Detailed Program Information

2009 Program Committee Breakfast (by invitation only)

Session Details

E-Mail Room Open
Sponsored by MPC/Gateway, An EDUCAUSE Gold Partner

Session Details

Breakfast
Sponsored by Verizon Business

Session Details

Registration Desk Open

Session Details

Welcome and Introductions

Session Details

Speaker(s)

• Gary R. Bachula, Vice President for External Relations, Internet2
• Mark S. Bruhn, AVP, Indiana University System
• Gary Dobbins, Director, Information Security, University of Notre Dame
• Mark Luker, Telecommunications Policy Specialist-NTIA, United States Department of Commerce
• Peter Siegel, Vice Provost & CIO, University of California, Davis

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/WelcomeandIntroductions/46787

Addressing the Cyberthreats to Our Critical Infrastructures

Session Details

Speaker(s)

• Gregory Garcia, Assistant Secretary for Cyber Security and Communications, United States Department of Homeland Security

Abstract

Protecting cyberspace without changing its spirit of openness will challenge us all. We have to balance the temptation to sacrifice the best of cyberspace in the name of precaution with the urgent need to share our great experiment—the digital democracy—with the rest of the world. We all must share in the burden to secure cyberspace because we all depend on shared critical infrastructures and systems to maintain our national security, fuel our economy, and support our way of life. This keynote will highlight key components of the Department of Homeland Security’s strategic cybersecurity efforts including securing federal systems, building a comprehensive risk management framework, and enhancing cyber response operational capabilities.

Refreshment Break and Corporate Displays

Session Details

Abstract

Fifteen leading security technology companies will be available during the morning and afternoon breaks on April 11, in the Corporate Display and Refreshment break area. Learn more about products and services and interact with company representatives showcasing security technology solutions for higher education.

AegisUSA

Session Details

Abstract

AegisUSA is a comprehensive IdM solution provider specializing in Higher Education environments. We understand that universities today must be able to provide networked environments that are open yet secure, flexible and cost effective while still meeting regulatory compliance demands. A successful IdM solution helps universities manage security thus reducing risks.

Aladdin Knowledge Systems

Session Details

Abstract

Aladdin’s eToken is a world leader for USB-based authentication solutions. It provides strong user authentication and cost-effective password management solutions, enabling organizations to easily and effectively expand business opportunities with secure network access, improve data security through enhanced encryption and digital signing, and reduce costs and vulnerabilities through superior password management.

Bradford Networks, An EDUCAUSE Bronze Partner

Session Details

Abstract

Bradford Networks develops advanced network access control solutions for wireless, wired, and VPN networks. Bradford’s out-of-band appliances leverage existing networks to deliver identity management, endpoint compliance, and usage policy enforcement. Bradford solutions automatically identify authorized users and verify device compliance before granting network access and help noncompliant users update their systems themselves.

CDW Government, Inc., An EDUCAUSE Platinum Partner

Session Details

Abstract

CDW-G is a trusted technology advisor that responds with a sense of urgency to customer technology needs, delivering best-in-class solutions from top-name brands such as APC, Cisco, HP, IBM, Lenovo, Microsoft, Sony, Symantec, Toshiba, and ViewSonic. For more information call 800-863-4239 or visit the CDW-G website at CDWG.com.

EDUCAUSE/Internet2 Computer and Network Security Task Force

Session Details

Speaker(s)

• Peter Siegel, Vice Provost & CIO, University of California, Davis

Abstract

Stop by the Security Task Force table to learn more about task force initiatives, resources, and how you can get involved.

HID Global

Session Details

Abstract

HID Global is a trusted leader in providing solutions for the delivery of secure identity, serving customers worldwide with proximity and contactless smart card technologies; IP-based networked access solutions; secure and custom card solutions; photo ID and ID card application control software; and high-definition printer/encoders and secure card issuance solutions.

Identity Engines

Session Details

Abstract

Identity Engines’ award-winning Ignition Server has been helping schools address network access and compliance challenges including guest management, wireless security, classroom control, policy enforcement, and 802.1X deployment. Ignition makes network access policies enforceable through role-based access control that spans heterogeneous network and directory infrastructures.

