VA SCAN Conference 2009
Conference Sessions
Presentation Titles and Speaker Information
Creating Effective Security Controls: A Ten-Year Study of High Performing IT Security
Speaker: Gene Kim Co-founder, Chief Technology Officer, TripWire, Inc.
Gene H. Kim, CISA, is the co-founder of the IT Process Institute, and also CTO and founder of Tripwire, Inc. In 1992, he co-authored Tripwire while at Purdue University with Dr. Gene Spafford. In 2004, he wrote the Visible Ops Handbook and co-founded the IT Process Institute, dedicated to research, benchmarking and developing prescriptive guidance for IT operations and security management and auditors.
Although Gene is widely published on computer security, operating systems and networking in SANS, ACM and IEEE publications, he is continually fixated on the problems of process integrity issues in IT operations and security. He is currently actively working on a series of projects with the Software Engineering Institute and Institute of Internal Auditors to capture how "best in class" organizations have IT operations, security, management, governance and audit working together to solve common business objectives.Gene is currently serving on the Advanced Technology Committee for the Institute of Internal Auditors.
Gene holds a M.S. in computer science from University of Arizona and a B.S. in computer sciences from Purdue University. Most recently, Gene was honored as one of the "Top 4 CTOs to Watch" by InfoWorld magazine due to his "forward-thinking and leading-edge activities." He also served as co-chair of the April 2003 SANS technical workshop called Auditable Security Controls That Work, recently hailed by SANS as one of their top five gifts back to the community and one of their top initiatives for 2003. Gene co-chaired the Best In Class Security And Operations Roundtable (BIC-SORT) with the Software Engineering Institute in October 2003. Gene is certified on both IT management and audit processes, possessing both ITIL Foundations and CISA certifications.
Auditing Networked Printers
Your highly sensitive data sits behind several layers of security. You are feeling pretty good. However, no matter how hard humans try, paper continues to be a media that shows no sign of disappearing. Networked printers are susceptible to a host of vulnerabilities just as any other network device. Follow an actual audit performed by your peers of networked printers. Topics include man in the middle attacks (it’s easier than you may think), denial of service, and recommendations.
Speaker: Kevin Savoy
Kevin Savoy, MBA, CPA, CISA, CISSP has over 20 years experience in IT operations and audit in government and private industry and is currently Director of Information Technology Audits for the University of Virginia. Previously, he was IT Security Audit Director for the Auditor of Public Accounts for the Commonwealth of Virginia. He also spent ten years automating retail and hospital pharmacies for two major pharmaceutical wholesalers. He has spoken on a variety of IT security and audit topics to several professional organizations.
Speaker: Brian Daniels
Brian Daniels, MBA, CISA, GCFA has been working in governmental IT audit for five years, working from both the external and the internal side. Previously he was an Information Systems Security Auditor for the Auditor of Public Accounts for the Commonwealth of Virginia. He is currently IT Audit Manager at the University of Virginia. Recent audits performed have focused on Wireless Security, UNIX Security, Networked Printer Security, Router and Firewall Security, Disaster Recovery, Incident Response, as well as various computer forensic investigations.
Look Before You Leap: Questions To Ask About Cloud Computing
The cloud computing market is growing rapidly and services are maturing. With organizations feeling the effects of the recession, the cloud is increasingly being viewed as an viable option for meeting business needs at an attractive cost. But real dangers are lurking in the cloud. Security, privacy, legal and operational risks abound. Discover the risks and learn what questions to ask before your organization makes the leap.
Speaker: Jim Jokl
Jim Jokl is Director of Communications and Systems for Information Technology Servicess at the University of Virginia. He is a member of the Internet 2 Middleware Architecture Council for Education (MACE) and participates in the Common Solutions Group (CSG) and other similar organizations. He co-chairs the Net@Edu Integrated Communication Strategies (ICS) working group and coordinates the Higher Education PKI Technical Activities Group (HEPKI-TAG) sponsored by Internet2, EDUCAUSE, and Net@Edu.
Speaker: Steve Werby
Steve Werby is the Information Security Officer at Virginia Commonwealth University (VCU). Prior to VCU, Steve served as the information security officer at the Virginia Department of Corrections and has held leadership and technical positions in IT within the private sector and at VCU. He holds a bachelor's degree in Industrial and Systems Engineering from Virginia Tech, an MBA from Virginia Commonwealth University and GSEC, GCFA, GCIH, GSLC and GWAS certifications.
