The State of the Net Conference offers unparalleled opportunities to network and engage in dialogue around key policy issues. Attendees participated in lively debates exploring privacy/security, telecommunications regulation, intellectual property and innovation, cloud computing, youth online safety, Internet governance and more.

This program will explore the practical advantages and disadvantages associated with "cloud computing" and the outsourcing of email and other IT services. It will then examine some of the key contractual issues that will need to satisfactorily negotiated with service providers and some of the difficulties that can arise in such negotiations. The program will conclude with a discussion of other possible models for achieving the advantages of outsourcing these services. Details about the seminar and registration are available on the NACUA website.

This "straight from the battlefield" presentation will provide case studies that describe in detail the most recent computer security incidents that Mandiant has responded to on behalf of the organizations. The three or four anonymous in-depth case studies will be covered about the recent complex hacks against commercial and financial organizations. The talk will go into how the intruders are gaining access, what they are doing, and a discussion of the malware used in the attacks. Finally, we will discuss proper mitigation and prevention techniques that could be utilized in preventing these attacks.

Guest Speaker: Alan Paller, Director of Research for the SANS Institute. Topics to be Discussed: The US Cyber Challenge, Which Skills Matter, and The Top Cyber Risks.

IT Security is a national priority that must be at the forefront of every public sector agency's IT infrastructure, plan, and program. Conference sessions will cover virtualization, cloud computing, and social media, network protection, enterprise architecture, and help you learn how to protect your agency from current and future security threats.

Produced in partnership with the SANS Institute, The National Summit on Planning and Implementing the 20 Critical Security Controls focuses on the 20 Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines (http://www.sans.org/critical-security-controls/).

As institutions of higher education move from a reactive to a proactive approach to addressing information security, they recognize that both prevention and response capabilities are required as part of a comprehensive information security program. This session will highlight higher education policies and procedures regarding information security practices for the treatment and protection of personal information as well as the notification of information security breaches. Brought to you by the Higher Education Information Security Council.

Institutions need to provide annual security awareness training across different areas of the campus to meet state requirements and to reduce the chances of damage to critical information systems. With many institutions offering online and night courses, it becomes difficult to capture all audiences. This presentation will describe how Towson University devised and implemented a web-based program.

Learn more about the initiatives of the Higher Education Information Security Council (formerly the Security Task Force), including progress in strategic areas such as executive commitment and action, data privacy and security, effective practices and solutions, information-sharing mechanisms, and new tools and technologies. We will introduce new strategic directions and describe volunteer opportunities. Attendees are also invited to bring questions and suggestions regarding efforts to improve information security in higher education.

Please bring your box lunch from the exhibit hall for this meeting.

Web application firewalls (WAFs) and penetration testing are excellent ways to secure your environment while meeting PCI-DSS requirements. This session will focus on our experience with each tool, including what we learned along the way. We will also explore the synergy that these tools create.

This session will explore how two universities executed their business continuity plans after Hurricane Ike in the fall of 2008. Lamar University restored services relatively quickly and resumed classes. Texas A&M University at Galveston relocated 1,600 students (91 percent of its student body) 150 miles inland and resumed classes in College Station at the main campus.

The need for effective metrics to accurately measure cybersecurity performance was recently identified as an important national priority. Metrics help improve program assessment, budgeting, research and development prioritization, and strategic planning. They are also the only reliable tool for evaluating the success or failure of a security process. Join us to share with and learn from your peers, and explore sample metrics from the Higher Education Information Security Council (formerly known as the Security Task Force).

LSU established an IT Security and Policy Office in the fall of 2005. This presentation will illustrate how LSU developed a strategy to tighten the security of its infrastructure by establishing policies, partnering with members on campus to raise the awareness of security, expediting the dissemination of security-related information, and determining conditions for disclosures of breaches.

We all know only too well that there are significant costs associated with both experiencing and preventing data breaches, and we are continually challenged with finding the right mix of people, processes, and technology solutions. Join this discussion on the escalating costs of prevention.

In this age of regulations and compliance, many IT security offices struggle to present a strong front. Partnering with general counsel offers the opportunity for the security office to become the "good guy" for departments; while general counsel advises compliance with all applicable laws and regulations, the security office can aid in developing and implementing strategies to achieve the compliance.

The University of Toronto has developed and implemented a ubiquitous open-source VPN service based on SSL using OpenVPN. The service has over 3,500 active customers, with up to 50 simultaneous users. The system supports, Linux, Mac OS X, and Windows XP/Vista/2000 clients.

Designing and maintaining a comprehensive, robust, and cost-effective information security program is an ongoing challenge for many institutions. Come to this highly interactive session to find out how using the ISO 27002 and 27001 standards can help you with a myriad of challenges—from compliance to risk management to building strong relationships with your business units to gaining executive support for your important security initiatives. CIOs, CISOs, and anyone charged with implementing IT and information security governance frameworks will benefit from attending.

While today's students are more knowledgeable and comfortable with the Internet and computer technology than previous generations, they do not necessarily have the skills or exhibit behaviors to qualify them as "net savvy." Privacy, security, copyright, and intellectual property issues are among the legal, policy, and ethical challenges posed by Web 2.0 technologies that must be addressed as part of a student's educational experience. This seminar will explore resources and techniques for engaging students in the creation of learning environments and awareness programs that will help them acquire knowledge, develop skills, and establish behaviors that are essential for digital citizenship.

The purpose of this event is to provide a common understanding for using specific open standards and new security technologies across various domains of interest including Cloud Computing, Health Information Technology (IT)/Health Information Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS) 140, and Security Content Automation Protocol (SCAP) implementations. This conference will also provide tutorials and workshops regarding Department of Commerce, Department of Defense, and Department of Homeland Security technologies and initiatives.

This event, which will take place on October 14, 2009 at the Sheraton Grand Sacramento hotel, is a joint effort between the National Cyber Security Alliance (www.staysafeonline.org) and the State of California Office of Information Security. Representatives from government, industry and academia are invited to participate.

The Fourth International Conference on Availability, Reliability and Security (“ARES 2009 – The International Dependability Conference”) will bring together researchers and practitioners in the area of dependability. ARES 2009 will highlight the various aspects of dependability - with special focus on the crucial linkage between availability, reliability and security.

Developing and writing an institution's philosophies, values, and approach to safeguarding information and information technology can be a daunting task. This session will describe the approach used and the lessons learned while developing an Information Security and Privacy Program for Indiana University.

As a result of a 2005 desktop security incident, 25 IT support directors from across Purdue University entered into a collaborative project, SMARTcomputing, to define an enterprise approach to desktop computer support and security. This presentation will describe the project's consensus-building strategies, overall goals, and outcomes.

The largest group of victims of identity theft is between the ages of 18 and 29. Students need to understand the risks and how to protect their personal information, computer, and campus networks. Student winners, faculty, and judges will discuss how you can use the resources of the Computer Security Awareness Video Contest to raise awareness on your campus and get students involved in the 2009 competition.

Learn more about the initiatives of the Security Task Force, including progress in strategic areas such as executive commitment and action, data privacy and security, effective practices and solutions, information sharing mechanisms, and new tools and technologies. Attendees are also invited to bring questions and suggestions regarding efforts to improve IT security in higher education. Volunteer opportunities will also be described.

LSU's IT communications and security officers joined forces to effectively educate campus populations about IT security threats and best practices.

North Carolina State University created a password standard with five strength levels, dynamically assigned based on the functionality that the user accesses in our ERP systems. This will allow us to implement stronger authentication techniques in a cost-effective way, based on the real security needs of appropriate groups of users.

Learn how Weill Cornell Medical College employs a nontraditional risk management methodology to accurately measure risk, build compelling and successful budget requests, and graphically illustrate trends understandable to technical and nontechnical stakeholders. Attendees will receive Excel tools they can use to manage their own risk assessments in this way.

