Implementing a Data Security Program
Jake Cunningham, University of Massachusetts
Recently UMASS Amherst developed and implemented a program to locate and protect sensitive information on the university computer systems. The goals of the program are to educate faculty and staff about sensitive data, help university departments comply with legal obligations and university policy, and reduce the risks of data theft in the event of a security breach. This talk outlines the process we followed to build and implement our data security program, and discusses the successes and challenges we encountered.
BYOD and the Threat Within
Tim Evans, Impulse Point
An open dialogue led by an experienced industry veteran, this forum is not intended to be an Impulse Point discussion, rather a forum to discuss the reality that most education institutions now face – users bringing their own devices onto the network and the different approaches and philosophies as this newer landscape presents before us all.
We will lead a discussion about the three approaches to addressing BYOD and discuss:
- The three unique approaches prevalent amongst education institutions
- Considerations and tradeoffs for each approach
- IT security’s ever-changing role based on the approach chosen
- How NAC can play a role in embracing this phenomenon.
We plan to close with a discussion of some of the best practices we have seen implemented, regardless of the approach chosen, within the education sector.
Building a backchannel IDS logging system for off site using Snort and OpenVPN
Doug White, Roger Williams University/Rhode Island Cyberdisruption Team
Isolated logging and backup can allow you to “push” backups and “pull” logs to prevent unwanted attackers from destroying evidence and outward facing DMZ devices. Traditionally, due to budget, it is often difficult to develop systems to support the idea. Dr. White will discuss remote “pull” logs and “push” backup ideas in a DMZ environment which uses open source products to allow for a more protected approach from off site for management of activity. This is useful for both localized and hub and spoke type environments. In particular, OpenVPN and Snort are discussed in the network diagram.
Unfortunately, the presenter was unable to make it and this presentation was canceled.
secureU and HuskyHunt – UConn’s approach to Information Security Awareness
Jason Pufahl, University of Connecticut
secureU: secureU is a new program developed by the Information Security Office (ISO) of interrelated sub-programs focused on addressing individual security initiatives. Together these sub-programs begin to form a dynamic shield to protect UConn’s resources from malicious viruses, malware, and personal information theft. The program consists of the following sub-programs: Antivirus, Encryption, File Services, Firewalls, Identity Finder, Managed Workstation, Network Segmentation and SafeConnect.
HuskyHunt: In October 2012, the University of Connecticut’s Information Security Office will launch “HuskyHunt” – a six-week, innovative and creative scavenger hunt available to all UConn undergrad students between the ages of 18-23. The objectives of the Hunt are: 1) To increase the students’ awareness of the basics of computer security, and 2) To increase students’ ability to detect potential hazards to their computer, including PII, while turning computer security into something enjoyable. Social media is a key component in the HuskyHunt. Participants will need to post/tweet their answers to Facebook and Twitter accounts. The intention of these sites is to get the message out and capture the attention of the audience. Following one or both sites in order to play is a requirement, and half the points will be given based off posts/tweets of clues from these sites. In order to get the points, the players must post/ tweet the answer to the scavenger hunt clue on their social media page, in order to generate more publicity and get the message out there for other students who may not be playing the game. Incentives will be awarded ranging from free textbooks to t-shirts and are based on points that will be tracked by their HuskyHunt website user ID.
A novel use of VDI to create an isolated HIPAA-complaint space for research users
John A. Meyers, Ph.D, Boston University
The protection of patient privacy has become an ethical necessity and legal mandate for which all academic medical centers must grapple with the need to restrict and protect and the need to promote approved research endeavors without creating roadblocks. While almost all electronic medical records and other clinical systems have appropriate safeguards, research users often use unstructured data in the form of spreadsheets, image files, and a variety of proprietary analysis formats outside of the mainline clinical systems. As a consequence, it is trivial for both intentional and unintentional data loss to occur resulting in institutional liability. In this talk we will present the development of an isolated high security virtual desktop (VDI) environment that allows research users to interact with and manipulate sensitive identifiable patient data with most available tools yet prevents the unauthorized removal of any data from the isolated system. Utilizing a variety of commercial and open source products, this solution allows researchers to freely work with sensitive information while providing a high degree of assurance against data loss.
BYOD and Mobile Device Security
Ashish Jain, Boston College
BYOD and mobile device security brings an interesting challenge to higher education. Users want to connect their smartphones, tablets, and other computing devices to the network. Once these devices are connected to the network, it is difficult to manage and monitor. This presentation will introduce to challenges and discuss array of possible solutions.
Cyber Liability Insurance
Paul Clancy, Boston University
What protections and services are companies really buying with the purchase of cyber liability insurance coverage? This session will outline and review some of the different coverages and services available in the current insurance marketplace, along with an overview of the process that Boston University recently went through in order to evaluate and obtain this coverage.