Who’s There? A Methodology for Selecting Authentication Credentials
Many different types of credentials can be used for authentication. How do you pick? This presentation will describe the relationships between personal digital identities, identity proofing, credentials, authentication factors and levels of assurance in digital identities. A methodology for selecting credentials that are appropriate for various applications will be outlined.
Speaker: Mary Dunker
Mary Dunker is Director of Secure Enterprise Technology Initiatives (SETI). A graduate of Hollins University, she began her IT career as a systems programmer at Virginia Tech in 1978. With an extensive background in operating systems support, she earned the SANS GIAC Security Essentials Certification in 2004 and became involved in efforts to secure the university’s information technology infrastructure. The SETI department is responsible for Virginia Tech’s Enterprise Directory, Public Key Infrastructure, the central Microsoft Active Directory service (Hokies domain), and includes a specialized testing unit. Mary chairs Virginia Tech’s IT Security Task Force and is co-chair of the EDUCAUSE/Internet2 Security Task Force Effective Practices and Solutions Working Group.
45 Years of Technology Experience – What’s Next?
A lot of changes have occurred over the years in the technology arena, and when one has worked in that environment for 45 years, you begin to wonder what will happen next – changes move at such a rapid pace. This presentation will not only review how technology has changed over the decades, but how one might approach the challenges they face each day – dealing with the technology environment and the people one encounters within the workplace and the user community.
Speaker: Wayne Donald
Wayne Donald began his technology career at IBM in 1965 and joined a fast expanding technology staff at Virginia Tech in 1969. He currently serves as the Information Technology Security Officer for the university, a position he has held since 1998. In that position he is responsible for areas of security awareness, user education, a security review program, technology tools for security-related issues, the information technology risk assessment program, and business recovery plans for Information Technology. In addition, the Technology Security Lab and the Identity Management Services department report to the Security Office. Wayne has been active in several professional organizations including VA SCAN, EDUCAUSE, NACUBO, CUMREC, and ACCS. He has presented papers, seminars, classes, and has been featured in national publications for his security-related role at Virginia Tech.
Interfaces between Disparate Databases - Auditing and Controls
The session provides a discussion of challenges database interfaces present to IT auditors and security staff. A classification scheme for database interfaces will be presented and various audit and security controls will be reviewed.
Speaker: David Litton
David is currently the Interim Director of University Assurance Services, which is comprised of IT and university internal audit, and compliance office. Formerly, he was responsible for the IT audit functions at the Health System and University. David has 20 years experience auditing, managing, and consulting in IT. He has managed the networks, technical platforms, and data centers for both the Health System and University. His specialties include network design, telephony, information security, and technical project management. He holds a B.S. in Accounting Information Systems from Virginia Tech. Professional certifications include Certified Public Accountant in Virginia, Certified Information System Auditor, Certified Governmental Financial Manager, and Certification in the Governance of Enterprise IT. His current interests include operational improvement through Policy Lifecycle implementation and System Interface management and security.
Speaker: Phil Napier
Phil is currently a Senior Information Technology Auditor with Virginia Commonwealth University. He holds a B.S. in Computer Science as well as an M.B.A. from Marshall University and has more than 20 years of experience in Information Systems. Phil was a founding partner of CRG Consultants, specializing in Novell Netware Local Area Network Installations and has application programming experience with the U.S. Army Corps of Engineers; classroom experience as an Instructor of Computer Science and Information Systems at Marshall University, VCU, and Randolph Macon College; and eleven years of systems administration experience with academic departments at Virginia Commonwealth University and the VCU Health System. Professional certifications including Certified Internal Auditor, Certified Internal Controls Auditor, Certified Information Systems Auditor, Certified Information Systems Manager, and Certification in the Governance of Enterprise IT. His current interests are maximizing Enterprise IT value, IT security, and forensics, remote monitoring of computer use and implementation of software tools to assist in IT audits.
