireless Security
Presenter: Mike Raggo, Product Manager, Motorola AirDefense
Wireless LAN’s are taking an ever-greater role at colleges and universities, as students and faculty expect seamless connectivity across the campus. Unfortunately, threats against wireless LAN systems are evolving as rapidly as the underlying wireless system technologies. Traditionally, a combination of reactive and wired network assessment tools have been used to test network security, but often times these tools leave holes when it comes to wireless network security. Network administrators need to find innovative, cost-effective techniques for the proactive and efficient detection, analysis and remediation of a wide array of wireless security threats.
Mike Raggo, Product Manager at Motorola AirDefense, will discuss an innovative, more thorough method for proactively assessing the security of wireless networks, based on a patented technology that simulates active attacks from a hacker’s point of view. This allows network administrators to better identify security holes and determine exactly what information would be compromised if an intruder were to gain access to the network.
Motorola is also in the midst of conducting several university war walks to evaluate the state of wireless security on college campuses across the country. Mike will be able to share findings from these war walks and discuss the implications for campus network administrators.
Securely Implementing Section 508: R.I.S.S.C.s and Rewards
Robert Loya, Mt. San Antonio College, Director of RISSC and adjunct Professor
Mohsen Beheshti, Cal State Domingues Hills, Rissc Partner, Professor and Chairman Computer Science Department
Jaishri Mehta, Mt. San Antonio College, PI of RISSC and Professor
John Hugunin, Long Beach City College, Professor of Business and Information Systems
Dr. Dan Manson, Cal Poly Pomona, Professor of Information Technology
Parviz Partow-Navid, Cal State Los Angeles, Professor and Chair of Information Systems
As a consortium of California Community Colleges and California State Universities; a Federal grant recipient and also simply by virtue of our working relationship with the Federal Government we are required to comply with Section 508 of the Rehabilitation Act (1973) which “...empowers individuals with disabilities to be employed and included in society and prohibits discrimination.” In 1998, the Act was amended and strengthened by adding provisions covering access to electronic and information technology. In 2009, the implications of the Act continue to evolve.
As Security educators at public institutions, where do we stand in compliance with this Act? And, what are our responsibilities to our Classrooms, Colleges, and the Community at large? We will discuss how to infuse elements of Section 508 into Security Curriculum to effectively train our students and faculty. We will present resources to allow CIS Departments to coordinate with IT, DSPS and business and industry partners to raise awareness about theses issues. We will discuss our responsibilities to the community at large to ultimately complete our mission of providing secure information to all.
Concurrent Sessions IV
Desktop Security…the Virtual Frontier
Presenter: Terry Nims, Dell
Nothing is more frustrating than investing in components and technologies that solve a problem today only to cause more headaches tomorrow. The key to enabling true IT simplicity requires a paradigm shift from managing an ever-growing number of devices toward managing the end user’s “digital identity.” The digital identity consists of each user’s data, preferences, applications, operating system, and associated IT policies that uniquely define the individual.
THE BUSINESS DESKTOP LANDSCAPE IS EVOLVING
ï Increasingly distributed and mobile workforce
ï Explosion of end-user devices blurring work and personal computing
ï Increasing security threats ñ assuring data and device security independent of location
ï Manageability and compliance challenges
Come to the Dell presentation and learn about:
Strengthened Security
• Virtual desktops delivered as encrypted pixels
Customer assuming less risk, service provider assumes more responsibility
Isolated virtual desktops prevent sensitive data from being exported to external media
Corporate security solutions can be deployed centrally
Improved Management
• More flexible infrastructure service (turn on/off)
More scalable infrastructure than an on-premise environment
Centralized systems management policies can be automated
Hosted desktops are dynamically assembled on an as needed basis
Reduction of Operating System transition issues
Server and Cloud Virtualization Security
Presenter: Edward Ray, NetSec Consultant
Few issues in the IT arena are currently treated with more interest and passion than virtualization. Virtualization refers to technologies designed to provide a layer of abstraction between computer hardware systems and the software running on them. By providing a logical rather than a physical view of computing resources, virtualization makes possible many functions, currently the most popular of which is to run multiple operating systems and/or applications on a single physical machine. Virtualization also has many additional benefits; virtualization and computing will continue to converge well into the future.
