Detailed Program Information

Registration Desk Open

Session Details

Breakfast
Sponsored by EPC and Packeteer, Inc.

Session Details

E-Mail Room Open - sponsored by Gateway, An EDUCAUSE Gold Partner

Session Details

Windows Authentication Activity Analysis

Session Details

Speaker(s)

• Kenneth J. Hoover, Manager, Windows Systems Group, Yale University
• Session convener: Jeffrey C. McCabe, Associate Director, Computing & Information Services, Texas A&M University

Abstract

Logging of activity of any kind is useless without an effective process to distill useful information from clutter. This presentation will cover how to capture, understand, and analyze user authentication records on Windows systems to assist in both routine and incident response scenarios.

• View Session Resources

Identity and Access Management: A Centralized Approach

Session Details

Speaker(s)

• Benjamin H. Lewis, Senior Security Analyst, Purdue University
• Jeffrey M. Smith, Senior Security Analyst, Purdue University
• Rob Stanfield, Director, Identity and Access Management, Purdue University
• Session convener: Carmen R. Cintron-Ferrer, MIS Director, Universidad del Sagrado Corazón

Abstract

Purdue University's IT security and privacy department has developed and implemented a broad computer access provisioning and central authentication and authorization process. This presentation will describe the process, discuss its impact and the feasibility of replicating it at other institutions, and provide a brief overview of Purdue's Identity and Access Management Office.

• View Session Resources

Security Incident Database

Session Details

Speaker(s)

• Loren Michael Johnson, Data Analyst, University of Oklahoma
• Calvin Weeks, President, Calvin Weeks & Associates, LLC
• Session convener: Merri Beth Lavagnino, Chief Information Policy Officer, Indiana University System

Abstract

The University of Oklahoma has developed and implemented a security incident database developed entirely on widely available open source software products. The Web-based system allows users to enter, annotate, block, and send notifications to users and administrators. The system has been in operation since 2001, with more than 8,000 incidents entered to date.

• View Session Resources

HIPAA Security Rule Training for IT System Administrators

Session Details

Speaker(s)

• Carol Davis, Enterprise Project Management, East Carolina University
• Session convener: Thomas Siu, Chief Information Security Officer, Case Western Reserve University

Abstract

The HIPAA Security Rule is challenging for health-care organizations, but especially for IT administrators supporting systems with electronically protected health information. Learn what is involved in developing an online training program to educate system administrators on the administrative, technical, and physical safeguards and how the knowledge gained can be measured.

• View Session Resources

Information Sharing the MOREnet Way: How Not to Keep Secrets

Session Details

Speaker(s)

• Randall Raw, Manager, Security Services, University of Missouri System
• Beth Young, Network Security Analyst, University of Missouri System
• Session convener: Kevin Amorin, Information Security Manager, HKS, Harvard University

Abstract

The MOREnet security office receives information about incidents and redistributes the information to help all members better secure their networks. In this presentation, we will discuss the tools we use and how we sanitize information to protect the guilty and innocent alike.

• View Session Resources

Securing E-Mail Infrastructure: Lessons Learned

Session Details

Speaker(s)

• William Dougherty, Assistant Director, Systems Support, Network Infrastructure and Services, Virginia Tech
• Brian McDevitt, Vice President, Western Area, Mirapoint
• Session convener: Tammy L. Clark, Chief Information Security Officer, Georgia State University

Abstract

E-mail has become the essential form of communication at universities. Its weakness, such as e-mail-borne threats and spam, can[severely impact message delivery and retrieval, crippling or even paralyzing communication. Attendees will learn how Virginia Tech overcame messaging problems with a multilayered secure messaging infrastructure that protects systems and users from e-mail threats.

• View Session Resources

Refreshment Break

Session Details

Shibboleth and Its Integration into Security Architectures

Session Details

Speaker(s)

• Christian Fernau, Systems Developer, University of Oxford
• Nathan D. Klingenstein, Technical Analyst, Internet2
• Session convener: Kimberly A. Milford, Special Projects Assistant, Indiana University

Abstract

Shibboleth is an authentication solution built on federated identity that can transport information about people across domains. Following a background on Shibboleth, this presentation will discuss current and future projects to integrate Shibboleth into institutional applications and security infrastructure at several layers.

• View Session Resources

Need Counseling? Marrying Security and SDLC

Session Details

Speaker(s)

• Marina Arseniev, Enterprise Database Administrator, Administrative Computing Services, University of California, Irvine
• Katya Sadovsky, Software Architect, University of California, Irvine
• Session convener: Kathleen R. Kimball, Senior Director, ITS Security Operations and Services, The Pennsylvania State University

Abstract

Include security in the requirements analysis, design, and testing of software, early in the development life cycle, and prevent insecure application delivery and expensive corrections. We will share our approach for continuous security assurance and demonstrate common yet avoidable application security vulnerabilities.

• View Session Resources

Incident Handling: Event Correlation, Response, Reporting, and Planning

Session Details

Speaker(s)

• Ramon Kagan, Manager, Information Security, York University
• Richard Rollason-Reese, Associate Director, Information Systems, Eastern Connecticut State University
• Christopher Russel, Director, I.T. Infrastructure and ISO, York University
• Session convener: Sallie Wright, Assistant Vice President for Information Technology, University of Alabama at Birmingham

Abstract

This session will describe the centralized system for event correlation and automated incident response (CECR) used by York University. There will also be a section on the use of incident reporting as valuable feedback into IT planning by Eastern Connecticut State University.

• View Session Resources

Staying Out of the Security Headlines

Session Details

Speaker(s)

• David Escalante, Director of Computer Policy & Security, Boston College
• Cathy Hubbs, Chief Information Security Officer, American University
• Session convener: Rebecca Fowler, System Security Analyst, University of Missouri

Abstract

In the first half of last year 550,000 people associated with 16+ schools had personal information exposed in university security breaches, generating negative publicity for the universities concerned and higher education as a whole. Hear two affected universities describe how it felt to be in the fire, how they avoided fanning the flames, and how their incident-handling protocols have been improved as a result.

• View Session Resources

Security Awareness Day: How It Can Work for You!

Session Details

Speaker(s)

• Jay Flanagan, Sr. Manager, Information Technology, Emory University
• Susan McKibben, Manager, Software Training Services, University of Akron
• Session convener: Andrea Di Fabio, Information Security Officer, Norfolk State University

Abstract

Hosting a security awareness day brings security issues to the forefront for your faculty, staff, and students. This presentation will show how the University of Akron and Emory University hosted awareness days, making their users more aware of security issues and what they could do to protect their university communities and themselves. It will also discuss other ways to promote security awareness across campus.

• View Session Resources

Security Technology Correlation: Next-Generation Architecture for Defending Campus Networks Against Blended Threats

Session Details

Speaker(s)

• Proneet Biswas, Sr. Security Architect, iPolicy Networks
• Ray West, Director, Application Development, John Brown University
• Session convener: Carmen R. Cintron-Ferrer, MIS Director, Universidad del Sagrado Corazón

Abstract

Although campus networks today deploy multiple security technologies, they are proving to be inadequate when dealing with next-generation blended threats. In this presentation, we will explore how multiple security technologies such as stateful firewall, intrusion detection and prevention, and URL filtering can be consolidated into an effective security architecture.

• View Session Resources

The Path to Becoming a Security Professional

Session Details

Speaker(s)

• Andrea C. Hoy, President, Orange County Chapter, Information Systems Security Association (ISSA)

Abstract

What does it mean to be a security professional in higher education? The path to a career in information security is often varied, and the roles an individual must perform often require an uncommon skill set. Whether the information security program is carried out by a team or an individual, the program must attend to administrative, physical, and technical safeguards that require a broad range of knowledge and skill.

• View Session Resources