Enterprise authorization requires the management of group, role, and privilege information to ensure consistent access policy across applications. This session will compare and contrast how multiple institutions have implemented this infrastructure and offer an initial view into shared practices for access management.

The University of Pittsburgh's federated authorization process streamlined requests for access to sensitive data. This presentation will explain the transition to the process that succeeded in protecting sensitive data, meeting internal and external audit requirements, and simplifying departmental requests.

As demanded by our ERP implementation schedule, PGCC created a comprehensive information classification scheme and the associated access rights and privileges in time for our president's cabinet and college attorney to approve and have implemented. Come hear our lessons learned and walk away with advice for your own effort.

Lehigh University has implemented PGP Whole Disk Encryption for faculty and staff computers using PGP Universal Server as a tool for managing installation policies and encryption keys. This presentation will outline the entire implementation process including testing, benchmarking, and piloting as well as recommendations for a successful implementation

Campus safety and security is a growing concern nationwide. A recent EDUCAUSE Summit explored the implications of technological convergence and the role of IT organizations in protecting the institution’s human, physical, and cyber assets. This session will report on the summit’s key findings and recommendations, including how institutions can leverage communications and information technologies in support of campus safety and security initiatives and as critical components of comprehensive emergency management plans.

The Federal Trade Commission and California Office of Privacy Protection (COPP) will co-host a half-day public workshop on how businesses can secure the personal information of consumers and employees. The workshop is presented in partnership with the International Association of Privacy Professionals and the Los Angeles Area Chamber of Commerce. It will feature business people, attorneys, government officials, privacy officers, and other experts discussing data security in general, privacy, best practices for developing an appropriate data security program, and how businesses can respond to privacy and security problems, including data breaches.

Please note: This workshop is free and open to the public, and the FTC is coordinating a networking lunch for attendees and panelists immediately following the workshop (lunch participants are responsible for their own meals, however).

The summer 2008 Joint Techs will focus on the following areas:
* The Coming Crisis in Routing and Networking
* Campus Networking
* WAN Issues
* Security

This event will also be broadcast live on video. See http://www.ucpl.cornell.edu/ for more information.

This session will provide insights into and examples of how academic institutions can successfully use metrics to measure, analyze, and report on both the security risks facing their computer environments and the effectiveness of security controls protecting against these risks.

The National University of Singapore has adopted an in-depth defense strategy to secure its information assets. Technology that complements firewalls, intrusion prevention systems, and honeynets are required to proactively detect database breaches by authorized personnel . This presentation will outline how our implementation bridges the gap, the techniques used, and the pitfalls to avoid.

Penn designed the security and privacy impact assessment (SPIA) process and tool to raise awareness about where confidential data reside and to assess risks in seven major threat areas, which can be mitigated by a list of safeguards. Learn about successful outcomes from our early SPIA adopters.

This session will discuss how Rochester Institute of Technology partnered with Harvard Medical School, 20 school districts, the Information Systems Security Association, the National Center for Missing and Exploited Children, InfraGard, and numerous firms to conduct computer crime and ethics research involving thousands of K-12 students, teachers, and parents to enhance IT security, safety, and ethics education.

Can too much security be a bad thing? Tighter Air Force policies are conflicting with the Air Force Academy's academic mission. While most colleges are tightening security, we are trying to relax ours. This talk will explain why this struggle will eventually occur at all educational institutions and how we have dealt with it.

Maintaining spreadsheets on server configurations, firewalls, and personal identity data, each with redundant and inconsistent information, is outmoded in today's security climate. This presentation will demonstrate using Protégé, an open source ontology and knowledge-base tool, to intelligently capture and maintain comprehensive enterprise security information in a single repository.

Learn more about the initiatives of the Security Task Force, including progress in strategic areas such as data protection, risk assessment, incident response, and business continuity. Attendees are also invited to bring questions and suggestions regarding efforts to improve IT security in higher education. Volunteer opportunities will also be described. A box lunch will be served in the Sheraton meeting room.