Identity Finder LLC

Session Details

Abstract

Identity Finder plays a crucial role in helping universities prevent data leakage by finding and securing personally identifiable information. Whether complying with state privacy laws or internal controls, it’s easy for faculty, staff, and students to search for PII and either permanently shred or encrypt the data so it's safe.

Ironport Systems

Session Details

Abstract

IronPort Systems, a Cisco business unit, is a leading provider of antispam, antivirus, and antispyware appliances for organizations worldwide. IronPort appliances use SenderBase, the world’s largest e-mail and web threat detection network and database. IronPort products provide breakthrough performance and play a mission-critical role in a company’s network infrastructure.

Lancope

Session Details

Abstract

Lancope’s StealthWatch is a widely used network behavior analysis solution that unifies behavior-based anomaly detection and network performance monitoring. StealthWatch streamlines security and network operations into one process, reduces time and resources, and eliminates cost and complexity associated with nonintegrated point products. For more information, call 888-419-1462 or visit www.lancope.com.

McAfee, Inc.

Session Details

Abstract

McAfee, a leader in intrusion prevention and security risk management, proactively secures systems and networks worldwide. Our unmatched security expertise, focus on manageability, and proven ability to successfully prevent attacks are the reasons why McAfee is the security solution of choice for homes, businesses, service providers, and the public sector.

Mirage Networks, Inc.

Session Details

Abstract

Mirage Networks defends networks from zero-day threats and policy violations with full-cycle, agentless network access control (NAC) technology. The combination of access control, threat prevention, and automated policy enforcement provides an in-depth view of endpoint activity throughout its lifecycle on the network. The Mirage solution is the only patented NAC solution on the market.

Rapid7

Session Details

Abstract

Universities have become one of the top targets for hackers and exploits. Over 100 universities choose Rapid7 NeXpose to secure students’ sensitive data and provide access to Web Applications. Rapid7 NeXpose UVM is the only solution that provides complete network scanning, web application scanning, and database scanning.

Sourcefire, Inc.

Session Details

Abstract

Sourcefire, creator of SNORT, is a leader in enterprise threat management solutions. The Sourcefire 3D System unifies IPS, NBA, NAC, and vulnerability assessment technologies under one management console. Customers are equipped with an efficient and effective layered security defense that protects network assets before, during, and after an attack. Visit www.sourcefire.com.

Triumfant

Session Details

Abstract

Triumfant Resolution Manager automatically detects and remediates root-cause issues such as unauthorized configuration changes, zero-day security attacks, and policy noncompliance before they disrupt the computing environment or result in service desk calls.

Verizon Business

Session Details

Abstract

Verizon's Business Security Solutions powered by Cybertrust combine security and infrastructure to help you secure data and verify identities from your desktop, along your network, and around the world. With over 15 years experience, we offer leading solutions: an identity management services portfolio; compliance programs for PCI; and an experienced forensics practice.

Botnets and the Army of Darkness

Session Details

Speaker(s)

• Craig A. Schiller, CISO, Portland State University
• Session convener: Beth Young, Network Security Analyst, University of Missouri System

Abstract

Botnets are malicious robot networks. They are forming an army of darkness that is wreaking havoc across university campuses. This session will present an overview of the botnet threat to bring you up to speed on this menace.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/BotnetsandtheArmyofDarkne/46736

Privacy and Personal Information in a Rapidly Changing World of Learning Spaces

Session Details

Speaker(s)

• David Escalante, Director of Computer Policy & Security, Boston College
• Session convener: Joanna Lyn Grama, Information Security Policy and Compliance Director, Purdue University

Abstract

Institutions are increasingly placing students' papers, discussions, and personal opinions in course management systems, wikis, or other shared learning spaces. This session will address the many critical questions that remain unanswered concerning what privacy protections and choices should be provided, and by whom, in learning spaces that fall outside the traditional classroom or online course shell.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/PrivacyandPersonalInforma/46737

Building a Risk-Based Information Security Program

Session Details

Speaker(s)

• Michael Chapple, Information Security Program Manager, University of Notre Dame
• Session convener: Matthew Keller, Information Security Officer/Network Administrator, SUNY College at Potsdam

