name of presentation company name. october cybersecurity month future trends in education and...
Post on 20-Dec-2015
213 views
TRANSCRIPT
Name of presentationCompany name
October Cybersecurity Month
• Future Trends in Education and Technology
• Purdue Security Issues/Priorities
• Scott Ksander• Richard Katz video: The school of Athens or
Mr. Fords Factory• Gerry McCartney • Educause student video winners for 2007
Gerry McCartney• McCartney has served as the university's top information
technology administrator since July 2006.• From 1993 until 2004, McCartney served as associate dean
and chief information officer at the University of Pennsylvania's Wharton School.
• Education Background:• PhD Sociology and Anthropology from Purdue in 1996 • Received diplomas in advanced programming and systems
analysis from Trinity College in Dublin, Ireland, in 1982 and 1984, respectively.
• He received his bachelor's and master's degrees in 1981 and 1982 from NUI Maynooth in Ireland.
Educause Student Videos
• Identity Theft for Criminals• Out in the Open• Short Film
Stages of Security• Blissfully ignorant (20%)• Awareness (30%)• Corrective Action (40%)• Operational Excellence (10%)
The Cost of Security
•Blissfully ignorant (<3% of IT budget)•Awareness (4-6%)•Corrective Action (7-8%)•Operational Excellence (3-4%)
Real progress on IT security will REDUCE IT security spending requirements!
• Defend the BorderAbsolute path blocking (port blocking) Content-based path blocking (intrusion prevention)
• Defend Critical Regions AbsoluteConditionalContent-based
• Machine-level Protection Operating System patchingApplication Program patchingContent change monitoring (tripwire) Anti-VirusAnti-Spyware/Anti-Adware/Anti-Malware
Purdue Security Priorities
• Authorized Personnel Only Establish and maintain central credentialNetwork access credential control Application access credential control
Purdue Security Priorities
• Policy/Procedures/Guidelines University level Boundaries for unit level operations Interpretation and ConsultationEnforcement/Compliance
• Incident ResponseResponse ExemplaryInvestigation/Forensics Identify Remediation Post-incident reporting Post-incident evaluation
Purdue Security Priorities
• Awareness and Education StudentsStaffFacultyOperational Units
• Risk Identification and Remediation Facilitated Risk Assessments Self-conducted risk analysis tools
Purdue Security Priorities
• Defend the data In transit At rest
• Monitoring/Logging/Review NetworkMachine-level Application
Purdue Security Priorities
• Application of New Technologies Defense technologiesProtection technologiesCredential technologies
Purdue Security Priorities
Stay Informed
It Has Been a Great “Ride”• Pablo Malavenda – use, abuse, and risks of
social networking• Chris Burgess, CISCO Chief Scientist –
culture of security needed within organizations
• George Heron, McAfee Chief Scientist – need to educate and empower users through awareness and security tools
Questions Before Elvis Leaves The Building?
• Questions??
• As always, be careful out there.
Credits:• Thanks to David Fry, John Holladay, and all the
guys downstairs taping the program!!
• Thanks to Gary, upstairs managing the sound, video, whatever we ask of him
• ITNS staff who support and encourage each other: special thanks to Joanna Grama
• Gifts from Microsoft, Dell, PEFCU, Dewpoint, Symantec, CERIAS, Awards Unlimited and Scott Ksander