On October 5th, 2012, Purdue held a local online security, privacy, and safety event on campus for the National Cybersecurity Awareness Month. The cybersecurity awareness event program included many local information security experts at Purdue and from the Greater Lafayette area. I had the honor and pleasure of working with Cherry Delaney of ITaP to put the program together and invite our distinguished speakers.

Morning Program

I was thrilled with our line-up of experts from the Purdue community in the morning program. Executive Directory of CERIAS and Computer Science Professor Eugene H. Spafford (@TheRealSpaf) gave the keynote address. Purdue CISO David Shaw (@Info_Sec_Pro), as a new Purdue staff member, provided some insights into his vision for information security and outlined the next steps in advancing information security at Purdue. Next, we had a panel discussion on “The Promise and Peril of Social Media”. This was exciting for me because I came up with the topic and got to moderate the discussion. Professor Lorraine Kisselburgh (Brian Lamb School of Communication), Kyle Bowen (@kyledbowen, Director of Informatics), Professor Spafford, and Mr. Shaw were our panelists.

But don’t just take my word for it. Watch the recording. Note: I am the guy introducing Professor Spafford and moderating the panel.

Afternoon Program

In the afternoon, we split into two tracks. One on security awareness. The other focused on technical topics.

Technical Track

The technical track consisted of talks on intrusion detection, incident response, and auditing tools. These talks were geared for a more technical audience. Matt Jonkman, CTO at Emerging Threats Pro based in Lafayette, talked about Suricata. It is an open source, multi-threaded intrusion detection engine. Doug Couch and Nathan Heck, security engineers at ITaP, talked about the Purdue incident response process. George Bailey, security technical operations manager at Purdue Healthcare Advisors, and Josh Gillam, an IT auditor with Purdue Internal Audit, talked about using nmap, CIScat, and Metasploit to assess system and network security.

The technical track was recorded.

Awareness Track

The awareness track focused on a higher level presentation of information that would be useful to a general audience. These talks were designed to inform people about risks as well as Purdue policies, Indiana state laws, and federal laws related to the protection of sensitive information. I did a presentation on social media security and privacy. I covered some risks associated with information sharing, social networking, and location-based services. Dr. Peter Dunn, the Associate VP for Research, talked about Purdue policies and federal laws on sensitive and restricted research. Joan Vaughan, the Purdue HIPPA Privacy Officer, talked about HIPAA-related rules for researchers using electronic patient health information (EPHI). Greg Barnes, an information security analyst at ITaP, talked about best practices for researchers that have control of sensitive research data. Finally, Mike Hill and Preston Wiley from the Center for Regulatory and Environmental Information Systems (CERIS) talked about mobile devices security. They also demonstrated remote wipe for Apple iOS devices.

The awareness track was not recorded.

Resources

Panel discusses promise, peril of social networking, offers security tips by Andrea Thomas, ITaP News

Purdue 2012 National Cybersecurity Awareness Month program (morning video, afternoon video)