Abstract

In 2005, the University of Notre Dame suffered a serious incident that brought information security into the campus spotlight. In response, we partnered with a Big Four consulting firm to conduct a comprehensive IT risk assessment. Two years later, we're halfway through a four-year risk management program.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/BuildingaRiskBasedInforma/46738

A Normative Campus Security Agenda

Session Details

Speaker(s)

• Joseph E. St Sauver, Security Programs Manager, Internet2, University of Oregon
• Session convener: Rich Graves, Sr UNIX & Security Admin, Carleton College

Abstract

One of the hardest tasks for security officers is deciding what should be part of the campus security agenda. This presentation will provide a taxonomy of campus IT security issues, including a discussion of the impact of differing network architectures, policy constraints, and areas of particular concern: firewalls, patching, malware, NAC, wireless, and new protocols such as IPv6.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/ANormativeCampusSecurityA/46739

Securing Web Applications: A Case Study

Session Details

Speaker(s)

• Doreen Meyer, Security Administrator, University of California, Davis
• Robert Ono, IT Security Coordinator, University of California, Davis
• Session convener: Kathleen R. Kimball, Senior Director, ITS Security Operations and Services, The Pennsylvania State University

Abstract

With the ubiquitous nature of web applications, security vulnerabilities are one of the growing areas that are routinely probed and attacked. This session will discuss the selection background and technical implementation of Watchfire AppScan Enterprise, an enterprise web application security scanner solution, by the security team at University of California, Davis.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/SecuringWebApplicationsAC/46740

Symantec Corporation and Temple University - Securing a Free and Open University Environment

Session Details

Speaker(s)

• Brian Foster, Vice President, Product Management, Symantec Corporation
• Seth Shestack, Associate Director of Information Security, Temple University
• Session convener: Cherry Delaney, Network Services Outreach & Training, Purdue University

Abstract

University computing environments can be a security nightmare of unpredictability, diversity, and ongoing demand for availability with minimal restrictions. Simultaneously, university IT must protect the students, faculty, and staff they support. The answer? Deploy the right tools and tactics at the right time to enforce security policy compliance.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/SymantecCorporationandTem/46785

Lunch and Roundtable Discussions
Sponsored by McAfee, Inc.

Session Details

Keeping the Skillet Hot: Managing Security between the Breaches

Session Details

Speaker(s)

• Matthew Dalton, Director, Information Security, Ohio University
• Adam Dodge, IT Security Officer, Eastern Illinois University
• Shirley C. Payne, Assistant VP for Information Security, Policy, and Records, University of Virginia
• David C. Smith, University Information Security Officer, Georgetown University
• Session moderator: Mary Ann Blair, Director of Information Security, Carnegie Mellon University
• Session convener: Stefan Wahe, IT Security Officer, University of Wisconsin-Madison

Abstract

Getting management’s attention in the wake of a privacy / security breach is easy. Keeping their attention and ongoing support requires planning, persistence, and an eye for opportunity. This session will review security breaches experienced at institutions of higher education during 2007 and will focus on making the most of the chaos that ensues after a breach by gaining commitments for strategic opportunities.

A Business Continuity Planning Toolkit

Session Details

Speaker(s)

• Robert J. Block, IT Security Analyst, University of Rochester
• Beth Buse, Deputy Director of Internal Auditing, Minnesota State Colleges and Universities
• Leslie Maltz, Deputy VP for IT Planning & Standards (retired), Columbia University
• Session convener: Leslie Maltz, Deputy VP for IT Planning & Standards (retired), Columbia University

Abstract

As major disasters bring acute awareness to readiness, many higher education institutions have taken the initiative to develop and refine their handling of major disruptions on campus. This presentation provides information and resources collected from experienced business continuity and disaster recovery planning professionals; a toolkit for Business Continuity.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/ABusinessContinuityPlanni/46741

Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration

Session Details

Speaker(s)

• David Bucciero, Director of Technical Services, Dartmouth College
• Adam Goldstein, IT Security Engineer, Dartmouth College
• Scott A. Rea, Senior PKI Architect, Dartmouth College
• Session convener: H. Morrow Long, University Information Security Officer, Yale University