In 2004, Visa and MasterCard collaboratively developed the Payment Card Industry Data Security Standard (PCI DSS) to create common industry security requirements. This session will share the campus perspectives and approaches of Washington State University and the University of Washington in addressing the standard.

How do you know that your data exchange is secure? Our campuses exchange data daily, much of it critical and confidential. Is your banking relationship supporting secure data exchange? How secure are your retirement file feeds? Can anyone on campus initiate data exchange? If so, are they trained to make the exchange secure? Discuss challenges and solutions for making data exchanges secure.

IT security is cool and fun! Learn how the National University of Singapore combined exciting and fun events such as an IT security carnival, a freshmen awareness camp, a hacking challenge, a server accreditation challenge, a security quest, and many other activities into successful security educational campaigns over the past six years.

Georgia State University is one of the first universities to embrace the ISO 27001:2005 standard for establishing an information security management system (ISMS). A systematic and disciplined approach helps us leverage technology to develop a world-class ISMS that empowers users and improves processes. This session will discuss the importance of developing a comprehensive, risk-management based information security program.

The focus on information security at Embry-Riddle Aeronautical University, as in many institutions, has evolved gradually over a number of years. Beginning with what can best be described as ad hoc initiatives driven by afterthought oversight, the university's focus on information security is maturing into a formalized, integrated business component and directive.

This session will present a survey and an informal poll of current campus network security practices and products in higher education for NAC (network access control and protection) and VoIP (voice over IP).

- Advancing Digital Self-Defense: Establishing a Culture of Security Awareness at RIT
- Information Security Planning Considerations for Telecommuting
- Securing and Warehousing the Iowa ePortfolio: Servers, Scripts, and Account Management
- Using Risk Analysis to Design an Online Security Policy Development Exercise
- Banner Client: PayPal Merchant
- Content Contentment: A Practical Guide to Content Management

Presenting two best-practice models for cyber incidents: To prevent cyber incidents, learn how to use an uncomplicated cyber risk assessment to help you focus your institution's limited resources. When an incident occurs, know how to douse the effect of breach events when notification is required.

Payment card industry (PCI) standards dictate effective management of credit card systems across the organization. The University of Richmond will discuss its development of a centralized e-commerce policy and oversight group, choosing appropriate vendor solutions, and achieving PCI compliance campus-wide.

Baylor University has spent two years working on a large-scale deployment of whole disk encryption. This session presents the process from selecting the encryption technology to the culminating deployment. The result is mitigation of data loss that can result from the loss or theft of a technology asset.

Windows Desktops are widely deployed and can be subject to multiple attack vectors. Windows 2000, XP, Vista, have vulnerabilities that should be mitigated effectively by network security teams or by end users. This session will cover the top security vulnerabilities in Windows desktops and how to secure them quickly and effectively.

This seminar will include slides from the EDUCAUSE effective practices security task force, material from the SANS Web site and others, demonstrations of various tools, and handouts. Participants will learn how to bypass typical mistakes, develop incident-handling protocols and procedures, and leave with a handy checklist that they can use to secure their desktop computers and network environments. These effective practices are real examples from peer institutions. We are only as secure as our weakest link, and sharing lessons learned can make us all stronger.

This seminar will include practical tips on what to do if your institution receives a request to produce electronic documents or data both before and during litigation, as well as strategies for making responses to such requests efficient and productive. It will include a discussion of the new federal regulations on electronic documents in litigation, cover important steps administrators must take to protect confidential documents and privileged communications with counsel, and review the institution's obligations to protect the privacy of sensitive data in electronic documents and databases.

The seminar will also address basic principles for establishing and implementing effective and legally compliant record retention and destruction policies for electronic documents and data. We will draw on the experiences of a large public university system in implementing electronic records policies and in managing electronically stored information in the context of litigation, including the Google Print Project copyright litigation.

