Name of presentationCompany name

October Cybersecurity Month

• Future Trends in Education and Technology

• Purdue Security Issues/Priorities

• Scott Ksander• Richard Katz video: The school of Athens or

Mr. Fords Factory• Gerry McCartney • Educause student video winners for 2007

Gerry McCartney• McCartney has served as the university's top information

technology administrator since July 2006.• From 1993 until 2004, McCartney served as associate dean

and chief information officer at the University of Pennsylvania's Wharton School.

• Education Background:• PhD Sociology and Anthropology from Purdue in 1996 • Received diplomas in advanced programming and systems

analysis from Trinity College in Dublin, Ireland, in 1982 and 1984, respectively.

• He received his bachelor's and master's degrees in 1981 and 1982 from NUI Maynooth in Ireland.

Educause Student Videos

• Identity Theft for Criminals• Out in the Open• Short Film

Stages of Security• Blissfully ignorant (20%)• Awareness (30%)• Corrective Action (40%)• Operational Excellence (10%)

The Cost of Security

•Blissfully ignorant (<3% of IT budget)•Awareness (4-6%)•Corrective Action (7-8%)•Operational Excellence (3-4%)

Real progress on IT security will REDUCE IT security spending requirements!

• Defend the BorderAbsolute path blocking (port blocking) Content-based path blocking (intrusion prevention)

• Defend Critical Regions AbsoluteConditionalContent-based

• Machine-level Protection Operating System patchingApplication Program patchingContent change monitoring (tripwire) Anti-VirusAnti-Spyware/Anti-Adware/Anti-Malware

Purdue Security Priorities

• Authorized Personnel Only Establish and maintain central credentialNetwork access credential control Application access credential control

Purdue Security Priorities

• Policy/Procedures/Guidelines University level Boundaries for unit level operations Interpretation and ConsultationEnforcement/Compliance

• Incident ResponseResponse ExemplaryInvestigation/Forensics Identify Remediation Post-incident reporting Post-incident evaluation

Purdue Security Priorities

• Awareness and Education StudentsStaffFacultyOperational Units

• Risk Identification and Remediation Facilitated Risk Assessments Self-conducted risk analysis tools

Purdue Security Priorities

• Defend the data In transit At rest

• Monitoring/Logging/Review NetworkMachine-level Application

Purdue Security Priorities

• Application of New Technologies Defense technologiesProtection technologiesCredential technologies

Purdue Security Priorities

Stay Informed

It Has Been a Great “Ride”• Pablo Malavenda – use, abuse, and risks of

social networking• Chris Burgess, CISCO Chief Scientist –

culture of security needed within organizations

• George Heron, McAfee Chief Scientist – need to educate and empower users through awareness and security tools

Questions Before Elvis Leaves The Building?

• Questions??

• As always, be careful out there.

Credits:• Thanks to David Fry, John Holladay, and all the

guys downstairs taping the program!!

• Thanks to Gary, upstairs managing the sound, video, whatever we ask of him

• ITNS staff who support and encourage each other: special thanks to Joanna Grama

• Gifts from Microsoft, Dell, PEFCU, Dewpoint, Symantec, CERIAS, Awards Unlimited and Scott Ksander