Abstract

The Dartmouth Cyber-Security Initiative is an ongoing collaboration between faculty, staff, and students focused on projects aimed at improving the security of the College's information systems. By coordinating research interests with practical concerns, the initiative has resulted in a number of innovative procedures and tools. One such tool is Achilles. Integrated with popular assessment tools such as Nessus and NMAP, Achilles is an easy to use, enterprise-scale analysis console that allows institutions to rank, manage, and track assessment results for thousands of systems.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/DartmouthCyberSecurityIni/46742

Security Standards: Complexity Is the Enemy of Security

Session Details

Speaker(s)

• Daniel Adinolfi, Senior Security Engineer, Cornell University
• Christopher Misra, Information Security Officer, University of Massachusetts Amherst
• Brian Smith-Sweeney, Project Lead, New York University
• Session convener: Joanna Lyn Grama, Information Security Policy and Compliance Director, Purdue University

Abstract

Everyone wants to know how to "be secure." The myriad higher ed compliance requirements, coupled with a constantly dynamic attacker strategy, have made this question more difficult than ever to answer. Come talk with representatives from three institutions that managed to craft a rational, coherent strategy for standardizing security.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/SecurityStandardsComplexi/46789

Network Access Control through Quarantine, Remediation, and Verification

Session Details

Speaker(s)

• Alex B. Chalmers, Lead Enterprise Systems and Security Architect, Ball State University
• Tobiah Coffman, Enterprise Security Services Group Team Leader, Ball State University
• Jonathan Sweeny, Incident Response Manager, Indiana University
• Eric Weakland, Director, Information Security, American University
• Session convener: Michael Chapple, Information Security Program Manager, University of Notre Dame

Abstract

Security engineers from universities across the country discuss their perspectives on network access control. This panel discussion will cover the differing ways these institutions approached the problem from all angles including the benefits of such a solution, technologies used, challenges they faced in the process, and how they overcame these challenges.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/NetworkAccessControlthrou/46743

SANS Partnership Program: A Panel Discussion of Successes and Challenges

Session Details

Speaker(s)

• Cherry Delaney, Network Services Outreach & Training, Purdue University
• Randall Raw, Manager, Security Services, University of Missouri System
• Zachary Reimer, Network Security Analyst, University of Nebraska - Lincoln
• Thomas Siu, Chief Information Security Officer, Case Western Reserve University
• Scott Z. Wilson, Information Manager, University Information Policy and Security Offices, Indiana University
• Session moderator: Randy Marchany, Director, IT Security Lab, Virginia Tech
• Session convener: John Bruggeman, Director of Information Systems, Hebrew Union College-Jewish Institute of Religion

Abstract

This panel discussion, led by your fellow academies, will address the successes, challenges, and innovative solutions offered by the SANS Partnership Series program. SANS, a leader in information security training and certification, offers a unique program to the higher education community that has trained over 3,500 university faculty and staff while saving schools over $850,000 in tuition alone. Learn how this program can benefit your school from security, cost, and productivity perspectives. Ask questions of your peers from Virginia Tech, Purdue, Georgia, Nebraska, Indiana, and MOREnet. SANS Partnership Program details can be found at www.sans.org/partnership.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/SANSPartnershipProgramAPa/46744

Refreshment Break and Corporate Displays

Session Details

AegisUSA

Session Details

Abstract

AegisUSA is a comprehensive IdM solution provider specializing in Higher Education environments. We understand that universities today must be able to provide networked environments that are open yet secure, flexible and cost effective while still meeting regulatory compliance demands. A successful IdM solution helps universities manage security thus reducing risks.

Aladdin Knowledge Systems

Session Details

Abstract

Aladdin’s eToken is a world leader for USB-based authentication solutions. It provides strong user authentication and cost-effective password management solutions, enabling organizations to easily and effectively expand business opportunities with secure network access, improve data security through enhanced encryption and digital signing, and reduce costs and vulnerabilities through superior password management.