This workshop has four main sections. First we will present an overview of the policy development life cycle, allowing time for group discussion of how the stages relate to individual campuses. Writing a policy is only one step in the process: beforehand, you must identify stakeholders and solicit their support and place the policy in the context of institutional values; afterwards, the policy must be approved by the right groups, distributed, promoted, interpreted, enforced, and reviewed.

In the second section we will describe a security policy gap-analysis process based on industry-standard categories that shows how to prioritize policies based on risk and relates the process to the institutional security program. The third section will present an overview of model security policy collected by the EDUCAUSE Model Security Policy Subcommittee for its wiki. The fourth and final section will offer practical exercises in writing good policy, including a case study approach.

This seminar will focus on the senior IT leader's role in securing the campus. It will leverage the work produced by the Security Task Force to help IT leaders understand current security issues and future trends. Special emphasis will be placed on using community resources to improve handling of sensitive data, preventing and responding to security incidents, and establishing security awareness programs on campus.

This seminar will discuss fundamental security principles, such as confidentiality, integrity, and availability and how they apply to Web-based applications. We will briefly explore technical aspects of the Web and HTTP (cookies, HTTP headers, and the stateless nature of the Web) and see how these affect application security.

The main focus will be a detailed exploration of the Open Web Application Security Project's (OWASP) top-10 list of Web application vulnerabilities. We will discuss these threats in detail, give specific examples, and explain how to secure your applications against them. We will also discuss threat modeling and software development practices that will help create secure applications and demonstrate a variety of tools to aid in the testing and scanning of applications.

The third Cyber Security Summit will be co-hosted by the Federal Bureau of Investigation (FBI), University of Tennessee (UT), Fountainhead College of Technology, and the Tennessee Valley Authority (TVA) and is an opportunity to bring together security professionals from academia, government, and private industry together to evaluate "The Human Aspect of Cyber Security". This conference will be held on October 16-17 at the Carolyn P. Brown Memorial University Center on the campus of the University of Tennessee in Knoxville, TN.

View security-related sessions.

The October 2007 Rochester Security Summit is a community focal point for education and awareness in collaboration with higher education, business and industry partners, held during National Cyber Security Awareness Month.

Location: The George Washington University
The Marvin Center - Grand Ballroom, 3rd floor
800 21st NW, Washington, D.C. 20052
Date: Thursday - August 9, 2007
Time: 1:00 PM - 5:00 PM
RSVP via e-mail by Thursday – August 2, 2007 at: DCSSIEvent@usss.dhs.gov
Sponsors: The U.S. Secret Service, The George Washington University, and the U.S. Department of Education

Security Discussion Group members and interested professionals are encouraged to attend the open meeting of the EDUCAUSE/Internet2 Computer and Network Security Task Force to learn more about its initiatives, including results of the ECAR IT Security Study and Computer Incident Factor Analysis and Categorization Project. Bring questions and suggestions regarding efforts to improve IT security in higher education. Volunteer opportunities will be described.

This presentation on application hacking and programming blunders that compromise security will be an eye-opening session for IT professionals at all levels. We will demonstrate and explain common Web application hacks such as URL rewriting, impersonation, SQL injection, and defense techniques and countermeasures that you can implement today.

The University of Wisconsin-Madison is implementing a comprehensive information technology security program suitable for both large enterprise systems and diverse departmental systems. We will describe the process of design and implementation of the program.

Building software that can predictably meet operational security needs is a challenge. This presentation will focus on appropriately identifying and evaluating security requirements based on operational risk. An analysis technique for determining system and software operational risk during development will be introduced. Results from a piloting organization will be shared.

ECAR data from 2003 and 2005 make it possible to compare the state of IT security over a critical two-year period. The findings from this analysis are striking, revealing an organizational, technological, and behavioral sea change as U.S. and Canadian universities and colleges have significantly improved all aspects of their IT security.

Data privacy protection has become a key concern in higher education. In this session we will discuss the kinds of security incidents that potentially compromise data privacy and what schools are doing to lessen the risk. We will also discuss preparations your campus can make to deal with a data privacy incident.

