Monday Keynote: Librarians in the Wild - Thinking About Security, Privacy, and Digital Information - Lance Hayden


Published on

Presented at the 2010 Electronic Resources & Libraries Conference. --

Lance Hayden, School of Infomration, University of Texas

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Get over the distinction between wilderness and civilization – in cyberspace they are co-located.Rather than encroach on the wilderness, it increases as more people build things in it.
  • Not being an alarmist – simply giving benefit of 20 years of experience at how easy it is to violate trust, take advantage of weakness, and inflict damage on the unsuspecting
  • Think of each house as an application or a new system or serverEach new addition is filled with things that may be valuable – we build to hold our data, our applications, our processes, etc.Each new addition has doors, windows, chimneys and other ways in which to get inside. Some we know about, some we do not.
  • Morris Worm was a mistake – stupid kid sets forest on fireHackers and vandals – digital cow tippingCrackers, punks, and lone gunmen – Eastwood in cyberspace, the wild westWar, terror, and crime – it’s now botnets and nation states
  • The digital matchbookDumb kid sets woods on fire
  • Hackers and vandals – digital cow tipping
  • KevinMitnick
  • Our cities and buildings are built of software, code, and metal boxes.As we add more systems and functions and apps we add more rooms, doors, and windowsThe environment is hostile – materials degrade and cracks form while predators keep looking for ways in (new hacks, new software) Confidentiality Integrity AvailabilityMaintaining integrity is a constant job and most of us allow our structures to fall into disrepair
  • Security is like the wizard’s protective circle, drawn around our homes and offices – firewall code and malware signaturesSay the words incorrectly, out of order, or leave out an incantation, or fail to draw the circle exactly right, and the circle can be breached
  • Using trojanUSBs as a social engineering attack
  • Mark Zuckerberg – Privacy is no longer a social normEric Schmidt, Sergey Brin, Larry Page – Google in China
  • Monday Keynote: Librarians in the Wild - Thinking About Security, Privacy, and Digital Information - Lance Hayden

    1. 1. Librarians in the WildThinking About Security, Privacy, and Digital Information
    2. 2. Lance Hayden Six years with the C.I.A. Master’s from UT iSchool, 1997 Cisco Systems since 1998 Ph.D. from UT iSchool, 2009 Lecturer in UT iSchool since 1999  Security Informatics  We Like to Watch: Surveillance and Society
    3. 3. The Wild Term of art in computer security  The “real world” (as opposed to the lab) A metaphor for where we live in a digital society  Complexity, uncertainty, risk, and threat  The technology landscape  The changing environment in which we create and deploy digital information infrastructures (and the infrastructures themselves, sometimes)
    4. 4. Cities in the Jungle We build houses, shelters, and entire communities in cyberspace Civilization (security of our resources) summed up as:  Confidentiality  Integrity  Availability We often behave in our communities in ways that would give us pause in the physical world
    5. 5. Expansion and Exposure
    6. 6. Four Axioms of Wilderness Life Large herds attract big predators Structures decay quickly in the wild Protective spells are treacherous Knowledge is the best survival trait
    7. 7. From Attrition:
    8. 8. From Attrition:
    9. 9. A Brief Survey What is your risk tolerance? Is your Internet-facing perimeter secure? Your wireless? Are your systems and applications patched and up to date? Do your employees and users choose strong passwords? Do you have a disaster recovery and business
    10. 10. Top Ten Passwords (RockYouHack)1. 123456 6. princess2. 12345 7. rockyou3. 123456789 8. 12345674. Password 9. 123456785. iloveyou 10.abc123
    11. 11. Death by USB
    12. 12. Security & Privacy Norms
    13. 13. Security Resources ISO 27000 standards  Plan-Do-Check-Act  Security Controls Online Resources  SANS –  ISSA –  ISACA –   
    14. 14. Questions?