Reduce the Haystack: E-Discovery and Records Management
When it comes to e-discovery, finding the electronic needles in haystacks of data can be time consuming, frustrating and expensive. So much so, that some legal cases that could be won, are settled outside of court because of the high cost of finding electronic information. This session will cover how effective records management can reduce time, effort, and costs not only for e-discovery, but also the total cost of managing information. Partnering with Records Management reducing the size of the haystack decreases e-discovery madness! Knowing what you have, what you should destroy, and what to keep reduces all electronic storage and management costs.
Speaker: Caroline J. Walters, MA, MLS
Caroline Walters is the University Records Officer reporting to the Information Security, Policy, and Records Office at the University of Virginia. Before coming to UVa in October 2008, Caroline was the University Records Manager at UNC-Chapel Hill, and before that worked as a Records Management Analyst with county and municipal governments in the State of North Carolina. She has a BA in History and a MA in Public History concentrating in archival and records management from North Carolina State University, and a Masters in Library Science from North Carolina Central University.
Smart phone use is growing rapidly, which at least in theory make our busy lives easier and more productive. On the other hand, smart phones have operating systems, and that means they share all the potential and real security vulnerabilities of computers. Since we are also conducting more financial transactions over these phones, we must identify the attack vectors and employ every security measure possible, particularly at this relatively early stage of the development cycle, to protect our data and identities.
Speaker: Karen McDowell, Ph.D., GSEC, GCIH
Karen is an information security analyst with the University of Virginia in Charlottesville, Virginia. She works within the Information Security, Policy & Records Office assisting faculty, staff and students with security assessment, incident handling, education, and awareness. As mobile devices have been integrated into the University infrastructure, Karen has authored support documentation and led an effort to keep security in the forefront of this integration. Karen began researching and writing about security issues in 2005 in the interest of helping people learn how to keep their data, identity, and electronic devices safe. She has presented at numerous conferences and webinars and has published articles on information security.
ISO 27001 Certification Process
This session will present the requirements necessary for an organization to achieve ISO 27001 certification for their Information Security Management System. It includes a step-by-step approach with deliverables for each step as well as resources to support each phase of certification.
Speaker: J. Kenneth (Ken) Magee has over 30 years of IT security experience and some 17 years of auditing experience. He is an Auditor Specialist with the Commonwealth of Virginia’s Auditor of Public Accounts (APA), specializing in Information Systems Security and focusing on “Best Practices” including CobiT, COSO, ISO, NIST, and Federal Regulations. He holds a Bachelor’s degree from Robert Morris College and an MBA from Fairleigh Dickinson University. He holds a Lifetime Certified Computing Professional credential from ICCP; Microsoft’s MCP, MCSA, MCSE, and MCT; SNCP from Learning Tree International; ISO 9001 LA, ISO 14001 LA, and ISO 27001 PA for ANSI-ASQ/IRCA; CISA from ISACA; CISSP from ISC2; GIAC-GSNA from SANS; CIA from the Institute of Internal Auditors; and CFE from the Association for Certified Fraud Examiners. He mentors AUD507 for the SANS Institute and is on their audit advisory board, as well as being a technical reviewer for several of the IT Audit curriculum. His IT security experience and auditing experience span private industry as well as state and local government, including major multi-national organizations, large health care facilities, and small businesses. He has had his own consulting company; and was an adjunct faculty member at Marist College in New York. When not working, he enjoys family, grandchildren, farming and rescuing animals.
Governance for Compliance: The Convergence of Central and Distributed IT Compliance
Governance for compliance often requires coordination between multiple departments, these can be departments such as IT, academics, and finance but it can also extend to multiple campuses and even schools. This can put intense pressure on the central organization to ensure that disparate organizations have the necessary security program and controls in place to be compliant with various legal and regulatory initiatives. To accomplish this, a strong well, organized, and supported governance program must be in place. Using the Virginia Community College System as an example, we will cover governance for compliance in a large distributed organization.