- Online Testing Security: New Technology Solution
- Confessions of a Security Engineer: The Aftermath of Implementing a Security Plan
- Deputize the Community: IT Security for All
- Design on a Dime: Classroom Security for 500 Bucks
- Mantra for Deploying Identity and Access Management: Who, What, Where, When, and Why?
- No More Social Security Number
- Pirates Beware: Security Through IT Asset Management and Sassafras K2

In this session we will discuss both the substance and process of developing an information security program for institutional data.

Rather than "jump starting" your information security program through purchasing technology solutions or focusing on a specific area, begin by developing a comprehensive information security plan. In this session, we will discuss how to design a plan that takes a risk-based approach and provides you with a prioritized action plan.

Existing security, reliability, and survivability analysis mechanisms do not provide a way to focus on challenges that cross multiple systems; consider architecture trade-offs beyond a single system; consider the linkage of technology to organizational goals; and define ways to proactively influence software development decisions to reduce risk. The SEI is developing an analysis framework to address these deficiencies. This tutorial will introduce attendees to this analysis technique and ways it can be molded to fit their organizational needs.

Responsibility for protection of personally identifiable information in our systems has been placed squarely on the shoulders of our institutions. In light of the dramatic escalation in identity theft and corresponding legislation to hold institutions accountable for security breaches, this seminar will share what we believe are best practices in information security. Join us in examining the key components of Washington State's information security plans, policies, toolkits, and training programs, designed to avoid exposing sensitive personal information to potential misuse.

IT security is a critical issue in higher education. This seminar will focus on network security architectures, infrastructure, data security, incident detection, prevention, and response. A framework and set of tools that participants can take back to their institutions for handling IT security incidents will also be provided. Participants will learn how to bypass typical mistakes, develop incident-handling protocols and procedures, use shareware and open source tools, interpret logs, and leverage other forensic and investigative resources. The effective practices work of the EDUCAUSE/Internet2 Computer Network Security Task Force will also be discussed.

This seminar will look at the role management plays in a successful enterprise security plan. We will focus on activities that are critical for management: how to build campus support for an enterprise security program; how to organize staff resources to support an enterprise security program; how to analyze risks and develop a multiyear plan for improving security; and what to do in the event a security incident does occur. Attendees will leave with a solid understanding of the resources available.

Technology, effective processes, and well-trained workforces are critical security program components, but without executive support, implementers will eventually hit a brick wall. Scaling such a wall takes careful thought and some risk. We will view security from the perspective of executives and provide a blueprint for winning and keeping their backing.

Well-managed access to online resources enables collaborative applications and assures privacy, supporting identity management infrastructures. Come to this session to discuss identity management on campus, including policy and governance, technology and practice, and implementation. Share your experiences and learn from your colleagues in this discussion.

The Virginia Alliance for Secure Computing and Networking is proving that by banding together to leverage field-proven security practices, experienced operational staff, and the latest cybersecurity research, institutions can greatly strengthen their security programs. Learn about the benefits of this award-winning, state-wide approach and how to find your own allies.

Several states have moved to require notifications following compromises of personal information and a federal proposal has also been introduced. Sponsored by the EDUCAUSE/Internet2 Security Task Force, this session will provide an update of legislative trends and identify practical steps that institutions should take following a data security incident. A toolkit of resources and effective practices will also be provided.

Baylor University recently conducted a campus-wide information technology security assessment. The session will present the assessment process, from choosing a consultant to remediation of the assessment's discoveries. The result is a long-term strategy and metrics for information technology security within the university.

Security Discussion Group members are encouraged to attend the open meeting of the EDUCAUSE/Internet2 Computer and Network Security Task Force to learn more about the initiatives of the task force and implementation of the National Strategy to Secure Cyberspace. Attendees are also invited to bring questions and suggestions regarding efforts to improve IT security in higher education. Open to all interested professionals.

