Detailed Program Information

Registration Desk Open

Session Details

E-Mail Room Open - sponsored by Gateway, An EDUCAUSE Gold Partner

Session Details

Improving Security with Identity Management: Whoa Nelly!

Session Details

Speaker(s)

• Mark S. Bruhn, AVP, Indiana University System
• Michael R. Gettes, Senior Consulting Technical Architect, MIT

Abstract

Identity management improves security by enabling institutions to keep more accurate and manageable records of who is using what resource. This workshop will present the basics of identity and privilege management and its critical role in campus security plans and infrastructure. Included will be the basics of policy, process, and technology. This workshop is sponsored in part by the NMI-EDIT Consortium of Internet2 and EDUCAUSE.

• View Session Resources

Information Security and Privacy Policy Development

Session Details

Speaker(s)

• Kimberly A. Milford, Special Projects Assistant, Indiana University
• Tracy Mitrano, Director of IT Policy, Cornell University
• Steven Schuster, Interim Executive Director, Cornell University

Abstract

This session will discuss the development of a policy framework for information security, including effective policies, procedures, and practices that are in keeping with the legal landscape. Participants should come away from the session with model policy framework, procedures, and practices that can be tailored for their individual institution's needs and culture.

• View Session Resources

SEM01F - Establishing an Information Security Program
PLEASE NOTE: Separate registration and fee are required to attend this seminar.

Session Details

Speaker(s)

• Cedric Bennett, Emeritus Director, Information Security Services, Stanford University
• Carol Myers, Director, College Technology, Paradise Valley Community College

Abstract

This interactive session will provide an overview of areas such as growing the program, gaining broad support, finding resources, focusing direction, and planning for what comes next. We'll take a look at staffing models, assessing risk, policy development, raising campus-wide awareness, training staff, privacy issues, and operational and technical controls. Participants will be given an opportunity to discuss and potentially address security issues from their own institutions.

SEM02F - Incident Handling Tools and Techniques
PLEASE NOTE: Separate registration and fee are required to attend this seminar.

Session Details

Speaker(s)

• Anderson F. Johnston, IT Security, University of Maryland, Baltimore County
• H. Morrow Long, University Information Security Officer, Yale University
• Christopher Misra, Information Security Officer, University of Massachusetts Amherst

Abstract

This seminar is designed to provide a framework and set of tools that participants can take back to their institutions for handling IT security incidents. Participants will learn how to bypass typical mistakes, develop incident-handling protocols and procedures, use shareware and open source tools, interpret logs, and leverage other resources. Exercises will give participants hands-on opportunities to diagnose and resolve incidents.

Refreshment Break for Preconference Seminar Participants

Session Details

Lunch for Full-Day Preconference Seminar Participants

Session Details

Data-Incident Notification Policies and Procedures

Session Details

Speaker(s)

• Mary Ann Blair, Director of Information Security, Carnegie Mellon University
• Tracy Mitrano, Director of IT Policy, Cornell University
• Steven Schuster, Interim Executive Director, Cornell University

Abstract

Information security policies and procedures increasingly must respond to legal requirements in the area of notification in the event of a breach of personally identifiable information. This session will also explore technical issues related to meeting legal standards such as "reasonable belief that data has been acquired by an unauthorized user." Members of a panel will also describe their actual responses to incidents at their institutions.

• View Session Resources

Network Architecture for Automatic Security and Policy Enforcement

Session Details

Speaker(s)

• Kevin Amorin, Information Security Manager, HKS, Harvard University
• Christopher Misra, Information Security Officer, University of Massachusetts Amherst

Abstract

This session will discuss various approaches for automating technical policy enforcement as a condition for network access in colleges and universities, including approaches that allow for host isolation, captive-portal-like remediation systems, and other forms of conditional network access. We will also discuss the work of the Internet2 SALSA-NetAuth working group.

• View Session Resources

SEM03P - War Games 2006: An Exercise in Ethical Cracking
PLEASE NOTE: Separate registration and fee are required to attend this seminar.

Session Details

Speaker(s)

• David Ripley, Lead Network Security Developer, Advanced Network Management Lab, Indiana University System
• Gregory Travis, Senior Researcher & Assistant Lab Director, Advanced Network Management Lab, Indiana University System

Abstract

Attendees, given some ground rules, will attempt to compromise computers connected to an isolated network. The goal will be to "capture" as many of the other hosts as possible in the time allotted. The exercise will be followed by a discussion of methods used, and security issues will be highlighted.

Refreshment Break for Preconference Seminar Participants

Session Details

Birds-of-a-Feather Sessions

Session Details

Abstract

We invite you to join colleagues for birds-of-a-feather discussions. During this discussion session you can network with those who are from similar organizations. If you don’t find a group to which you would naturally belong, you can also establish a new group by notifying us in advance (security-task-force@educause.edu) or signing up at the bulletin board near the registration desk.

Groups include:

Big Ten/CIC
Commuter Campuses
Ivy-Plus
Minority Serving Institutions
Research Universities
Small Colleges
State Networks
Universities of the Big 12
Virginia Alliance for Secure Computing and Networking (VASCAN)

Other Groups: Sign up at bulletin board near the registration desk.