Speaker: Jason C. Richards
Jason is a Certified Information Systems Security Professional (CISSP) with over 14 years of information security experience. In the past, Jason has worked at Fortune 500 companies such as Circuit City and Lockheed Martin as well as the Department of Defense and the Federal Aviation Administration. A veteran of the U.S. Navy and Virginia Army National Guard, he credits his military background with his career and personal successes. He is currently the Chief Information Security Officer at the Virginia Community College System.
e-Discovery and Fraud/Abuse Details (Pay No Attention to the Man Behind the Curtain)
The VA Tech IT Security Office has created disk images for e-discovery and Internal Audit Fraud & Abuse Investigations. This talk discusses the strategies, tools, and procedures the office follows when performing these tasks. Sample forms, procedures and, incident handling jump bag contents will be described in order to give attendees an idea of what needs to be done in order to perform e-discovery or disk imaging for internal audit fraud & abuse investigations.
Speaker: Randy Marchany
Randy Marchany has been involved in the computer industry since 1972. He is currently the director of the VA Tech Security Lab, a component of the university's IT Security Office. He is a co-author of the FBI/SANS Institute's "Top 10/20 Internet Security Vulnerabilities" document that has become a standard for most computer security and auditing software. He is the co-author of the "Responding to Distributed Denial of Service Attacks" document that was prepared at the request of the White House in response to the DDOS attacks of 2000. He is a coauthor of the Center for Internet Security's series of Security Benchmark documents for Solaris, AIX and Windows2000. These benchmarks are available for free and represent the first successful attempt to create a set of consensus documents with detailed steps for implementing system security. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the recent series of DDOS Internet Attacks. He was a recipient of the SANS Institute's Security Technology Leadership Award for 2000. He was a recipient of the VA Governor's Technology Silver Award in 2003. He was part of the team that won the EDUCAUSE Excellence in Information Technology Solutions in 2005. He is a co-holder of a patent for battery based intrusion detection system that was the product of research conducted in the VA Tech IT Security Lab.
OPEN DISCUSSION on Security Issues, Moderated by Randy Marchany
Topics will include issues such as:
- Freeware vs. commercial security tools - It's hard to beat Free
- Security metrics that work
- SANS Consensus Audit Guidelines
- Is VOIP a good idea?
- Cloud computing - do you trust someone else with YOUR data?
- Others chosen through the "Open Discussion Questionnaires" submitted by conference participants.
Deploying Network Access Control
This presentation focuses on the challenge of planning and deploying Network Access Control in the residence halls. Brief technical implementation aspects and alternatives will be discussed, as well as lesson learned.
Speaker: Andrea Di Fabio
Andrea Di Fabio is the Information Security Officer and Super Computing Technology Coordinator at Norfolk State University, where he plays a significant role in strategic planning, policy development, deployment of information technology infrastructure and development of educational programs. Andrea completed his Master of Science in Computer Science at Old Dominion University in Norfolk, VA, where he also earned a Bachelor in Computer Engineering while working for the University Information Systems Group. Andrea is currently working as an adjunct faculty at Tidewater Community College where he teaches a variety of evening information security classes.
The Intersection of Information Security and Emergency Preparedness
Over the past several years, many organizations have expanded the scope of emergency preparedness activities to address growing threats to personal safety and critical infrastructure. At the same time the world has experienced multiple incidents of destructive cyber attacks on critical infrastructure, a risk not previously fully acknowledged outside the information security profession. This panel discussion will cover this and other intersecting interests and interdependencies between information security and emergency preparedness and explore ways to build and maintain effective relationships across the two disciplines.
Speakers: Kirby Felts, Wayne Martin, Shirley Payne, Marjorie Sidebottom
Kirby Felts is the Assistant Director of the Office of Emergency Preparedness at the University of Virginia. Since joining the University in August 2008, she has worked with students, faculty, and staff on mitigation, preparedness, response, and recovery strategies. Her office is establishing a comprehensive emergency management program that integrates the spectrum of emergency planning elements into a strategic architecture for the university. Prior to joining UVA, she consulted on emergency preparedness for more than 10 years. Clients included federal government, local government, and private sector organizations. Her expertise is focused on comprehensive emergency management planning, continuity of operations, business continuity, crisis communications, and training and exercises.
Wayne Martin, MS, CISM, CISSP, is the Information Systems Security Officer with the University of Virginia Health System. He has 35 years of experience in the healthcare industry, with 21 years in computer technology. His research activities focus on the relationship, if any, between strategic information systems planning, the unified theory of acceptance and use of technology, and the potential of information technology in the healthcare industry. He is also interested in the relationship of organizational culture and relationships in creating agile and flexible IT security processes to align with and support business objectives. He earned his MS in Computer Information Systems from the University of Phoenix.
