Detailed Program Information

Registration Desk Open

Session Details

Breakfast
Sponsored by Blackboard Connect

Session Details

E-Mail Room Open
Sponsored by MPC/Gateway, An EDUCAUSE Gold Partner

Session Details

Collecting and Preserving Data in the Wake of a Tragedy

Session Details

Speaker(s)

• William Dougherty, Assistant Director, Systems Support, Network Infrastructure and Services, Virginia Tech
• Session convener: Ken Connelly, Associate Director, Security and Systems, University of Northern Iowa

Abstract

After the tragic events of April 16, 2007, at Virginia Tech, IT professionals and university legal counsel had to quickly address the need to collect and preserve data in the event of future litigation. Performing tasks while dealing with grief and protecting academic freedom and privacy issues has required a delicate approach.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/CollectingandPreservingDa/46753

The Data Center Within a Data Center: Building a Secure Environment for Compliance

Session Details

Speaker(s)

• David Seidl, Information Security Program Manager, University of Notre Dame
• Session convener: H. Morrow Long, University Information Security Officer, Yale University

Abstract

PCI compliance can be daunting, particularly in a university network environment. Notre Dame chose a data center within a data center approach to simplify compliance and minimize integration issues. This project includes implementing the data center, a virtual network to support point-of-sale devices, and related operational procedures.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/TheDataCenterWithinaDataC/47038

Using Nontraditional Security Risk Assessments to Measure Risk, Request Budgets, and Illustrate Trends

Session Details

Speaker(s)

• Benjamin Nathan, Associate Director, Security & Identity Management Services, Weill Cornell Medical College
• Session convener: Thomas Siu, Chief Information Security Officer, Case Western Reserve University

Abstract

Learn how Weill Cornell Medical College employs a nontraditional risk management methodology to accurately measure risk, build compelling and successful budget requests, and graphically illustrate trends understandable to technical and nontechnical stakeholders. Attendees will receive Excel tools they can use to manage their own risk assessments in this way.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/UsingNontraditionalSecuri/46754

The Shifting Landscape

Session Details

Speaker(s)

• Brian Smith-Sweeney, Project Lead, New York University

Abstract

Operating system and application vendors are finally starting to ship products secure by default. Not to be outdone, the attacker community has changed both motivation and operation: Careless vandals are being replaced by organized cybercriminals with advanced attack techniques. See how this shifting landscape affects traditional security strategies.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/TheShiftingLandscape/46804

Securing and Leveraging the Power of Virtual Servers and Desktops

Session Details

Speaker(s)

• Conrado Wang Cheng Niemeyer, Information Security Officer, Sacred Heart University
• Session convener: William E. Terry, Assoc. Dean of Information Services & CTO, Bard College

Abstract

Virtualized server environments provide many benefits from cost and space savings to ease of deployment and administration. We will demonstrate how we secure our virtual environment at Sacred Heart University and how we leverage that environment to provide better secured and isolated server applications and user workspace.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/SecuringandLeveragingtheP/46755

McAfee and Georgia State University - Taking Aim at Network Intruders with Intrushield's Intrusion Prevention System

Session Details

Speaker(s)

• Tammy L. Clark, Chief Information Security Officer, Georgia State University
• William Charles Monahan, Lead Information Security Administrator
• John Vecchi, Director, Product Marketing, Network Security Solutions, McAfee, Inc.
• Session convener: Cheryl Lyn Granto, IT Security Officer, Florida International University

Abstract

McAfee and Georgia State University have enjoyed a successful association since 2005 in optimizing the university's use of the Intrushield intrusion prevention system. Join us for a discussion of key advantages we've discovered: how to do more with less, achieve flexibility through distributed/centralized management, and provide comprehensive protection against threats and exploits.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/McAfeeandGeorgiaStateUniv/46734

Refreshment Break
Sponsored by PGP Corporation

Session Details

An ARP Spoofing and Router Impersonation Incident

Session Details

Speaker(s)

• David Greenberg, Security Engineer, Indiana University
• Session convener: Rich Graves, Sr UNIX & Security Admin, Carleton College

Abstract

Follow along as we track down the source of JavaScript injection into web pages through the use of ARP flooding and router impersonation on the IU network. How did it happen, what tools did we use to track it down, and what can we do about this type of attack?

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/AnARPSpoofingandRouterImp/46756

Security Uncertainty: What Matters, Motivates, and Moves!

Session Details

Speaker(s)

• James Lowe, Chief Information Security Officer, University of Wisconsin-Madison
• Stefan Wahe, IT Security Officer, University of Wisconsin-Madison
• Session convener: Cherry Delaney, Network Services Outreach & Training, Purdue University

Abstract

Good security requires good communications and understanding. It is key to agree on effective and efficient processes and technologies that implement security controls. How do we get senior administrators, security professionals, and technologists all speaking the same language so smart decisions can be made?

