Open for Business, Closed for Hackers: The challenges of Securing information in Higher Education

Where: Southbridge Hotel and Conference Center
14 Mechanic St.
Southbridge, Massachusetts

When:9:00 am - 3:30 pm

Note: Registration begins at 7:30am

Workshop Organizer: George Claffey of Charter Oak State College

add to calendar  |  share  | map it  | Directions to Southbridge

Outlook
Yahoo Calendar
Google Calendar
iCal

Over the past ten years, advances in technology have allowed institutional leaders access to a wealth of new information to help guide decision making. While technology has provided valuable information to help the institution, its ability to cripple an institution is just as great, if not greater. At the end of the day, buildings can be repaired, classes rescheduled, systems restored from tape, but a security breach of your student/alumni data will damage your institution’s relationship with its students and alumni possibly causing them financial harm through identity theft. The loss of trust between the university and its student body will take years to repair.

This workshop will present multiple case studies on how institutions are dealing with the challenge of securing an “open campus” and protecting their data.
 

Event Schedule:
8:00am – 9:00am Registration and Coffee

9:00am – 9:15am Welcome

9:15am – 10:00am Securing Our Weakest Link: End User Training
Speaker: George Claffey, Chief Information Officer, Charter Oak State College

Information security is NOT a technology problem, it is an institutional problem. Our best defense is to equip our end users with training to help them understand how to safeguard their information and that of our students.
The largest positive effect to our campus’s security posture will be through efficacious training of faculty, staff, and students. Our definitive action to require this training will prove to provide the broadest security impact to your institution’s vital data, and will also be one of the least expensive controls that you can implement.
Charter Oak will demonstrate how it created an asynchronous, anywhere, anytime security training and compliance “class” for its faculty, students, and staff. In as little as a one hour online course, faculty, staff and students can gain a basic understanding of how to protect and identify social engineering attacks and learn how to effectively safeguard data.

10:00am - 10:15am Break

10-15am – 11:15am Secure Mobility – Protecting your Infrastructure in a Mobile World
Speaker: Michael Smith, Senior Security Engineer/Security Consultant, ePlus Security

This presentation addresses the threat landscape associated with the proliferation of mobile devices on today’s networks. As the current economic downturn forces companies to cut costs, the “Bring Your Own Device” (BYOD) trend is growing. This reality creates additional risks and challenges to the Enterprise infrastructure. This presentation examines the realities of BYOD and the risks the policy brings to the network. We will focus on solutions with the goal of balancing device usability with the impact BYOD has on enterprise resources, including security and IT staff. The goal of the session is to raise awareness, identify the challenges, and present design principles to enable “secure mobility

11:15am - 12:15pm Deploying an ISO 27000 Security Program
Speakers:
Chris Misra, Associate Chief Information Officer for Security, University of Massachusetts – Amherst
Larry Wilson, Information Security Lead, University of Massachusetts President's Office

We will discuss the motivation for, conditions leading to, and plans for deploying an ISO 27000 Information Security program. We will discuss controls development, consensus building, campus responsibility, and successes and challenges deploying in a multi-campus University wide environment.

12:15pm – 1:00pm Lunch

1:00pm – 2:00pm A System-wide Segregated Approach to Data Security
Speaker: Jeffrey Clark, Information Security Manager, Connecticut Community Colleges

We will review how the Connecticut Community Colleges are implementing a comprehensive Information Security Program from the initial risk assessment to development of logical and technical security controls. Logical controls include user education and least privileged access. We will explore our design to use a unified security tool set for data management and to minimize the operational manpower needed for ongoing operations. We will explore current and future technical controls for Firewalls, Network Intrusion Prevention, Continuous Network Packet Capture and Analysis, Anti-virus and Anti-spyware, Data Loss Prevention (DLP), Whole Disk Encryption, Application White Listing and Forensics.

2:05pm – 3:05pm Building Business Resistance to Cyber Threats & Attacks
Speaker: Eben Berry, President, Cyber Inspectors LLC

This presentation will start by giving greater business context to why cyber attackers continue to have success and the advantage over organizations today. Then shifting the focus on covering how organizations and career professionals can begin leveling the playing field from a business and technology perspective in building resistance in strategic assets they deploy. Then ending with some actionable steps as a starting point with identified business and technology value.

3:05pm – 3:30pm Q&A, Follow-up and Adjournment