The security implications of breakthrough technologies are almost never thoroughly understood until well after they are widely implemented; virtualization is no exception. An increasing number of significant security-related risks (each associated with a variety of business risks) in connection with virtualization have been and are still being identified. These risks include ability to defeat “secure isolation,” “hyperjacking,” unauthorized data capture in virtualized networks, new types of denial of service attacks, and several others. Unmitigated virtualization-related risk can result in substantial business loss and disruption. Because the business benefits of virtualization are also so great, pitting costs versus benefits in the world of virtualization is frequently an unusually difficult task.
This presentation is designed to facilitate learning at the knowledge, comprehension, application and evaluation levels. At the knowledge and comprehension levels, attendees will in an initial 60-minute presentation learn what virtualization is, how virtualization works, major types of virtualization, its many benefits, the kinds and severity of risks that it introduces, the types of administrative and technical controls that can be used for risk mitigation, and how effective each control is. The presentation will then proceed to a moderated discussion focusing on analyzing, evaluating and applying to real-world settings issues such as whether virtualization-related risk is adequately considered during the risk analysis process, how policy, standards and procedures may have to be modified in accordance with changes that virtualized environments typically create, how to make costs versus benefits comparisons, special considerations due virtualization components in “cloud computing,” and how virtualization technology is likely to evolve over time and the probable impact upon information security.
The Cyberspace Policy Review and Education
Presenters: Jake Zhu, Professor, CSU San Bernardino and Tony Coulson, Professor, CSU San Bernardino
The Cyberspace Policy Review and Education The Cyberspace Policy Review initiated by President Bush is currently being used by President Obama to shape the need for a National Cyberspace Policy. In this presentation, the Cyberspace Policy review is examined in its relationship to Education, specifically providing for a capable workforce to meet the needs. Several important educational initiatives will be introduced and future directions will be discussed.
Concurrent Sessions V
The eDiscovery Dilemma: How Much Is Enough?
Presenter: Cynthia Vroom, Senior Counsel at the Office of the General Counsel for the University of California
Everyone knows by now that e-discovery is an obligation; but
how far must an educational institution go in order to meet that
obligation? Unfortunately, there is no "one size fits all" answer to
that question. Meeting e-discovery obligations is a series of ad hoc
decisions based on the facts and circumstances of each particular
situation. Educational institutions must act in good faith and exercise
reasonable judgment in making those decisions. At a minimum, an
institution should have an e-discovery team that includes legal counsel,
risk management, IT and (where possible) records management, who can
work together to make decisions and carry them out with maximum efficiency. Outside counsel, if retained, can assist in this process.
Server Virtualization Security…Have you Updated your Security Procedures for your Expanding Virtual Environment?
Presenter:
Tim Bock, Dell Enterprise Technologist, Security Solutions Specialist
Server virtualization is revolutionizing the data center, delivering major capacity utilization and productivity improvements. Yet even basic security practices—including securing the network in a virtual construct, inspecting and filtering traffic, and maintaining separate security domains - are often absent in the virtual environment. Please join us to further your knowledge on virtual technologies that you can use to help secure virtual environments.
Electronic Crime Taskforce
Presenter: Clarence Jorif, Special Agent, US Department of Homeland Security, US Secret Service
Join us for an interactive discussion regarding Bank Fraud, Wire Fraud, Access Device Fraud, and Identity Theft. You will be provided with knowledge of the latest trends and how the aforementioned offenses are being conducted and facilitated via the use of a computer.
Concurrent Sessions VI
eDiscovery in the Trenches
Presenter: Andy Spruill, Senior Director of Risk Management, Guidance Software Inc.
Andy Spruill in his role as the head of Risk Management for Guidance Software
shares with us his practical experience from numerous eDiscovery matters both on behalf of
Guidance and for numerous customers worldwide. This is not a presentation where he will
talk at a high level about abstract ideas, the changes to the FRCP, or what you should be
doing. Andy will take you through the down and dirty of what you will actually need to
do, from identifying what to collect to how to document your work. This is meant for the
people who have been tasked with taking the "What you should be doing..." and actually
making it happen in their company or for their clients.
PCI Compliance
Presenter: Josh "Jabra" Abraham, Rapid 7
Academic Opportunities in Information Assurance
Presenter: Dr. Dan Manson,
Professor,
Computer Information Systems,
Cal Poly Pomona
The need for college graduates with knowledge and experience in Information Assurance (IA) is greater than ever. Increasing numbers of community colleges, four year, graduate and post-graduate programs are offering information assurance curriculum and research opportunities. The National Security Agency and Department of Homeland Security now designate Centers of Academic Excellence in Information Assurance for community colleges, 4 year programs with strong IA curriculum, and programs with emphasis on IA research. This breakout sessions will cover IA academic opportunities at these types of institutions.