Name of presentation
Company name
October Cybersecurity Month
• Future Trends in Education and
Technology
• Purdue Security Issues/Priorities
• Scott Ksander
• Richard Katz video: The school of Athens or
Mr. Fords Factory
• Gerry McCartney
• Educause student video winners for 2007
Gerry McCartney
• McCartney has served as the university's top information
technology administrator since July 2006.
• From 1993 until 2004, McCartney served as associate dean
and chief information officer at the University of Pennsylvania's
Wharton School.
• Education Background:
• PhD Sociology and Anthropology from Purdue in 1996
• Received diplomas in advanced programming and systems
analysis from Trinity College in Dublin, Ireland, in 1982 and
1984, respectively.
• He received his bachelor's and master's degrees in 1981 and
1982 from NUI Maynooth in Ireland.
Educause Student Videos
• Identity Theft for Criminals
• Out in the Open
• Short Film
Stages of Security
•
•
•
•
Blissfully ignorant (20%)
Awareness (30%)
Corrective Action (40%)
Operational Excellence (10%)
The Cost of Security
•Blissfully ignorant (<3% of IT budget)
•Awareness (4-6%)
•Corrective Action (7-8%)
•Operational Excellence (3-4%)
Real progress on IT security will REDUCE
IT security spending requirements!
Purdue Security Priorities
• Defend the Border
 Absolute path blocking (port blocking)
 Content-based path blocking (intrusion prevention)
• Defend Critical Regions
 Absolute
 Conditional
 Content-based
• Machine-level Protection
 Operating System patching
 Application Program patching
 Content change monitoring (tripwire)
 Anti-Virus
 Anti-Spyware/Anti-Adware/Anti-Malware
Purdue Security Priorities
• Authorized Personnel Only
 Establish and maintain central credential
 Network access credential control
 Application access credential control
Purdue Security Priorities
• Policy/Procedures/Guidelines
University level
Boundaries for unit level operations
Interpretation and Consultation
Enforcement/Compliance
• Incident Response
Response Exemplary
Investigation/Forensics
Identify Remediation
Post-incident reporting
Post-incident evaluation
Purdue Security Priorities
• Awareness and Education
Students
Staff
Faculty
Operational Units
• Risk Identification and Remediation
Facilitated Risk Assessments
Self-conducted risk analysis tools
Purdue Security Priorities
• Defend the data
In transit
At rest
• Monitoring/Logging/Review
Network
Machine-level
Application
Purdue Security Priorities
• Application of New Technologies
Defense technologies
Protection technologies
Credential technologies
Stay Informed
It Has Been a Great “Ride”
• Pablo Malavenda – use, abuse, and risks of
social networking
• Chris Burgess, CISCO Chief Scientist –
culture of security needed within
organizations
• George Heron, McAfee Chief Scientist –
need to educate and empower users through
awareness and security tools
Questions Before
Elvis Leaves The
Building?
• Questions??
• As always, be careful out there.
Credits:
• Thanks to David Fry, John Holladay, and all the guys
downstairs taping the program!!
• Thanks to Gary, upstairs managing the sound,
video, whatever we ask of him
• ITNS staff who support and encourage each other:
special thanks to Joanna Grama
• Gifts from Microsoft, Dell, PEFCU, Dewpoint,
Symantec, CERIAS, Awards Unlimited and Scott
Ksander