Webinars and other forms of presentations can be a great way to gain familiarity with a new topic or brush up on a skill that you haven’t used in a while. These presentations cover a variety of topics, from security to project management, and come from various sources around the web.
Toss Attackers Into a Black Hole with Open-Source Software
UC Santa Cruz implemented an automated incoming remotely triggered black hole (RTBH) routing solution using open-source software (except for the border router itself). We used Bro for detection, Justin Azoff’s BHR for the queue and API endpoint, Quagga for the trigger router, and a little Python to glue it together. Come see and hear how you can do it too.OUTCOMES: Learn about UC Santa Cruz’s automated incoming RTBH routing solution * Learn about open-source software that may be useful to other institutions wishing to implement RTBH
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Campus Cloud Security Shared Assessments
As campuses deploy or identify cloud services, they need to ensure cloud services are appropriately assessed for security. Many campuses have established a cloud security assessment methodology and have the resources to assess many of their cloud services, but few campuses have sufficient resources to assess all cloud services. As a community, we can assess more cloud services than an individual campus can and share these assessments. The speakers are working on an idea for a shared cloud security assessment repository. This session will be used to get community feedback and could result in a cloud security assessment working group.OUTCOME: Engage in discussion with the presenters to refine your idea to create something campuses would be willing to use
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
You’ve Got This: Briefing the Board on Information Security
Higher education’s unique culture makes its institutions an attractive targets for cybercriminals, which institutional and board executives must consider in their deliberations and decision making regarding overall campus health. Educating your board about information security gives the board a clearer picture of organizational cybersecurity challenges and the potential costs to your institution of failing to manage cyberthreats and risks, including financial and reputational costs. Attend this session to learn how to lead an effective briefing with board executives about information security and share board briefing tips and techniques with peers.OUTCOMES: Identify key goals for a board briefing * Hone your approach in addressing the board * Share board briefing tips with peers
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Taking a Bite Out of Vulnerability: Realistic Configuration Management
In this session, we will explore the principles used by Pepperdine University’s device management project to successfully attack cross-platform device vulnerabilities. The project achieved significant security compliance (e.g., increasing Java patch compliance from 17% to 94%) without significantly offending institutional culture or being perceived as impeding mission. The presenters will overview their approaches to constructing and developing a project team, testing and implementing a configuration management system, and successfully deploying the system to staff and faculty colleagues. In addition to organizational principles, we will demonstrate tips for rollout and keys to operational success and selected examples of specific technical successes.OUTCOMES: Understand strategies for organizing security projects that you can adapt to your institutional culture and resources * Engage in evaluation of tactics for deployment of security controls in a minimally disruptive manner
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
From Data to Wisdom: Transforming Security Events into Actionable Incidents
Learn how our Security Operations team is dealing with the challenges of processing security data into actionable intelligence. In this presentation, we will discuss our model and demonstrate tools we are developing to facilitate each step in the process, including the collection of raw event data from a variety of detection sources; the consolidation/correlation of event data into alerts for human analysis; the analysis of alerts to identify actionable Incidents; the enrichment of incidents with additional data for classification and workflow management; and reporting for trend analysis, resource prioritization, and process improvements. Following the demo we will invite questions, idea sharing, and potential opportunities for collaboration.OUTCOMES: Understand and appreciate security data analysis challenges * Learn how these challenges have been addressed at UC Berkeley * Share ideas for improvements to tools and processes and identify opportunities for future collaboration
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Don’t Be a Scapegoat
Want to avoid taking the fall for a major incident? There are many examples of security professionals who have lost their jobs when a breach occurs, once it was determined that the root cause had been known in advance. Come to this session to hear about American University’s practices of using a risk register and governance group to shine the light on those pesky, lingering risks, and, more importantly, to get executive sign-off on risks that must be accepted or deferred. You’ll take away a foundational understanding of the requirements for setting up a basic IT risk register program.OUTCOMES: Learn about one model/approach to tracking risks * Engage in a discussion of the benefits of recording and getting sign-off on lingering risks * Understand how this approach served as a building block for an ERM
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Security and Privacy Standards for Body Cam Law Enforcement Video on Campuses
Information technology professionals know from their experience with network data and content that body worn cameras and the content that they capture are rife with privacy, security, and standards related issues. In this online presentation we will review some of the national and institutional policy issues, campus procedural approaches with vendors, stakeholders and constituents in the use of this technology, and information management of its content. The presentation will include some speaker observations and plenty of participant contributions. Bring your stories! OUTCOMES: Appreciate the legal and reputation liability exposure of unregulated use of BWC by campus law enforcement * Gain a framework for policy on surveillance and process for stakeholder buy-in * Understand the CJIS standard, IT, and trusted cloud vendor component of a successful BWC policy and process
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
The 1% That Can Take Down Your Institution: Cybersecurity Risk in the Digital Classroom
As educational institutions continue to standardize on cloud platforms, they must secure an increased volume of data moving to the cloud, where faculty, staff, and students have unprecedented levels of control over the creation and distribution of sensitive data. We recently discovered 75% of security risk can be attributed to just 1% of the users in the cloud. This session will examine cloud cybersecurity trends across users, explore collaboration and applications, and share actionable takeaways for a more secure cloud environment. You will learn how focusing on these few users can substantially decrease exposures in a short amount of time.OUTCOMES: Learn how to improve the cloud security posture of your institution, including best practices for collaboration * Understand user behavior and the implications of the riskiest 1% of users * Examine cloud cybersecurity trends across users and applications
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
eduroam (Federated Wi-Fi Access for Scholars Worldwide): Costs and Benefits
Dedicated to the disinterested pursuit of knowledge, the Institute for Advanced Study works tirelessly to foster the work of scholars in a tranquil environment free of distraction. Unfortunately, this is difficult to archive when they travel to other institutions. The advent of the federated Wi-Fi access network eduroam allows us to at least give our scholars easy access when they are visiting a participating school. This seminar will speak to the costs (cheap to free) and benefits of participating with eduroam, including the security ramifications and cost savings of the CAT tool for 802.1x configuration.OUTCOMES: Gain knowledge on what eduroam is and why it is important * Develop a plan to implement at your own school * Take away data supporting the use of eduroam
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Taking Identity from the Classroom to the Cloud
Key education applications have moved to the cloud. Student, faculty, and staff identities are being stretched between multiple directories, effectively creating islands of credentials. It’s no longer enough to just secure your network perimeter. Properly managing cloud applications and identities has never been more important. This session will focus on how to securely move your services to the cloud, while maintaining an agile IT environment and minimizing costs. We’ll look at some key criteria for choosing cloud applications, ways to better secure your end users, and best practices for managing thousands of identities across multiple applications.OUTCOMES:Learn how to navigate the challenges of disparate identity platforms * Learn how to handle the complexity of identity life-cycle management * Understand important concepts involved in choosing services from cloud vendors
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations