8:30   Doors Open, Continental Breakfast, Registration

 9:00   Introduction & Welcome, David Escalante, Boston College

 9:15   Implementing HIPAA Using Agile Project Management

David Reis, Lahey Clinic

Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This presentation extends the study of both Agile project management and information security frameworks by examining the efficacy of implementing a security framework using a nontraditional project management approach. Such an investigation is significant because of the high rate of failed IT projects, gaps in the current security framework implementation literature, and increased regulatory pressure on Health Insurance Portability and Accountability (HIPAA)-covered entities to become compliant with the HIPAA Security Rule.

10:00   Coffee Break

10:15  From '1' to pwned: Using MySQL and PHP to Own the Box

Patrick Laverty, Programmer, Brown University

Last year at BC Security Camp, Patrick talked about a pharmaspam infection that created a denial of service attack against our main web servers. Some hackers had been able to upload php web shells on to the server in order to make administration of the pharmaspam much easier. This year we'll look at one way that those shell files can get on to the server: using SQL Injection.

11:00   It’s really about authentication! (again)

Jeff Schiller, MIT

This talk will go over the current authentication landscape, with emphasis on two-factor authentication systems, and the vulnerabilities associated with password resets and in general credential recovery.

11:45   Preventing DNS Reflection Attacks

Patrick Cain, Cooper-Cain

These attacks are being used against big financial institutions and other targets.  Learn about how the attacks work, and what members of the Internet community can do to reduce their likelihood.

 12:30   Lunch

 1:30   Healthcare Medical Device Security

Roy Wattanasin, ISO, MITM

   This issue applies to you and everyone else around you. This sessionwill address some recent information security developments inhealthcare, cover its challenges and will also give additionalresearch opportunities to help make healthcare safer.

 2:15   Using RPZ to Blackhole Bots

Charles Griffin, Infoblox (ex-Quinnipiac U)

Another layer in the war on malicious "bot infected hosts" is dynamically blacklisting those that use DNS to "phone home".

 3:00   Break

 3:15  Next-Generation Firewalls (Panel)
Nathan Hall, BC; Mike Horne, Olin; Jason Pufahl, UConn; Bryan Scovill, UNH

A number of firewall vendors have been touting their "next-generation" capabilities. We'll have a Q&A with several schools that have recently implemented devices that fall into this category to separate the marketing hype from the reality of what our colleagues are doing with these devices.

 4:00  Mobile device security through use of VDI
Sherry Horeanopoulos, Information Security Officer, Fitchburg State University

 4:45   End