Security Management

When discussing video surveillance with campus police and IT departments at various schools and universities, I frequently hear an undercurrent of distrust between the two groups.

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

• Who is behind data breaches?
• How do breaches occur?
• What commonalities exist?
• Where should mitigation efforts be focused?

This report outlines the secure development methods and integrity controls currently used by SAFECode members to deliver high-assurance systems to government and commercial customers.

Community updates from EDUCAUSE/Internet2 Security Task Force, InCommon, OpenScience Grid, Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), TeraGrid, and the U.S. Department of Energy Computer Incident Advisory Capability.

The Cybersecurity Summit meetings have proven to be a useful forum to foster dialog between awardees, cybersecurity experts and NSF. NSF will provide feedback on the 2007 Summit meeting and discuss best practices in cybersecurity that might be useful to large facilities.

Science and engineering projects are creating "virtual organizations" with participants from around the world. The rules and conventions of virtual organizations and their means of achieving success are evolving every day. In this session, we will explore the security challenges of virtual organizations. Grid security technologies and policy will be discussed to develop guidelines for strengthening security in virtual organizations.

System trustworthiness is needed for security, reliability, survivability, safety, and for many application areas such as critical infrastructures, robust networking, and high-integrity elections. Trustworthiness ultimately requires many changes in the way systems are developed today. Being respectful of privacy needs requires further care. This talk considers a variety of approaches that can enhance system trustworthiness, sensible system development practices, and a system-oriented view toward achieving the desired changes.

Most computer security problems arise from buggy code. It seems clear that writing large, bug-free programs is and will remain beyond our abilities. We propose a different goal: protecting what really matters. On e-commerce sites, the web server is primarily a front end for a database. Protecting the latter is much more important than protecting the former. Doing this properly requires a different approach to overall system architecture.

We want cameras watching for problems, but we worry that they will observe or disclose things we'd like to keep private. We want network administrators to track harassing e-mail to its source, but we don't want anyone monitoring our e-mail. We want our buildings to admit occupants and keep strangers out, but we don't want anyone keeping track of when we arrive and leave. In other words, we want big brothers to watch out for us, but we don't want Big Brother to watch us. And IT is caught in the middle.

Position description for Associate Executive Officer for Information Technology Security at Connecticut State University System.