8:30 Doors Open, Continental Breakfast, Registration
9:00 Introduction & Welcome, David Escalante & Michael Bourque, Boston College
9:15 Docker Container Security – What is it good for (and not good for)?
Jeff Schiller, MIT
2014 was the year of Docker. This lightweight container technology was all the rage. In reality, Docker is new packaging for some very old (and in some cases tried and true) technology, combined into a very compelling application. This talk will briefly discuss what Docker is and how it works, leading into a discussion of its security properties and where it fits in our toolbox of security techniques.
10:00 Coffee Break
10:15 Advanced Threats and Threat Identification
Brian Lowy, AT&T
Advanced threats are here for good, and the tools & techniques necessary to find APTs are already available to you. How flow, meta and log data can be used to find malicious activity within your network.
11:00 Identity and Access Management (IAM)
Ian Poynter, Information Security Manager, The Broad Institute
Brian Bernier, Architecture & Integration, Boston College
Jeff Schiller, MIT
Panelists speak about their IAM strategies and plans.
11:45 Vulnerability Management
Patrick Cain, Cooper Cain Group, Moderator
Harry Hoffman, MIT
Jamie John, Boston College
Dan Modini, Tufts
System vulnerability identification and management is a requirement in many environments. The panelists will discuss how they use the Nessus security scanner for vulnerability management, its good points, things that are challenging, and their (fluid) plans for the future.
1:30 Information Security Awareness at Harvard
Christian Hamer, Harvard
As cyber criminals continue to steal data and capture headlines, its easy for people to feel helpless. Though the risks will always exist, there are certain common sense measures people can take to protect themselves. Behavior changes are an important part of any public safety campaign- from encouraging hand washing to discouraging texting while driving. Cyber safety will be no different. Join us to discuss the key behaviors, how we will promote them, and how we will measure success.
2:15 Mitigating DDoS Attacks
Harry Hoffman, David LaPorte, MIT
Your organization is in the cross-hairs, your organization is off-line - - the DDoS deluge has begun…what do you do next? The speakers discuss real-world experiences and mitigation strategies.
3:15 Breach Insurance
Susan E. Fletcher, Director, Enterprise Risk Management, The Boston Consortium
Understanding your Breach Insurance is a key component to managing a data breach at your school. This presentation will help familiarize you with the types of insurance available and how the insurance carrier will respond to a breach..
4:00 VPNs in Higher Ed -- How Many is too Many?
BC Security Staff
An truly open campus requires no VPN at all, but given a more closed campus and various access needs, a single VPN might not be enough, either. How many VPNs are reasonable? We will talk about BC's choices and current VPN setup in hope of provoking broader discussion.