Friday, January 13, 2012
Open for Business, Closed for Hackers: The challenges of Securing information in Higher Education
1. Securing Our Weakest Link End User Training - George Claffey-Charter Oak State College
2. Secure Mobility-Protecting your Infrastructure in a Mobile World - Michael Smith - ePlus Security
3. Deploying an ISO 27000 Security Program - Larry Wilson, Chris Misra- UMASS Amherst P1
4. Deploying an ISO 27000 Security Program - Larry Wilson, Chris Misra- UMASS Amherst P2
5. A System-wide Segregated Approach to Data Security - Jeffrey Clark-CT Community Colleges
6. Building Business Resistance to Cyber Threats & Attacks - Eben Berry-Cyber Security
Southbridge Hotel and Conference Center
14 Mechanic St.
When:9:00 am - 3:30 pm
Note: Registration begins at 7:30am
Workshop Organizer: George Claffey of Charter Oak State College
Over the past ten years, advances in technology have allowed institutional leaders access to a wealth of new information to help guide decision making. While technology has provided valuable information to help the institution, its ability to cripple an institution is just as great, if not greater. At the end of the day, buildings can be repaired, classes rescheduled, systems restored from tape, but a security breach of your student/alumni data will damage your institution’s relationship with its students and alumni possibly causing them financial harm through identity theft. The loss of trust between the university and its student body will take years to repair.
This workshop will present multiple case studies on how institutions are dealing with the challenge of securing an “open campus” and protecting their data.
8:00am – 9:00am Registration and Coffee
9:00am – 9:15am Welcome
9:15am – 10:00am Securing Our Weakest Link: End User Training
Speaker: George Claffey, Chief Information Officer, Charter Oak State College
Information security is NOT a technology problem, it is an institutional problem. Our best defense is to equip our end users with training to help them understand how to safeguard their information and that of our students.
The largest positive effect to our campus’s security posture will be through efficacious training of faculty, staff, and students. Our definitive action to require this training will prove to provide the broadest security impact to your institution’s vital data, and will also be one of the least expensive controls that you can implement.
Charter Oak will demonstrate how it created an asynchronous, anywhere, anytime security training and compliance “class” for its faculty, students, and staff. In as little as a one hour online course, faculty, staff and students can gain a basic understanding of how to protect and identify social engineering attacks and learn how to effectively safeguard data.
10:00am - 10:15am Break
10-15am – 11:15am Secure Mobility – Protecting your Infrastructure in a Mobile World
Speaker: Michael Smith, Senior Security Engineer/Security Consultant, ePlus Security
This presentation addresses the threat landscape associated with the proliferation of mobile devices on today’s networks. As the current economic downturn forces companies to cut costs, the “Bring Your Own Device” (BYOD) trend is growing. This reality creates additional risks and challenges to the Enterprise infrastructure. This presentation examines the realities of BYOD and the risks the policy brings to the network. We will focus on solutions with the goal of balancing device usability with the impact BYOD has on enterprise resources, including security and IT staff. The goal of the session is to raise awareness, identify the challenges, and present design principles to enable “secure mobility
11:15am - 12:15pm Deploying an ISO 27000 Security Program
Chris Misra, Associate Chief Information Officer for Security, University of Massachusetts – Amherst
Larry Wilson, Information Security Lead, University of Massachusetts President's Office
We will discuss the motivation for, conditions leading to, and plans for deploying an ISO 27000 Information Security program. We will discuss controls development, consensus building, campus responsibility, and successes and challenges deploying in a multi-campus University wide environment.
12:15pm – 1:00pm Lunch
1:00pm – 2:00pm A System-wide Segregated Approach to Data Security
Speaker: Jeffrey Clark, Information Security Manager, Connecticut Community Colleges
We will review how the Connecticut Community Colleges are implementing a comprehensive Information Security Program from the initial risk assessment to development of logical and technical security controls. Logical controls include user education and least privileged access. We will explore our design to use a unified security tool set for data management and to minimize the operational manpower needed for ongoing operations. We will explore current and future technical controls for Firewalls, Network Intrusion Prevention, Continuous Network Packet Capture and Analysis, Anti-virus and Anti-spyware, Data Loss Prevention (DLP), Whole Disk Encryption, Application White Listing and Forensics.
2:05pm – 3:05pm Building Business Resistance to Cyber Threats & Attacks
Speaker: Eben Berry, President, Cyber Inspectors LLC
This presentation will start by giving greater business context to why cyber attackers continue to have success and the advantage over organizations today. Then shifting the focus on covering how organizations and career professionals can begin leveling the playing field from a business and technology perspective in building resistance in strategic assets they deploy. Then ending with some actionable steps as a starting point with identified business and technology value.
3:05pm – 3:30pm Q&A, Follow-up and Adjournment
Registration Cancellation Policy
By clicking on the "Order Now" button, you are indicating a commitment to attend and will be held responsible for the registration fee. Your fee can be refunded if you notify us of a cancellation at least 8 days prior to the event via email to firstname.lastname@example.org.
NERCOMP reserves the right to use any photographs or other mechanical recordings taken at NERCOMP events in promotional materials. No mechanical recordings of any kind may be used at NERCOMP events without the prior written consent of NERCOMP organizers and presenters. The views and opinions expressed at NERCOMP events do not necessarily reflect those of NERCOMP, nor does NERCOMP make any representation regarding the information presented at NERCOMP events.