Bradford Networks, An EDUCAUSE Bronze Partner

Session Details

Abstract

Bradford Networks develops advanced network access control solutions for wireless, wired, and VPN networks. Bradford’s out-of-band appliances leverage existing networks to deliver identity management, endpoint compliance, and usage policy enforcement. Bradford solutions automatically identify authorized users and verify device compliance before granting network access and help noncompliant users update their systems themselves.

CDW-Government, Inc., An EDUCAUSE Platinum Partner

Session Details

Abstract

CDW-G is a trusted technology advisor that responds with a sense of urgency to customer technology needs, delivering best-in-class solutions from top-name brands such as APC, Cisco, HP, IBM, Lenovo, Microsoft, Sony, Symantec, Toshiba, and ViewSonic. For more information call 800-863-4239 or visit the CDW-G website at CDWG.com.

EDUCAUSE/Internet2 Computer and Network Security Task Force

Session Details

Speaker(s)

• Peter Siegel, Vice Provost & CIO, University of California, Davis

Abstract

Stop by the Security Task Force table to learn more about task force initiatives, resources, and how you can get involved.

HID Global

Session Details

Abstract

HID Global is a trusted leader in providing solutions for the delivery of secure identity, serving customers worldwide with proximity and contactless smart card technologies; IP-based networked access solutions; secure and custom card solutions; photo ID and ID card application control software; and high-definition printer/encoders and secure card issuance solutions.

Identity Engines

Session Details

Abstract

Identity Engines’ award-winning Ignition Server has been helping schools address network access and compliance challenges including guest management, wireless security, classroom control, policy enforcement, and 802.1X deployment. Ignition makes network access policies enforceable through role-based access control that spans heterogeneous network and directory infrastructures.

Identity Finder LLC

Session Details

Abstract

Identity Finder plays a crucial role in helping universities prevent data leakage by finding and securing personally identifiable information. Whether complying with state privacy laws or internal controls, it’s easy for faculty, staff, and students to search for PII and either permanently shred or encrypt the data so it's safe.

Ironport Systems

Session Details

Abstract

IronPort Systems, a Cisco business unit, is a leading provider of antispam, antivirus, and antispyware appliances for organizations worldwide. IronPort appliances use SenderBase, the world’s largest e-mail and web threat detection network and database. IronPort products provide breakthrough performance and play a mission-critical role in a company’s network infrastructure.

Lancope

Session Details

Abstract

Lancope’s StealthWatch is a widely used network behavior analysis solution that unifies behavior-based anomaly detection and network performance monitoring. StealthWatch streamlines security and network operations into one process, reduces time and resources, and eliminates cost and complexity associated with nonintegrated point products. For more information, call 888-419-1462 or visit www.lancope.com.

McAfee, Inc.

Session Details

Abstract

McAfee, a leader in intrusion prevention and security risk management, proactively secures systems and networks worldwide. Our unmatched security expertise, focus on manageability, and proven ability to successfully prevent attacks are the reasons why McAfee is the security solution of choice for homes, businesses, service providers, and the public sector.

Mirage Networks, Inc.

Session Details

Abstract

Mirage Networks defends networks from zero-day threats and policy violations with full-cycle, agentless network access control (NAC) technology. The combination of access control, threat prevention, and automated policy enforcement provides an in-depth view of endpoint activity throughout its lifecycle on the network. The Mirage solution is the only patented NAC solution on the market.

Rapid7

Session Details

Abstract

Universities have become one of the top targets for hackers and exploits. Over 100 universities choose Rapid7 NeXpose to secure students’ sensitive data and provide access to Web Applications. Rapid7 NeXpose UVM is the only solution that provides complete network scanning, web application scanning, and database scanning.

Sourcefire, Inc.

Session Details

Abstract

Sourcefire, creator of SNORT, is a leader in enterprise threat management solutions. The Sourcefire 3D System unifies IPS, NBA, NAC, and vulnerability assessment technologies under one management console. Customers are equipped with an efficient and effective layered security defense that protects network assets before, during, and after an attack. Visit www.sourcefire.com.

Triumfant

Session Details

Abstract

Triumfant Resolution Manager automatically detects and remediates root-cause issues such as unauthorized configuration changes, zero-day security attacks, and policy noncompliance before they disrupt the computing environment or result in service desk calls.