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/SecurityUncertaintyWhatMa/46757

Identity Finder LLC and Carnegie Mellon University - Find and Protect Personal Information Before It's Too Late

Session Details

Speaker(s)

• Mary Ann Blair, Director of Information Security, Carnegie Mellon University
• Todd Feinman, Chief Executive Officer, Identity Finder LLC
• Session convener: Kathy Bergsma, Information Security Manager, University of Florida

Abstract

It's estimated that the black market trafficking of stolen electronic identities will increase to $1.6 billion in 2010. Finding personal information is an increasingly complex problem due the myriad places it can reside and forms it can take on computers. Learn not only how to find it but also how to easily and quickly protect it.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/IdentityFinderLLCandCarne/46735

Bridging Security and Identity Management: Can't We Just Get Along?

Session Details

Speaker(s)

• Christopher Misra, Information Security Officer, University of Massachusetts Amherst
• John J. Suess, Vice President of Information Technology/CIO, University of Maryland, Baltimore County
• Session convener: Joanna Lyn Grama, Information Security Policy and Compliance Director, Purdue University

Abstract

Security staff want to keep the bad guys out, and identity management (IdM) staff want to let the good guys in. This session will explore this generalization and how to bridge issues in technology, policy, process, and reporting structures relating to security and IdM to achieve shared institutional goals.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/BridgingSecurityandIdenti/46791

Effective Windows Desktop Security: XP and Vista

Session Details

Speaker(s)

• John Bruggeman, Director of Information Systems, Hebrew Union College-Jewish Institute of Religion
• Session convener: William E. Terry, Assoc. Dean of Information Services & CTO, Bard College

Abstract

Windows desktops are widely deployed and can be subject to multiple attack vectors. Windows XP and Vista have vulnerabilities that need to be mitigated effectively by security teams or by end users. This session will cover the top security vulnerabilities in Windows desktops and how to secure them quickly and effectively, along with the tools to use.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/EffectiveWindowsDesktopSe/46758http://connect.educause.edu/Library/Abstract/EffectiveWindowsDesktopSe/46758

FireEye, Inc. and University of California, Berkeley - Combating Stealth Malware and Botnets in Higher Education

Session Details

Speaker(s)

• Fred Archibald, Network Manager/EECS Dept, University of California, Berkeley
• Michael J. Staggs, Chief Investigator, FireEye, Inc.

Abstract

UC Berkeley's Electrical Engineering and Computer Sciences department wanted to strengthen security for mobile users on the wireless network. This talk will cover practical knowledge required to address network security incidents in a forensically sound manner. The university selected FireEye's antimalware solution to protect against targeted stealth malware.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/CombatingStealthMalwarean/46786

Refreshment Break
Sponsored by PGP Corporation

Session Details

Addressing Complex Security Threats Through Risk Management

Session Details

Speaker(s)

• Rebecca Whitener, Former Vice President Enterprise Risk Management and Chief Risk Officer, EDS

Abstract

In this session, we will address the current cybersecurity issues that are challenging higher education leaders today as they try to stay on top of the risks associated with attacks on information systems from internal and external sources. Emerging enterprise risk management (ERM) methodologies will be examined as a source of guidance for creating an effective risk-based approach for managing current and future threats.

• View Session Resources

More Information

For more information, see:

http://connect.educause.edu/Library/Abstract/AddressingComplexSecurity/46776

Lunch for Postconference Seminar Participants

Session Details

Security Task Force Team Leadership Meeting (by invitation only)

Session Details

REN-ISAC Members Meeting Invitation Only
PLEASE NOTE: Separate registration and fee are required to attend this meeting.

Session Details

Abstract

The REN-ISAC is an integral part of higher education's strategy to improve network security. This meeting will gather members of the REN-ISAC for a face-to-face meeting. This meeting is open only to REN-ISAC members by invitation. Registration will be limited to 100 people and one attendee per institution. Lunch provided. If you are ONLY attending the REN ISAC meeting, please call Member Services at (303) 449-4430 to register by phone.

Seminar P1 - Developing an Effective Electronic Records Management Process
PLEASE NOTE: Separate registration and fee are required to attend this seminar.

Session Details

Speaker(s)

• Michael Sermersheim, Associate Vice President and Deputy General Counsel Emeritus, University of Akron

Abstract

Once considered predominantly an archival function, records management is now relevant at all levels. With the advent of electronic discovery rules, legal compliance requirements, and best-practices considerations, electronically stored information is of great concern to IT professionals, campus executive leadership, and legal counsel. Hear considerations for your creation, or review, of campus records retention policies, records destruction requirements, e-discovery protocols, considerations about forensic information preservation and assessment, document authentication and chain-of-custody guidelines, and sample policies and resources from others.