CyberSecurity
Awareness Month
Ticket To Ride
Scott L. Ksander
Executive Director, IT Networks & Security, ITaP
Chief Information Security Officer, Purdue University
ksander@purdue.edu
Typical Weekday at Purdue
• Unique Purdue systems communicating
with off-campus host
• Campus
25,359
• Students/Resnet
15,013
• Unique off-campus systems
communicating with Purdue host
• Campus
3,707,481
• Students/Resnet
9,311,118
Is it now 3am. Do you
know who your computer
is communicating with?
Between 3am and 5am
• Unique Purdue systems communicating
with off-campus host
• Campus
11,194 (44% of
daily)
• Students/Resnet
6,319 (42%)
• Unique off-campus systems
communicating with Purdue host
• Campus
646,034 (17%)
• Students/Resnet
1,584,385 (17%)
Security In Not Just About Hacking
•
•
•
•
•
Privacy of Personal Information
Identity Theft
Social Networking
Search Engines
New “Targets” of Opportunity
– iPhone
– “Game” systems
– Mobile/portable devices
– Virtualization
IT Incident Primary Motivations
Show Off
Financial
1985 - 1993
Financial
Show Off
Show Off
1994 - 2003
Financial
2004 - Today
Old Landscape New Landscape
Threats are noisy & visible
to everyone
Threats are indiscriminate,
hit everyone
Threats are disruptive
 impact readily visible
Threats are silent & unnoticed
Threats are highly targeted,
regionalized
Remediation action is
technical (“remove”)
Threats steal data & damage
brands  impact unclear
Remediation more complex,
may need to investigate data
leak
Only a few named threats to
focus on
Overwhelming amount of
variants, nameless threats
Physical Security Risks
• Laptops are the number-one
item stolen in San Francisco,
surpassing even bicycles.
• Estimates are that more than
750,000 laptops will be stolen
this year in the United States.
Follow the money!!
• Average “take” from an
Identity Theft crime now
exceeds the average “take”
from a bank robbery.
• Six times the “take”
from armed robbery.
Social Networking
• MySpace
• LinkedIn
• Plaxo
• Orkut
Pownce
Facebook
Twitter
October 10: Internet
Riding Safely
• Scott Ksander, Purdue
CISO
• Pablo Malevenda, Assoc.
Dean of Students
• Neil Daswani, Google
October 17: Cybercrime
and Copyright Infringement
• Amber, a Purdue student who was sued by the
RIAA for illegally downloading songs, will
speak about her experience.
• Mr. Chris Burgess, CISCO Senior Security
Advisor and Chief Scientist, will speak on
intellectual property strategies.
• Purdue Professor Marcus Rogers will speak on
the law and Cyber Forensics.
October 24: Future
Destinations
• Professor Ed Delp, The Silicon Valley
Professor of Electrical and Computer
Engineering and professor of
biomedical engineering.
• George Heron, VP and Chief Scientist
for McAfee.
October 31: Destination
Unknown
• CIO, Gerry McCartney
• “School of Athens or Mr. Ford's
Factory: IT and the Future of Higher
Education.”
• Second annual Security Halloween
Contest!
Pablo Malavenda
• Associate Dean of Students, Purdue University
• Oversees the Student Activities and Organizations area, including the 815+
student organizations, independent housing units, leadership programs, and
community service initiatives. Dean Malavenda came to Purdue in 1998. He
serves as the primary advisor to the Barbara Cook Chapter of Mortar Board
as well as Presidents Roundtable. He also serves as a co-advisor to Purdue
Student Government. He is a faculty fellow at Hillenbrand Hall and an
instructor for EDPS 300A Student Leadership Development.
• University of Connecticut
BS Industrial Psychology
MS Higher Education Administration
• Pablo and his wife Kristin have two children.
Neil Daswani
• Neil has served in a variety of research, development,
teaching, and managerial roles since 1996 at Google,
DoCoMo USA Labs, Stanford University, Yodlee, and
Telcordia Technologies (formerly Bellcore). His areas of
expertise include security, wireless data, and peer-to-peer
systems. He is currently a practicing engineer at Google.
• Stanford University
Ph.D. Computer Science, January 2005.
M.S. Computer Science, January 2004.
B.S. Computer Science, with honors with distinction, May
1996.
• He spent most of his time at Stanford writing a doctoral
dissertation on peer-to-peer (P2P) Security.
• Questions??
• As always, be careful out there.
Credits:
• Thanks to Mindy Jasmund & Jennifer Kapp
for marketing materials
• Thanks to Joel Rasmus for speakers
• ITNS staff who support and encourage each
other
• Exponent, Inside Purdue, and Journal &
Courier