Presented at Security Professionals Conference

PCI compliance can be daunting, particularly in a university network environment. Notre Dame chose a data center within a data center approach to simplify compliance and minimize integration issues. This project includes implementing the data center, a virtual network to support point-of-sale devices, and related operational procedures.

Operating system and application vendors are finally starting to ship products secure by default. Not to be outdone, the attacker community has changed both motivation and operation: Careless vandals are being replaced by organized cybercriminals with advanced attack techniques. See how this shifting landscape affects traditional security strategies.

Everyone wants to know how to "be secure." The myriad higher ed compliance requirements, coupled with a constantly dynamic attacker strategy, have made this question more difficult than ever to answer. Come talk with representatives from three institutions that managed to craft a rational, coherent strategy for standardizing security.

Information security and the protection of a university's information assets and intellectual property begin with security awareness and education. This session will discuss Purdue University's approach to security education and training, focused on the university community at large, which is designed to develop and preserve a culture of security awareness.

Security staff want to keep the bad guys out, and identity management (IdM) staff want to let the good guys in. This session will explore this generalization and how to bridge issues in technology, policy, process, and reporting structures relating to security and IdM to achieve shared institutional goals.

The following presentations are from the "Welcome and Introductions"of the 2008 Security Professionals Conference.

This session will help you get the most out of your attendance at the Security Professionals Conference. Beyond a conference overview, we will address how to make smart choices about which sessions to attend, network with colleagues in similar situations, be intentional about taking home what you learned, and become more professionally involved in the activities of the EDUCAUSE/Internet2 Security Task Force.

UC Berkeley's Electrical Engineering and Computer Sciences department wanted to strengthen security for mobile users on the wireless network. This talk will cover practical knowledge required to address network security incidents in a forensically sound manner. The university selected FireEye's antimalware solution to protect against targeted stealth malware.

University computing environments can be a security nightmare of unpredictability, diversity, and ongoing demand for availability with minimal restrictions. Simultaneously, university IT must protect the students, faculty, and staff they support. The answer? Deploy the right tools and tactics at the right time to enforce security policy compliance.

In this session, we will address the current cybersecurity issues that are challenging higher education leaders today as they try to stay on top of the risks associated with attacks on information systems from internal and external sources. Emerging enterprise risk management (ERM) methodologies will be examined as a source of guidance for creating an effective risk-based approach for managing current and future threats.

Good security requires good communications and understanding. It is key to agree on effective and efficient processes and technologies that implement security controls. How do we get senior administrators, security professionals, and technologists all speaking the same language so smart decisions can be made?

Windows desktops are widely deployed and can be subject to multiple attack vectors. Windows XP and Vista have vulnerabilities that need to be mitigated effectively by security teams or by end users. This session will cover the top security vulnerabilities in Windows desktops and how to secure them quickly and effectively, along with the tools to use.

Follow along as we track down the source of JavaScript injection into web pages through the use of ARP flooding and router impersonation on the IU network. How did it happen, what tools did we use to track it down, and what can we do about this type of attack?

After the tragic events of April 16, 2007, at Virginia Tech, IT professionals and university legal counsel had to quickly address the need to collect and preserve data in the event of future litigation. Performing tasks while dealing with grief and protecting academic freedom and privacy issues has required a delicate approach.

Learn how Weill Cornell Medical College employs a nontraditional risk management methodology to accurately measure risk, build compelling and successful budget requests, and graphically illustrate trends understandable to technical and nontechnical stakeholders. Attendees will receive Excel tools they can use to manage their own risk assessments in this way.