Verizon Business

Session Details

Abstract

Verizon's Business Security Solutions powered by Cybertrust combine security and infrastructure to help you secure data and verify identities from your desktop, along your network, and around the world. With over 15 years experience, we offer leading solutions: an identity management services portfolio; compliance programs for PCI; and an experienced forensics practice.

Incident Response Tracker: Centralized Monitoring, Distributed Response

Session Details

Speaker(s)

• Martin Manjak, Information Security Officer, University at Albany, SUNY
• Session convener: Ken Connelly, Associate Director, Security and Systems, University of Northern Iowa

Abstract

With a mixture of centralized and local IT service providers, higher ed presents unique challenges to effective incident response. The University at Albany has developed a web-based incident management and reporting tool that provides immediate sharing of incident information with local responders and real-time incident response functionality (e.g., switch port control).

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/IncidentResponseTrackerCe/46745

PCI DSS Lessons Learned

Session Details

Speaker(s)

• Michael Leach, Project Manager Information Privacy and Security (IPAS), The Pennsylvania State University
• Jennifer A. Stewart, Project Technical Coordinator, Information Privacy and Security (IPAS), The Pennsylvania State University
• Session convener: Sallie Wright, Assistant Vice President for Information Technology, University of Alabama at Birmingham

Abstract

Penn State University formed the Information Privacy and Security (IPAS) Project to tackle PCI DSS compliance obligations and other security concerns related to the protection of personally identifiable information. This presentation will cover the PCI DSS challenges IPAS faced when working with 23 campus locations and 52 merchant segments.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/PCIDSSLessonsLearned/46746

Information Security Risk Assessment, Compliance, and Protection

Session Details

Speaker(s)

• Chuck Mackey, Executive Director, Corporate College, Cuyahoga Community College
• Session convener: Christine Stinson, Chief Information Officer, Ferrum College

Abstract

Cuyahoga Community College has developed a step-by-step set of procedures aimed at documenting "current state" information systems security measures. This extremely effective approach establishes a framework to help move us to a "desired state" of IT security risk mitigation, including critical areas such as PCI compliance.

Creating and Maintaining a Security Awareness Program

Session Details

Speaker(s)

• Cherry Delaney, Network Services Outreach & Training, Purdue University
• Session convener: Joanna Lyn Grama, Information Security Policy and Compliance Director, Purdue University

Abstract

Information security and the protection of a university's information assets and ?intellectual property begin with security awareness and education. This session will discuss ?Purdue University's approach to security education and training, focused on the ?university community at large, which is designed to develop and preserve a culture of ?security awareness.?

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/CreatingandMaintainingaSe/46790

Who Are You? Leveraging PKI for Digital Signatures at Virginia Tech

Session Details

Speaker(s)

• Mary Dunker, Director, Secure Enterprise Technology Initiatives, Virginia Tech
• Session convener: David J. Meske, Director Information Security & Compliance, Loyola Marymount University

Abstract

Digital signatures facilitate moving processes online while preserving the integrity of the signature. This presentation will show how Virginia Tech has leveraged its public key infrastructure to securely incorporate digital signatures into online processes.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/WhoAreYouLeveragingPKIfor/46747

The Role of .edu in Spammer Profits and Click Fraud

Session Details

Speaker(s)

• Nick Hannon, InfoSec Analyst, Swarthmore College
• Session convener: John Bruggeman, Director of Information Systems, Hebrew Union College-Jewish Institute of Religion

Abstract

Unbeknownst to many .edu domain owners, their websites may be actively advertising pharmaceuticals, ring tones, or even imposter handbags! Web spamming and click fraud are huge business today. This presentation will describe why your website might be involved and what you can do to detect and eliminate this exploitation.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/TheRoleofeduinSpammerProf/46748

Community Aware: Taking Cyber Security Awareness to the Street

Session Details

Speaker(s)

• Robert J. Block, IT Security Analyst, University of Rochester
• Marty Peterman, IT Security Specialist, University of Virginia
• Session convener: Cherry Delaney, Network Services Outreach & Training, Purdue University

Abstract

Community members face a sea of confusion when considering how to use the Internet safely. With the advance of broadband Internet into the homes of millions of Americans, how do we as security professionals guide our communities and protect them from the plagues of cyberspace? Join the Universities of Rochester and Virginia to see how they brought a cybersecurity message to their communities. You can do it, too!!

