Chris Woods – Reliability Engineering in Information Security
This session provides a general overview of the key techniques and will demonstrate their application to the selection of information security controls. Security professionals can adapt and use these methods to ensure effective deployment of control measures within the constraints of an organizational budget. You will learn how to evaluating controls with regards to the failure they are intended to prevent (i.e loss of confidentiality, integrity, or available).
Deborah Hemdal, J.D – Electronic Search and Seizure in Higher Education
Some topics covered in this presentation would be the difference between “private” searches and law enforcement searches; the Electronic Communications Privacy Act; and the difference between “public” and “private” spaces both in the work place and the residence (or dorm).
Erik Hemdal – Containerizing Linux Applications
This session discusses topics such as namespaces, how Docker makes these technical features accessible, and what a containerized application looks like from inside and outside the container.
Sandy Silk– A New Rubric for IT Recruiting and Retention.
From lengthy vacancies in unfilled positions to a choice of strong candidates within weeks of job listings. Hear how Harvard Information Security and Harvard WIT (Women in Technology) are leading a culture shift in our IT community that extends from recruiting through promotion. Participants will explore useful resources and techniques to remove inadvertent biases in your processes so you can better attract, retain, and develop strong talent and inclusive teams in your organizations.
– Resist assumptions about degrees and certifications
– Choose your words carefully
– Network, network, network
– Question everything
– Prioritize your pain points and potentials
– Support ongoing professional development
Jeffrey Schiller – Encryption Backdoors: Irresistible Force Meeting Immovable Object.
This presentation will provide an overview of the Internet Policy Research Initiative (IPRI) at MIT and will discuss issues related to key recovery, “going dark” and the risks of providing bad doors. It provides perspectives from various people in industry and law enforcement. It includes issues like why key recovery is risky (in our modern context) and the “state of play”.
Dan Flynn – Secure Use of VDI in a PCI Compliant Environment.
How to keep PCI devices secure when business requirements require open access to the internet? When implementing a new VoIP auto calling system (Telefund) for the Boston University Development and Alumni Relations department a unique setup had to be conceived to maintain security. The new BU Telefund system required callers to have open access to the internet to access documentation via Google Docs and look up information from any website that might come up during a call. The system is also used to enter credit card numbers received over the phone (VoIP dialed from the Telefund computer) to receive donations as well. To maintain security of the environment but allow for full business usability, a virtual desktop environment was used to isolate the PCI environment from the open internet access.
Internet Explorer, Java, open internet, and credit cards.
Craig Vincent – Are you ready to SOAR?
Struggling with alert fatigue? Can’t find enough staff for your security team? If you are interested in reducing the burden on your staff and focusing resources on high value activities, come learn how to SOAR. Security Orchestration, Automation, and Response (SOAR) is an exciting new component of an organization’s security strategy. In this session, you will learn about how to run a SOAR program. We will cover what organizations are good candidates for SOAR programs, what you need to get started and known challenges along the way. This is guaranteed to be an exciting introduction into a brand new technology space.