Shirley Payne is Assistant Vice President for Information Security, Policy, and Records at the University of Virginia. In this capacity she focuses on the continuous enhancement of information technology policies and security of the university's diverse and decentralized computing environment. She works in partnership with units and individuals across the university to formulate policies, assess security risk, establish strategic direction, comply with security and privacy laws and regulations, provide security education and training, implement security safeguards, track security incidents, develop mission continuity plans, and related activities. She also oversees the university's electronic and physical records management program. She has thirty-eight years of experience in information technology, primarily in higher education and also in manufacturing and banking. She holds a bachelor's degree in Computer Science from Winthrop University and a master's degree in Management Information Systems from the University of Virginia.
Marjorie Sidebottom is the Director of the University of Virginia Office of Emergency Preparedness. The newly established office opened September 2007. Her duties in this role include coordination of the University's all hazard plans for mitigation, preparedness, response and recovery in collaboration with local and community agencies. Marge has extensive experience in emergency management, having directed the UVA Health System emergency preparedness effort for over fifteen years, simultaneously serving as Virginia's Northwest Region Hospital Coordinator for the last five of those years. Previously, she served as Administrator for the Department of Emergency Services, which included the hospital emergency room, flight program, ground transport, education outreach and regional poison center. Marge has also been a contributing member of the Local Emergency Preparedness Committee for over fifteen years and a champion in community education, exercise and preparedness efforts. She chairs the University's Security and General Safety Committee and sits on multiple state committees including the Secure Virginia Health and Medical Subpanel, Pandemic Influenza Advisory Committee, and Commonwealth Preparedness Advisory Subcommittee.
Strengthening Your Personal Firewall
As information security practitioners we often become so engrossed in log files, forensics investigations, technical control decisions, etc. that we tend to neglect the human elements of information security. And while the technical elements of information security are important, they are often no match for the unengaged, clueless, or endlessly determined human within your environment. Thus the people are often our greatest security risk. This session will explore some of the challenges and potential strategies for positively engaging university officers, colleagues and users in our security efforts.
Speaker: Darlene Quackenbush
Darlene Quackenbush is the Information Security and Planning Officer at James Madison University where she performs a variety of IT security, strategic planning and policy development activities for the university. She is directly involved in risk management and incident response, serves JMU in state liaison roles related to technology and is currently the chair of VASCAN. She holds a BS from Virginia Tech and an MBA from James Madison.
Windows Forensic Analysis: Dissecting the Windows Registry
You cannot consider yourself a Computer Forensic Analyst without mastering the Windows Registry. The registry is one of the most vital areas of a Microsoft Windows Operating System due to the sheer amount of useful forensic data that can be pulled from it. This presentation will take you through understanding how and why the registry will track every document you open, every website you type, USB devices you utilize, and much more. This presentation will focus on the most current known registry elements found on WinXP, VISTA, and the new Windows 7.
Workshop Laptop Requirements:
- CPU: 1.5 GHz or higher is recommended
- DVD/CD Combo Drive
- Windows XP/Vista/Win7 Operating System
- Wireless 802.11 B/G Networking Capability
- Minimum 1 Gigabyte of RAM (2 or higher RAM is highly recommended)
- Student should have the capability to have Local Administrator Access within the Windows OS
- Bring your WINDOWS Installation CD-ROMS or DVDs to the course
Speaker: Rob Lee
Rob Lee is a Director for MANDIANT (http://mandiant.com), a leading provider of information security consulting services and software to Fortune 500 organizations and the U.S. Government. Rob has over 13 years experience in computer forensics, vulnerability discovery, intrusion detection, and incident response. Rob graduated the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations and computer forensics. Prior to joining MANDIANT, he worked on contracts for a variety of government agencies where he was the technical lead for a vulnerability discovery team, contractor lead for cyber forensics branch, and led a security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition. In addition to working for MANDIANT and the SANS Institute, Rob is currently pursuing his MBA at Georgetown University in Washington, DC. Rob is the curriculum lead for Computer Forensic Training at the SANS Institute (http://forensics.sans.org) and has trained over 8,000 analysts worldwide.
Page Updated: 2012-02-16
