Roy Wattanasin – The Future of Internet Of Things IoT

According to Gartner, there will be over 26 billion devices on the Internet of Things by 2020. This presentation aims to give an introduction to different kinds of Internet Of Things (IoT) of the future. What does the future hold for IoT? What security risks should we look for? Examples will be given with information security findings that should be reviewed. Suggestions, findings and research data will be given to the audience so that they can do more research.

Thomas Grundig – Duo at BU – Our plan for enabling two factor authorization for all employees 

Over the summer of 2014, Boston University began rolling out two factor authentication for all faculty and staff accessing our SAP products using Duo Mobile Security and a Shibboleth backend.  We will share our design decisions and lessons learned, including the surprising willingness to adopt the technology.

David Sherry & Patty Patria – Risk Management Through Security Planning

Security and risk are both important for any enterprise, and while related, are most often in separate areas.  However, all security practitioners at any level are risk managers in some sense of the word.  This presentation will offer a combined view by two practitioners of how sound security planning is a risk management technique.  While this is a very broad topic, it is the intention of this discussion to be a great primer for those starting the journey, or a valid benchmark for those with such programs in place.  We will compare and contrast between a small, local college and a large Ivy league research school to show that the thought processes are the same, and no matter what your size, you can have results.

Julie Gillis & David Millar – Redesigning Boston College’s information security awareness program based on current research

A recent study characterized many Security Education and Training (SETA) programs as “useless” or “ineffective.” We suspect that BC’s program could be more effective.

We will review recent academic research in SETA programs, and discuss how we plan to apply it at BC.

Mehul Sharma – Securing the Stack — Web, Network and Operating System Security

Using Linux along with its specific tools/components — IPtables, SSH, Routing Stack, Bridge, POSIX ACLs and ARP tables, and applying them with a few simple steps, you will learn how to build enterprise-grade, high-performance open solutions or physical (using commodity hardware) or virtual (involving virtual machines) products, which in turn will substantially reduce your total cost of ownership and eliminate vendor lock-ins, giving you flexibility which cannot be derived from proprietary solutions.

Kim Bilderback – The Fine Art of Balancing Privacy & Security

Research shows that more than 70% of the current malware and Internet threats are not being detected by traditional signature based security technologies.  Evidence of this is the continual year over year rise of breaches even though more and more organizations deploying more and more sophisticated signature based systems.  Signature based solutions detect the “known known” risks.  Increasingly threats from the “unknown unknown” risks.  The technologies shown to be effective against the “unknown unknown” risks are big data analytics applied real time against security log data and packet capture data.  Most commonly known as Security Incident & Event Management (SIEM), these tracking systems, though passive, can be viewed as intrusive and invite debate over privacy rights, e.g, the most recent Snowden fired debate over the NSA.  But, if these systems are necessary for insure a safe and secure Internet how do we balance the need for this protection and the rights to individual privacy?

Jeff Von Munkwitz-Smith – What IT Staff Need to Know About Educational Records Privacy (or, FERPA for CIOs)

In many ways, IT staff face more challenges today in maintaining compliance with federal educational record privacy regulations than they ever have, with the expansion of access to data systems, including data warehouses, new types of systems, software in “the cloud”, and outsourced systems. This presentation will cover what the federal student educational records privacy regulations are, several important definitions in the regulations, and some key issues for IT staff to consider.