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/CommunityAwareTakingCyber/46749

A Web Tool to Assist Risk Assessment at the University of Florida

Session Details

Speaker(s)

• Kathy Bergsma, Information Security Manager, University of Florida
• Session convener: Thomas Siu, Chief Information Security Officer, Case Western Reserve University

Abstract

The University of Florida is implementing a risk assessment process using Achilles, an internally developed web application and specialized survey tool intended to facilitate the interview phase of a risk assessment. While Achilles does not provide a mitigation strategy, several views of responses help establish the risk profile.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/AWebTooltoAssistRiskAsses/46750

Implementing Information Security and Compliance: Four Questions and a Roadmap to Guide the Way

Session Details

Speaker(s)

• Miguel Soldi, Information Security Policy & Resourcing Analyst, University of Texas System
• Lewis Watkins, Chief Information Security Officer, University of Texas System
• Session convener: Ken Connelly, Associate Director, Security and Systems, University of Northern Iowa

Abstract

In 2006, the University of Texas System launched a system-wide initiative to bolster information security. The process involves following an implementation roadmap and answering four fundamental questions: What's happening? What's important? What's effective? What's next? The purpose of this session is to share the roadmap and answers the questions.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/ImplementingInformationSe/46751

Implementing Whole Disk Encryption in a Higher Education Environment

Session Details

Speaker(s)

• Jon Allen, Information Security Officer, Baylor University
• Robert Paul Hartland, Assistant Vice President - Security, IT Servers & Networking Systems, Baylor University
• Adam Sealey, Information Security Analyst, Baylor University
• Session convener: David J. Meske, Director Information Security & Compliance, Loyola Marymount University

Abstract

Baylor University has spent two years working on a large-scale deployment of whole disk encryption. The session will present the process from selecting the encryption technology to the culminating deployment process. The result is mediation of data loss that can result from the loss or theft of a technology asset.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/ImplementingWholeDiskEncr/46752

Unicon, Inc. and Rutgers, The State University of New Jersey - Improving Web Application Security by Using JA-SIG Central Authentication Service

Session Details

Speaker(s)

• Scott Battaglia, Software Architect, Rutgers, The State University of New Jersey
• Adam Rybicki, VP of Technology, Unicon, Inc.
• Session convener: H. Morrow Long, University Information Security Officer, Yale University

Abstract

Enterprise single sign-on (SSO) adds another enterprise application to the list of mission-critical applications that an institution must support and maintain. This session will demonstrate how institutions are leveraging Central Authentication Service (CAS) to make their web applications more secure and improve user experience. Developed by Yale University, CAS is now supported and maintained by the JA-SIG consortium (www.ja-sig.org).

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/UniconIncandRutgersTheSta/46733

Reception
Sponsored by Microsoft Corporation, An EDUCAUSE Platinum Partner

Session Details

Abstract

One of the most valuable aspects of this conference is the opportunity to connect face-to-face with fellow attendees. Join us for the reception, where you can relax over food and drink and get to know your colleagues. NOTE: Please wear your name badge for admittance.

BoF/Affinity Group Dinners (optional)

Session Details

Security Task Force Working Group Dinners (optional)

Session Details

Birds-of-a-Feather Sessions (Topical)

Session Details

Abstract

We invite you to join colleagues for birds-of-a-feather discussions. During this discussion session you can network with those who share similar interests or responsibilities and discuss topics of particular interest to you. These sessions are designed to encourage you to exchange experiences and insights with colleagues. You can also establish a new topic by notifying us in advance (security-task-force@educause.edu) or signing up on the sign near the registration desk.

Topics include:

Information Security Peer Review Programs
Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)
SANS-EDU Partnership
Security Operation Center (SOC)
Creating a National Cyber Security Awareness Campaign for Higher Ed Recent Phishing and Account
Hijackings at EDUs