If you are nervous about your institution's vulnerability to hack attack or your system being used to attack others, you have good cause. Higher education is especially susceptible because of its extensive computing power, the large amounts of information it has on hand, and the relatively open access that is part of its culture.
Indeed, the "it can't happen here" attitude has all but disappeared in light of an increasing number of system violations and cyber crimes by external hackers as well as dishonest, disgruntled, irresponsible or uninformed students and staff. One expert has said that just using the procedural and technological safeguards that are available now would make systems much more secure. Indeed, one study says that 90 percent of cyber attacks in the near future will take advantage of vulnerabilities for which a patch is already available. However, cybersecurity must involve all users, not just system administrators.
This teleconference will present essential information on:
- doing risk assessments
- identifying the most common vulnerabilities
- dealing with an attack if it occurs
- the importance of creating, implementing and policing an institutional policy that raises awareness of the problems and gets essential information to all users.
|
*Note: for administrators and technical staff
Panelists
Paul Harris is Program Director for IT Security Education Programs at St. Petersburg College. He came to the college after 15 years in law enforcement, where he investigated computer-related crimes. He served as a police officer and a detective, as well as an administrator with the Florida Department of Law Enforcement. He has consulted on cybersecurity with educators, members of Congress, the executive branch of the federal government, state government, business, law enforcement officers, and IT professionals. When he works with IT staff and administrators in higher education, his basic question about security issues is "How well does your institution's CIO sleep at night?" As an educator, he researches and develops new technology programs that provide students with opportunities to pursue leading-edge technology careers. Paul has worked as a Subject Matter Expert for the CompTIA Security+ certification and is currently working with the International Information Systems Security Certifications Consortium (ISC2) to develop online education programs for the Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP) certifications. He has also developed education programs such as "Computer Related Crime Investigations," "IT Security" and "Secure Programming." His current projects include "Wireless Networking Security” and "Internal Controls for Business Operations." These programs make it possible for students to receive college credit certificates that contribute to several Associate of Science degrees and prepare them for several industry-recognized certification examinations, such as Security+, SSCP and CISSP. The programs are designed so they can be shared with other colleges who want to develop similar programs at their institutions. Paul holds a degree in police administration from St. Petersburg College. His interests outside of work are family, completing home projects, reading, and computers.
Randy Marchany has been involved in the computer industry since 1972. Randy is currently the senior member of the VA Tech Computing Center's Unix system management group. He is the director of the Network Appliance Testing Laboratory, which is part of VA Tech's CIRT and Network Defense Initiative and the coordinator of VA-CIRT, an incident response team made up IT staff from various state universities in Virginia. He is the author of VA Tech's "Acceptable Use Statement," which has become a model for the Virginia state university system. He has been a frequent speaker at national and international conferences such as SANS, IIA, ISACA, Network Security, IEEE Symposium on Systems Management, DECUS, and the Computer Security Conference. The SANS Institute has described him as the "best storyteller in the computer security field." He has taught professional development seminars on Unix System Management, Forming Incident Response Teams, Auditing Unix Systems, Auditing Internet Security for various professional groups such as ISACA, IIA, Ernst & Young and the SANS Institute. He is co-author of the SANS Institute's "Top 20 Internet Security Vulnerabilities" document that has become a standard for most computer security and auditing software. He is also a co-author of the SANS Institute's "Computer Security-Incident Handling-Step by Step" which has been recognized as one of the foremost publications on Incident Response. He was a recipient of the SANS Institute's Security Technology Leadership Award for 2000. Randy holds a BS in Computer Science and an MSEE from Virginia Polytechnic Institute and State University. He is a member of the award-winning string band No Strings Attached, participates in several sports including volleyball, handball and biking, and was an assistant volleyball coach for VA Tech's women's volleyball team.
Daniel A. Updegrove is Vice President for Information Technology at The University of Texas at Austin, and senior lecturer in the UT Graduate School of Library and Information Science. Mr. Updegrove serves as the University's Chief Information Officer and directs a staff of 375 providing communications infrastructure, data center, enterprise information, collaboration, academic, and user support services for the largest US campus, with an enrollment of over 51,000 students. Prior to arriving at UT in January, 2001, Mr. Updegrove served as Chief Information Officer at Yale University; Associate Vice Provost for Information Systems and Computing at the University of Pennsylvania; Vice President of Educom (predecessor to Educause); Research Associate at Yale and the National Bureau of Economic Research; and Teaching Associate at Cornell University, where he studied industrial engineering and urban planning. Mr. Updegrove is active in Educause (chairing the Advisory Group on Administrative Information Systems and Services and co-chairing the Task Force on Computer and Network Security); Internet2 (serving on the Network Policy and Planning Advisory Committee); Texas GigaPOP (serving on the Board of Trustees); and the Southeastern Universities Research Association (serving on the IT Steering Group); and represents UT within the UT System as well as in the Coalition for Networked Information, Common Solutions Group, and Big 12 CIO group. He has lectured and consulted widely in the US and abroad on IT strategic planning, networking, computer-based planning models, and computer gaming simulation. He currently serves on advisory committees for Apple Computer, Dell Computer Corporation, and Microsoft and on the board of directors of Knowbility, an Austin non-profit advocating barrier-free IT. |