Webinars and other forms of presentations can be a great way to gain familiarity with a new topic or brush up on a skill that you haven’t used in a while. These presentations cover a variety of topics, from security to project management, and come from various sources around the web.
The Successful Security Awareness Practitioner
Do your work responsibilities include providing security awareness or training? Do you want to communicate more effectively to end users and other audiences? Do you develop security-related presentations for management? What training do you need? The presenters will share the findings from the Fall 2015 Awareness and Training Group survey of current security awareness practitioners, highlighting their commonalities and differences, and discuss professional development strategies that will provide you with the skillset needed to ensure that your security awareness programs are successful.OUTCOMES: Understand the key development strategies that will enable their success as security awareness practitioners * Learn about career development opportunities * Develop a professional network of security awareness practitioners
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
It’s the Big One: Managing Your Remediation Efforts after a Cyberattack
What happens when a large number of key IT systems fall victim to an advanced persistent threat? How did it happen? How can you track the attackers’ activity? How do you organize, plan, and schedule your remediation activities after a major cyberattack? We will discuss a recent well-publicized cyberattack at the University of Virginia originating from China and our hybrid approach (one part incident response, two parts major project management) for managing our remediation efforts. Key players from UVa’s project team will share lessons learned.OUTCOMES: Understand the advantages in managing incident response like a “project” * Learn best practice project management tips and tools for incident remediation * Engage in lessons learned discussion and Q&A with the UVa team
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Continuous Monitoring, Part Deux
Virginia Tech is implementing the 20 Critical Controls and an operational continuous monitoring (CM) strategy. We will discuss our progress in the CM strategy, the implementation’s successes and pitfalls, and the original goals and factors that support them, along with required modifications. Big data analysis techniques are used in hunting down attackers in our network. We’ll show examples of what we’ve done in this phase of the project.OUTCOMES: Gain insight in the CM strategy * See examples of the outputs from CM sensors * Be encouraged to follow this strategy to better defend your sensitive data
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Sipping Alphabet Soup: Getting Familiar with the New Government Information Categories
Research universities have been using NIST security controls guidance for the past five years to meet requirements of federal granting agencies. New in 2015 is a publication, the NIST Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” Federal research contracts may soon begin using the SP 800-171 in their requirements, but the scope may be a broadly impactful compliance regime that has not previously been the concern of universities. This session aims to illustrate the realm of Controlled Unclassified Information (CUI) and provide guidance for the compliance unaware in the audience.OUTCOMES: Receive a roadmap to use of the 800-171 * Obtain a listing of considerations for security efforts in research contracts and practical issues when confronted with the requirement to use NIST controls
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Leveraging Open Source to Bootstrap Your Threat Intelligence Program
Starting a threat intelligence (TI) program doesn’t have to be difficult and can be built up over time. We will survey different takes on “threat intelligence” and some of the open source tools available for collecting and using TI. We will discuss how to start consuming free and open-source feeds, how to put them to work in your environment, and tips for avoiding the near inevitable black eye when something gets blocked that is super-mission-critical-ZOMG-BRINGITBACKNOW. We will also discuss what we can do in the higher ed space to start producing our own threat intelligence and what our responsibilities ought to be when sharing data with the community. This presentation will be centered on the use of the Collective Intelligence Framework (CIF) for consuming and putting TI into action in your environment.OUTCOMES: Learn about various takes on TI and open source tools for TI * Learn how to leverage free products to start “doing” TI * Understand common pitfalls and paths to “leveling up” your TI program
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Successful CISO Leadership and Conflict Resolution
CISOs are the senior information security executives for universities, and as such they have to be experienced IT leaders and knowledgeable about security. They influence leaders all around the university, with little or no formal authority. The speaker will introduce the competencies necessary to be a successful CISO and why they are critical for success; give an introduction to leadership itself, contrasting it with management and emphasizing its importance; talk in detail about conflict resolution; explore the reasons for conflict, differentiating good and bad conflict; and provide a framework for resolving healthy conflict.OUTCOMES: Better understand what you need to work on to become a CISO * Gain another tool for your campus toolbox
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Cybersecurity for Research: Resources and Experiences from the NSF Community
The National Science Foundation funds over $7 billion dollars of research. In this talk, we will present two NSF-funded centers that bring cybersecurity expertise to the NSF community, including universities supporting scientific and engineering research. The Bro Center of Expertise at https://www.bro.org/nsf promotes Bro as a comprehensive, low-cost security capability for higher ed and NSF projects. The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) at http://trustedci.org leads the NSF community in implementing risk-based cybersecurity to maximize trustworthy science. This talk will cover the practical natures of the two centers and the learned lessons in securing scientific research.OUTCOMES: Learn our perspective in securing research * Share your challenges of securing research in your organizations * Start a conversation on how to best security research
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Securing the Science DMZ and Research
As more institutions leverage grants around big data, many organizations are creating Science DMZs to enable this research. We want to help shift the discussion away from the common misconception that a Science DMZ means you are bypassing campus security and leaving your data unprotected. We are hoping to pull together people to develop some best practices around security to form a consensus around methods for securing a Science DMZ that schools can implement and take to research administration, auditors, risk officers, and security officers to help allay fears to encourage adoption.OUTCOME: Learn that other campuses are interested in securing the Science DMZ and integrating it into a campus’s security program
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
Moving to the Cloud: Resistance Is Futile
In this session, we will explore the history of cloud computing (did you know that this existed as far back at 1949?) and how it will continue into the future, including information on security in the cloud (for a preview, go to http://www.securitycurrent.com/en/writers/joel-rosenblatt/moving-to-the-cloud-resistance-is-futile). Please come prepared with your questions to actively engage in a cloud conversation.OUTCOMES: Understand the 3 different services and types of clouds * Learn about the steps involved in moving a service into the cloud * Go back to your institution and move something to the cloud
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations
A Sensitive Data-Protection Strategy
This talk will describe a sensitive data-protection strategy used at Virginia Tech. The strategy focuses on protecting the data rather than the device. We will describe the roles of the data owner (trustee), data steward, and data experts in determining access to sensitive data elements. Virginia Tech’s sensitive data standard mandates that any file or database that contains social security, credit or bank card, passport, DMV, or debit card numbers be encrypted at rest or in transit. This talk will describe some of the techniques used to implement this strategy.OUTCOMES: Learn about various encryption tools and how they can be used to protect sensitive data regardless of location * Review data breach notification laws * Incorporate elements into your own data-protection strategy
[Read More]
[Read More]
SOURCE: Educause
Webinars & Presentations