How does a university with 1,800 residential students manage to receive less than one copyright infringement notice per month, while still allowing peer-to-peer computing? Find out how your institution can maintain sub-second Web performance, identify virus infections, mitigate denial of service attacks, and control illegal activities on your campus network.

Security and privacy affect what IT professionals must consider with programs, policies, and procedures to maximize institutional trust in network systems. In this session we will discuss privacy and security programs, compliance with federal regulations and related areas such as identity theft and notification protocols, pending and proposed legislation, and how to address these issues in your campus community.

This presentation will take a close look at the newest security challenges facing network and computing infrastructures: bots and spyware. A detailed and slightly technical examination of these challenges will be presented with real-world examples. Finally, an overview of the response mechanisms and processes employed by Cornell University will be outlined.

The First Cyber Security Alliance Conference in Eastern Tennessee, co-hosted by the Federal Bureau of Investigation (FBI), University of Tennessee (UT) and the Tennessee Valley Authority (TVA). The purpose is to promote a closer working relationship between law enforcement, higher education, and industry in identifying and dealing with cyber crime and related matters. The target audience is federal, state, and local law enforcement officers and private industry (IT Professionals/ System Administrators) as well as InfraGard members and academic/government employees involved in Cyber Security Management.

Information security incidents have occurred all too frequently at many colleges and universities. As a result, many organizations are increasingly moving from a reactive mode to a proactive program of prevention and detection. This workshop will provide cybersecurity insights from a seasoned panel of CIOs and leadership of the EDUCAUSE/Internet2 Security Task Force. Topics will include security strategy and planning, funding and staffing, executive awareness and engagement, risk management, policies and procedures, and incident response protocols.

Network security is a critical issue in higher education. This seminar will focus on campus network security architectures, including authentication infrastructure, traffic monitoring/management, denial-of-service attack deflection, incident detection, intrusion prevention and response, handling rogue access points and servers, policies, security standards, and certifications. The effective practices work of the EDUCAUSE/Internet2 Computer Network Security Task Force will also be discussed.

The users of networked computers need information and tools to change behavior that results in unsafe computing practices. IT staff, from help desk personnel to system administrators, also require training to develop skills that support the information security program. This seminar will describe approaches and resources for cybersecurity awareness and training.

Featuring: Alan Paller and Donald Wray
Thursday, January 20, 2005, 1:00 PM EST (1800 UTC)

Featuring: Johannes Ullrich and Chris Harrington
Wednesday, January 12, 2005, 2:00 PM EST (1900 UTC)

SALSA is organizing a 1.5 day workshop to discuss the ways in which security can be extended to address the upcoming needs of advanced application and network users. The workshop will focus on current activities inside of SALSA, specifically the new NetArch and NetAuth working groups, how to leverage middleware to support security, and the evolution of the Security at Line Speed report.

This webcast will feature opening remarks from Mr. Howard Schmidt, Chair, DHS Summit Awareness Task Force & Mr. Amit Yoran, Director, National Cyber Security Division, DHS. An overview of the National Webcast Initiative will be presented by William Pelgrin, Chair of the MS-ISAC, & the webcast session will be conducted by Ms. Barbara Chung, Senior Technology Specialist, National Technology Team, Microsoft Corporation.

Protecting high-performance networks from attack and misuse is a top priority for Internet2 corporate members. Preventing, detecting, and responding to security problems are of the utmost importance to an enterprise's ability to use advanced network applications and capabilities to communicate and access network-connected resources. Enhancing security while maintaining advanced capabilities -- security at line speed -- is a particular challenge for companies using high-performance networks and advanced computing environments. In this webinar, Ken Klingenstein will discuss security activities that are being led by Internet2, including lessons learned from the Security at Line Speed Workshop. Tony Cataldo, a technical specialist from Ford Motor Company will talk about security requirements and designing high-performance network architectures to support those requirements. Erik Mettala will cover new security technologies to address the requirements of high-performance networks.