EDUCAUSE | Presented at EDUCAUSE Annual Conferences and Incident Handling and Response

Some Frontiers of Security Work

drupal — Wed, 07 Nov 2007 13:04:27 -0600

The higher education community faces increasingly difficult issues of security in a networked world, compounded by the demands of advanced applications. Performance requirements (high bandwidth, end-to-end transparency, new protocols) are essential for the academic mission and innovation, but are not easily accommodated in current approaches to network security. The Salsa group is forging new frontiers to address these issues.

Information Security: Zero to 60 in 10 Years

drupal — Tue, 30 Oct 2007 13:42:38 -0500

The focus on information security at Embry-Riddle Aeronautical University, as in many institutions, has evolved gradually over a number of years. Beginning with what can best be described as ad hoc initiatives driven by afterthought oversight, the university's focus on information security is maturing into a formalized, integrated business component and directive.

Stop, Drop, and Roll: Prevent and Douse Cyber Incidents

drupal — Tue, 30 Oct 2007 13:42:36 -0500

Presenting two best-practice models for cyber incidents: To prevent cyber incidents, learn how to use an uncomplicated cyber risk assessment to help you focus your institution's limited resources. When an incident occurs, know how to douse the effect of breach events when notification is required.

Effective IT Security Practices

drupal — Wed, 18 Oct 2006 15:56:46 -0500

IT security is a critical issue in higher education. This seminar will focus on network security architectures, infrastructure, data security, incident detection, prevention, and response. A framework and set of tools that participants can take back to their institutions for handling IT security incidents will also be provided. Participants will learn how to bypass typical mistakes, develop incident-handling protocols and procedures, use shareware and open source tools, interpret logs, and leverage other forensic and investigative resources. The effective practices work of the EDUCAUSE/Internet2 Computer Network Security Task Force will also be discussed.

Ensure IT's Quality, Ensure IT's Security, or Throw IT Out!

drupal — Wed, 18 Oct 2006 15:56:49 -0500

This presentation on application hacking and programming blunders that compromise security will be an eye-opening session for IT professionals at all levels. We will demonstrate and explain common Web application hacks such as URL rewriting, impersonation, SQL injection, and defense techniques and countermeasures that you can implement today.

How to Successfully Defend Against IRC Bots, Compromises, and Information Leaks

drupal — Wed, 18 Oct 2006 15:56:51 -0500

IRC "bots," Trojan horses, rootkits, "zero day" threats, compromised PCs . . . sound familiar? These threats can result in sensitive data exposures, not to mention the hassles of remediating compromised systems. We will discuss how to implement effective solutions and practices and a distributed management strategy to prevent exploits, IRC bot attacks, and unauthorized access.

The 2006 Campus Computing Survey

drupal — Wed, 18 Oct 2006 15:56:47 -0500

The Campus Computing Project will present new data from the 2006 survey on the role of information technology in U.S. higher education. Topics include user support, campus portals, wireless networks, strategic and financial planning for IT, instructional integration of IT, campus IT standards, course management systems, Web site services, and IT security issues.

Notification of Data Security Incidents: Tips and Resources

drupal — Tue, 01 Nov 2005 12:34:32 -0600

Several states have moved to require notifications following compromises of personal information and a federal proposal has also been introduced. Sponsored by the EDUCAUSE/Internet2 Security Task Force, this session will provide an update of legislative trends and identify practical steps that institutions should take following a data security incident. A toolkit of resources and effective practices will also be provided.

IT Security: The State of the Practice in Higher Education

drupal — Mon, 17 Nov 2003 11:39:21 -0600

In the spring of 2003, the EDUCAUSE Center for Applied Research (ECAR) launched a major study of IT security in higher education. Nearly 500 colleges and universities responded to the ECAR quantitative survey, and several institutions were profiled in depth. The survey also incorporated IT security surveys from a variety of external sources, making possible interesting comparisons of security practices in academe and out. This study and session also incorporate substantial qualitative information and insights gleaned from detailed case studies of MIT, Indiana University, and the University of Washington.

This presentation was also given at the 2003 ECAR Symposium.

Distributed Network Security Using Free Tools in University Environments

drupal — Fri, 25 Jul 2003 12:48:08 -0500

Through multilayered defenses and distributed incident response, the ITS-Security office at the University of North Carolina at Chapel Hill has been able to cripple massive and minor attacks with existing tools and architectures, many of which are normally available to most environments. This presentation will describe the procedures used to rapidly contain and suppress network intrusions.