Cyber Friday Informational Sessions
October is Cyber Security Awareness Month and as part of this year’s cyber security awareness campaign, OA-Information Technlogy will be hosting weekly cyber security informational sessions each Friday during the month of October. These events are open to all Commonwealth staff.
Please note that you must register in advance.
10/7/11
8:30 am to 10 am - Cyber Security Threat Landscape
Presenter: Erik Avakian
Location: Commonwealth Technology Center, Conference Room 1&2
The advent of new business-centric technologies such as cloud computing, the domination of mobile technologies, and advances in the exchange of electronic information has morphed the cyber security threat landscape and will continue to present significant challenges for years to come. The recent slurry of data breaches and privacy issues in the news such as hacker groups such as "Anonymous" and data breaches at Sony have propelled cyber security to the front page of the media world on an almost daily basis. We will examine some of these real world examples and focus on the current and evolving cyber security threat landscape and what types of programs organizations can implement and what the commonwealth is doing today to stay ahead of it in order to safeguard the organization and data from advanced persistent threats, data breaches, and privacy concerns.
10:30 am to 12 pm - Cyber Threats - Live Virus Demo
Presenter: Robert Ayers, CICP
Location: Commonwealth Technology Center, Conference Room 1&2
Few people actually gain insight in to malware attacks occur and even fewer have actually seen one occur in real-time. Most of us are stuck in the continual position of the “after-the-event” remediation process. This presentation is designed to show samples of different types of Phishing email messages, Malware and Virus attacks from the perspective of the end user and it will bring to light the true capabilities of modern malware. This presentation is intended for IT managers, network administrators, application developers, database administrators and anyone who wants to educate themselves, and their users, on how to secure their organization. The presentation will include:
- Live malware demonstration - True Zero Day sample, undetected by our existing AV solution
- Samples of Phishing Email and how to identify them
- Tips on protecting against the latest threats
- Top 5 things you can do today to make your organization more secure
10/14/11
8:30 am to 10 am - Web Application Security
Presenter: Andrew Hacker
Location: Commonwealth Technology Center, Conference Room 1&2
The complexity of web applications, amount of internal data they have access to, and our dependency on those applications increases constantly. With this augmented presence and complexity come a different vulnerability landscape and a more formidable attack surface to protect. Publishing more flexible web services and hosting newer client types such as mobile applications adds to the challenge and breach reports have confirmed that web application vulnerabilities are the most common entry points into enterprises data stores.
Due to its ever changing security profile, Web application security is one of the most demanding, high profile and yet indispensable segments of Enterprise Security. Ensuring that your development and infrastructure teams possess the required knowledge and capable tools to be able assess and address application security requirements is essential to any security manager.
This presentation will review the basics of application security, give an overview of common vulnerabilities, and highlight important strategies and tools that can be used to help tackle the huge task of ensuring that web applications and the data are protected.
10:30 am to 12 pm - Mobile Application Security
Presenter: John Pescatore, Gartner
Location: Commonwealth Technology Center, Conference Room 1&2
Gartner believes demand for mobility (“doing business from anywhere at any time using anything”) will only continue to increase from both a customer and an enterprise user perspective. Security strategies need to evolve to enable secure use of mobile and wireless devices, as well as cloud-based services, that are increasingly coming from the consumer market, and not from traditional enterprise providers. This presentation provides a decision framework for developing the optimal approach for meeting mobility needs while addressing data loss and other risks.
John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 33 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems, where he started and managed security consulting groups. His previous experience includes 11 years with GTE, as well as employment with NSA and the U.S. Secret Service.
10/21/11
8:30 am to 10 am - Connected E-Discovery Framework
Presenters: Al MacKinnon, Microsoft and Jeffrey C. Davis, Bruce A. Radke and Michael J. Waters, Vedder Price P.C.
Location: Commonwealth Technology Center, Conference Room 1&2
Government agencies are often burdened with numerous requests for information either as a result of E-Discovery or Right-to-Know requests. Additionally, state and local governments are not exempt from the obligation to protect information that could lead to identity theft, and may face both cost and legal repercussions in the event of a breach.
The need to efficiently locate, collect, process, analyze and produce electronically stored information can be a daunting obligation. The need for state and local governments to have a well-planned, robust records management program and corresponding e-discovery and Right-To-Know response plans has never been greater, from a liability perspective as well as from a purely economic standpoint.
In this session, Microsoft has teamed with its partner, Vedder Price, which has a nationally-recognized information management, E-Discovery and data privacy practice. We'll be discussing how you can be proactive in managing your electronic records so you are well-prepared to respond to E-Discovery and Right-To-Know requests as well as be prepared to prevent and respond to data privacy breaches.
10:30 am to 12 pm - Tripwire
Presenter: Brian Steeg
Location: Commonwealth Technology Center, Conference Room 1&2
Cyber attacks are increasing. Breaches, if discovered, go undetected for months as evidenced by the Verizon Business Data Breach Investigation Report (DBIR). Exploits are increasingly focused at where the actual data resides – at the file, database and web application servers – not at the perimeter where organizations have historically focused their security investment.
IT security controls become critical to protecting and monitoring assets as organizations are exposed to increasingly complex threats. The difficulty lies in ensuring that these controls provide continuous protection, unifying the data to provide risk intelligence for decision making, and then deriving security benefits from them in a cost-effective way. The Tripwire VIA™ strategy is to unify and automate security controls to ensure data protection is continuous in order to provide the best possible defense against today’s threats.
10/28/11
8:30 am to 10 am - CWOPA Identity Management (TIM)
Presenter: Frank Morrow
Location: 5 Technology Park, Conference Room 10
The Commonwealth is deploying IBM Tivoli Identity Manager to address user provisioning in the CWOPA Active Directory domain. This presentation will provide an overview of the capabilities of the new provisioning system. We will also give an update on the project status.
10:30 am to 12 pm - Implementing the NIMS Guideline for the Credentialing of Personnel
Presenter: Craig Wilson, FEMA Consultant
Location: 5 Technology Park, Conference Room 10
Achieving PIV/PIV-I interoperability and trust for routine and emergency use-cases to streamline investment strategies. This presentation will address the use of smartcard technology by first responders and public safety personnel as well as its use for physical access and logical access.
