TechTalks Event
Responding to Campus Security and Virus Incidents: Good Practices
with guest expert Kathleen Kimball of Penn State�
January 24, 2002
Audio
• Streaming
MP3
• Download
MP3 (Download
Tips)
The virus incidents we experienced on campus in 2001 made it very clear that security issues and protection of our data and networks is a task that is increasingly mandatory as it is increasingly difficult. Our expert for this Tech Talk will address many issues, including "good practices," many of which can be implemented on most if not all campuses.
Here are a couple of images Kathy referred to during the Tech Talk: Org Chart and Incidents Chart.
Guest Expert
Kathleen
Kimball is Director of Penn State's Computer and Network Security
Office. She has been at Penn State since 1993, where her duties
include development and implementation of university-wide computer
and network security policies, analysis of the security aspects
of evolving technologies, security incident response and security
education and training for the university community. She is widely
published and frequently speaks at conferences such as EDUCAUSE,
WebDevShare, and ECURE on issues of computer and network security.
Kathy has over twenty-five years experience in systems development,
and in the security aspects of networked information systems. Her
career began as a project officer for the development of the Marine
Air Ground Intelligence System, one of the first field-deployable
systems designed for tactical all-source intelligence processing.
Upon leaving the Marine Corps, she held increasingly responsible
positions in industry to include software and systems engineering
technical and management positions with RCA, System Planning Corporation,
Ultrasystems Defense and Space and the MITRE Corporation.
Co-Hosts
Howard Strauss (above, left), Manager of Academic Applications
at Princeton University, is TechTalk's Technology Anchor.
Judith Boettcher is the Executive Director of CREN.
Together, Howard and Judith will ask the really tough questions—and relay the questions you email to them at expert@cren.net.
Background & Resources
Previous Tech Talks on related topics are always a good reference. In the area of this Tech Talk's topic, you can listen to or read the transcript of each the following fairly recent events:
- Securing the Emerging Network Technologies with Jeff Schiller
- Pandora's Box: Firewalls and Campus Security with Randy Marchany and Clair W. Goldsmith
- Web Access Management/Security with Phil Schacter
- The Top Ten User Mistakes that Make Security Tough with Mark Bruhn
EDUCAUSE considers the possibility of mega-security issues to be one of its Top Campus IT Challenges for 2001 (PDF)
Here's a TechRepublic resource that is good background on knowing your intrusion/attack taxonomy: "Do you know the difference between a misuse intrusion and an anomaly intrusion? Can you compare and contrast a Netbus attack with a WinNuke attack?"
The National Institute of Standards and Technology's Computer Security Resource Center (CSRC) provides many resources.
The Carnegie Mellon Software Engineering Institute's CERT Coordination Center publishes a wealth of useful security resources and should be bookmarked by everyone. Its statistics on numbers of security incidents reported illustrate a doubling or tripling each year in the past half-decade. Its listing of articles and publications by its staff is a library of good practices. Same examples:
- Avoiding the Trial-By-Fire Approach to Security Incidents by Moria West-Brown;
- Internet Security Issues by Richard D. Pethia, testimony before the U.S. Senate Judiciary Committee
Interpol's Information Security and Crime Prevention document is a valuable reference tool.
Several other places to bookmark include:
