by Dr. Barbara Endicott-Popovsky
Director, Center for Information Assurance and Cybersecurity
Academic Director, Master of Infrastructure Planning and Management
University of Washington
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
UW Cybersecurity Lecture 9 - Social Media
1. Lecture 9 11/21/2012
Security in Social Media
Dr. Barbara Endicott-Popovsky
Ilanko Subramaniam
IMT551
2. Week 9 Security in Social Media – MSIM group
• Students Assemble at Portal 5:30-5:40
• Lecture: Security in Social Media 5:40-6:10
Barbara Endicott-Popovsky
• Mentor Briefing 6:10-6:15
• Group Activity: Cybersecurity Challenge 6:15-6:35
Students led by Stylianos or Cooper, respectively.
Cooper will be the floating Mentor, available to assist should the need arise.
• Regroup 6:35–6:45
Final return to plaza for dismissal by Barbara
Students e instructed to log off the island & encouraged to return at later date for independent exploration.
3. Week 9 Security in Social Media – PCE Group
• Students Assemble at Portal 6:00-6:10
• Lecture: Security in Social Media 6:10-6:40
Barbara Endicott-Popovsky
• Mentor Briefing 6:40-6:45
• Group Activity: Cybersecurity Challenge 6:45-7:15
Break students into two groups, led by Stylianos or Cooper, respectively.
Cooper will be the floating Mentor, available to assist should the need arise.
• Regroup 7:15–7:25
Final return to plaza for dismissal by Barbara
Students e instructed to log off the island & encouraged to return at later date for independent exploration.
4. IT'S TIME FOR ANOTHER AGORA
• WHEN:
MEETING...
Friday, December 7, 2012, 8:30 AM to 12:30 PM
• WHERE: WE ARE MEETING ON THE UW SEATTLE CAMPUS (Different location than last time!):
Husky Union Building (HUB) South Ballroom - Just re-opened after a lengthy remodel
UW Campus, Seattle, Washington
www.washington.edu/home/maps/
• CONTACT: Kirk Bailey - kirkb01@uw.edu
Ann Nagel - awalchuk@uw.edu
Daniel Schwalbe - dfs@uw.edu
• TIMELY TOPICS, PROFESSIONAL NETWORKING, FREE PASTRIES AND HOT COFFEE
What more could you want on a Friday morning?
We need to be working together and sharing information about our common challenges. In the Pacific Northwest, the Agora has a long history of being one of the best
opportunities for professional networking for folks working in the cyber-security field. There are plenty of reasons to take some of your valuable time to attend the meeting. It's
happening on a beautiful university campus in a comfortable venue. There will be a few hundred fun people, interesting presentations, free coffee and goodies, and timely conversations
with all manner of security and privacy experts.
• AGENDA
• 9:00am - WELCOME AND ANNOUNCEMENTS
• 9:15am "CYBER-THREAT BRIEFING: IRAN"
• PRESENTATION BY: KIRK BAILEY
It's a very small world. Despite how difficult it may be, assessing and understanding current cyber-based, posed by various nations' political, economic, and strategic
interests, is an evolving responsibility for security professionals. Planned and targeted attacks against both public and private sector organizations around the world are now
part of the daily grind. Based on open source information, conversations with professionals across the country, and UW's operational experience, Mr. Bailey has developed a
briefing about Iran's interests on our networks.
• Bio: Since 2005, Kirk Bailey has been the University of Washington's CISO. Prior to his current position, he was the first CISO for the City of Seattle and held similar positions in the healthcare
and financial sectors. Kirk is a strong advocate for re-thinking the industries current practices and approach to cyber-security. With the founding and sustainment of the Agora since 1995, he
has demonstrated his ongoing belief in trusted information sharing as a cornerstone for shaping the appropriate protection strategies for network-accessible assets and critical services.
• 10:15am - "ANATOMY OF AN ATTACK - AGORA EDITION"
• PRESENTATION BY: CHESTER WISNIEWSKI
Chester Wisniewski will explain his expert views regarding "the who, what, why and how" of cybercrime. Mr. Wisniewski has consolidated the lessons learned by Sophos
researchers from around the globe into an entertaining and informative presentation highlighting the changing threat landscape and the methods utilized to thwart our defenses.
• Bio: Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He has over 15 years of experience designing, implementing and consulting on network security and related technologies.
Since joining Sophos in 2003, Chester has worked exclusively in security related engineering work. He works closely with SophosLabs to study threats in-depth and provide timely information
how best to secure networks and data against evolving threats.
5. Cont’d.
• 11:15am - "CATCHING AND PROSECUTING THE BAD ACTORS"
• PRESENTATION BY: KATHRYN WARMA, DAVID DUNN, AND CHRIS HANSEN
AUSA Warma, Detective Dunn and Detective Hansen will describe the chronology of the investigation, arrest and prosecution of three defendants recently sentenced in
Seattle, Washington for their participation in a complex network intrusion, fraud and identity theft scheme. This scheme involved a variety of tactics, from primitive
burglaries to innovative "war-driving" seeking vulnerable networks. The theme of this discussion denotes the importance of victim reporting and building working trust
relationships with law enforcement to identify, track, and apprehend targets.
• Bio: Assistant United States Attorney Kathryn Warma is a "CHIP" (Computer Hacking and Intellectual Property) prosecutor for the U.S. Attorney's Office in the Western District of
Washington. During her past decade as a CHIP, Ms. Warma has prosecuted cases involving Internet fraud, Internet threats and stalking, theft of computer code, sales of counterfeit
software, P2P-based fraud, botnets, criminal spamming, and assorted flavors of hacking.
• Bio: David Dunn is a 12 year veteran of the Seattle Police Department and has been assigned to the U.S. Secret Service Electronic Crimes Task Force for the past six years. During this time
he has investigated numerous online and financial crimes. His investigations have focused on international cyber criminals and have included all forms of network intrusion, abuse and
fraud cases.
• Bio: In six years as a Fraud Detective for the Seattle Police Department, Chris Hansen has investigated criminal activity ranging in complexity from check forgery, credit card fraud and
embezzlement to identity theft, insurance fraud, securities fraud and mortgage fraud. As a member of the E-Crimes Task Force, Mr. Hansen investigates skimming cases, identity
theft, network intrusion and POS hacking cases. Additionally, Mr. Hansen provides digital forensic support to the Seattle Police Department and other agencies participating in the E-
Crimes Task Force.
• The 2013 AGORA Meeting Dates - Mark Your Calendars!
March 29th, 2013
June 28th, 2013
September 6th, 2013
December 6th, 2013
• You are receiving this email through the AGORA email list. If you do not wish to receive future AGORA announcements, please send email to agora@uw.edu requesting removal.
• Please do not distribute this announcement or post online without express permission from one of the Agora contacts listed above.
8. IA Reporting
• Corporate Reporting
– Audience
• External entities and government and regulatory bodies
• Executive Management
• Key Stakeholders and employees
– Type of reporting
• Policy compliance
• Risk management
• Incident management
• Health index
• Self Reporting
• System Reporting
9. Types of Reports: You need a plan
• General corporate
• Compliance
• Incidents, flaws, malicious activities
• Explore the Office of the CISO website to get a sense of
how UW organizes its reporting function:
http://ciso.washington.edu/
12. Employer’s View:
Pluses and Minuses of Social Media
(….read Facebook)
Pluses Minuses
• Marketing reach • Information breach
• Data release
• Opinion making • Employee rants
• Liability issues ?
• Human resource research
• Data management for litigation
• Intelligence gathering
• Control ?
• Situational awareness • How?
• Mobile devices
• Collaboration • Lose Gen Y workers
• A plus for Gen Y workers
• Kids
13.
14.
15.
16.
17.
18.
19.
20. Controls
• Employee Orientation
• Pervasive awareness training
• Culture of online safety
• Example: Boeing online awareness program
• Policy
• Leverage awareness
• Example: City of Seattle’s Social Media Policy site:
http://www.seattle.gov/pan/SocialMediaPolicy.htm
21. What about the kids?
• ‘Every pedophile has a Facebook account’
CISO Correction systems, SecureWorld 2011
• Resources for parents/teachers:
• Safe and Secure Online –
https://cyberexchange.isc2.org/safe-secure.aspx
• Stay Safe Online - http://www.staysafeonline.org/
• Internet Crimes Against Children Task Force -
https://www.thecjportal.org/ICAC/Pages/Resources.aspx
• Look Both Ways Online Safety –
http://look-both-ways.org/
22. What is at risk for you, personally?
• Time and effort
• repair damage,
• deal with consequences,
• prevent re-occurrence
• Computing resources
• bandwidth,
• CPU,
• storage
• In game and real world resources
• money,
• sensitive data,
• Identity
• Things more sinister?
23. Set Your “Evil Bit”* to 1
Would you have thought of these attacks:
• Facebook “Error check system”
• Facebook “get rich quick” scams –
only $1 down – how can you lose?
• Clickjacking (invisible objects)
• Would you like Bots with that?
*See RFC3514 –The Security Flag in the IPv4 Header
27. Security and Trust in Virtual Worlds
• Some ways to attempt to maintain trust
– eBay ratings
– Craigslist community flagging
– Second Life Abuse
• Some ideas to manage identity in VWs
• VW user agreement
• VW side channels
• VW security zones
• Certification/verification of avatars
28. User Agreements
• End User License Agreements (EULAs)
– What are they?
– Who reads them anyway?
• Types of Virtual World EULAs ?
• VW alternatives to the EULA Scheme
• Degrees of Protection
29. Side Channels
• Processes outside of the virtual world that can
be used to help achieve authentication goals
• Side channels could provide a “trusted path”
to exchange information.
• Two main types:
• Prior to Virtual World interaction
• During Virtual World interaction
30. Security Zones
• Segregated areas within VW
• Corporate clients
» Example: Training/Education, highly valued services
• Second Life – Private Regions
– $1,000 purchase, $295/mo maintenance
– Secure intranet space
– Restricted or open
• Cost to clients and VW vendors
31. Virtual World Authentication
• ‘SSL-like’ authentication for the Avatar
• Accreditation handled by requesting agency
• Questions:
• How does the VW display the accreditation flag?
• Potential pitfalls?
32. Remember not to trust
anyone?
What starts off in the
VW can have
significant
consequences in the
real world.
http://website-tools.net/google-keyword/site/oddorama.com/
33. Final Projects
• Presentations Nov 28
• # of Minutes dependent on # teams
(quick count—help me here!)
• Faculty presiding
» MGH 271 Board of Directors
Board Chairman Ginger Armbruster
» PCE Ilanko Board of Directors
• Industry audience members
• Reports Dec 5
34. NEXT WEEK - MSIM
PRESENTATION OF FINAL PROJECTS
10
11/28 GUEST APPEARANCE: A CISO’s Top Concerns
Kirk Bailey, CISO University of Washington,
Board Leader of Agora
MSIM Cybersecurity pioneer
LAB: Final Presentations to Board of Directors
Tracy Kosa
Sr. Strategist, Privacy and Online Safety; Trustworthy Computing,
Microsoft Corporation
Doctoral Candidate, Computer Science; Faculty of Science, University of
Ontario Institute of Technology
-------------------------------------------------------------------
GUEST LECTURE VIDEO: Information Security Challenges of the 21st
Century
Ming-Yuh Huang, Technical Fellow, The Boeing Company and
Program Director Boeing, IA ks R&D,
http://www.engr.washington.edu/edge/aut06/lis498L4.asx
This week’s guest lecturer addresses the trends in IA into the 21st
Century based on his experience at a large manufacturing company. Pop
the URL in your browser and watch at your convenience.
DUE: Final Project Presentations and Reports
35. NEXT WEEK
PCE
PRESENTATION OF FINAL PROJECTS Mather, et.al.
10 Chapter 9-10, 12
11/28 GUEST APPEARANCE: A CISO’s Top Concerns
Herb Canfield, Security The Boeing Company
Ilanko
LAB: Final Presentations
-------------------------------------------------------------------
GUEST LECTURE VIDEO: Information Security Challenges of the 21st
Century
Ming-Yuh Huang, Technical Fellow, The Boeing Company and
Program Director Boeing, IA ks R&D,
http://www.engr.washington.edu/edge/aut06/lis498L4.asx
This week’s guest lecturer addresses the trends in IA into the 21st
Century based on his experience at a large manufacturing company.
Pop the URL in your browser and watch at your convenience.
DUE: Final Project Presentations and Reports
Editor's Notes
Tonight’s guest lecture will be <fill-in>. Followed by a lecture on Reporting and PR. Then I will give you time to discuss assignments and final project.
Tonight’s guest lecture will be <fill-in>. Followed by a lecture on Reporting and PR. Then I will give you time to discuss assignments and final project.
Let’s review last week a bit
Reporting takes place at every stage of the IA lifecycle. It is the lifeline of a successful program.
Lets look at the various aspects of IA reporting. Corporations report on many things including.. Some are mandatory and some are voluntary. <give some examples>. There is also self reporting where each and everyone of you can report on misconduct or if someone or some entity is breaking the law. Systems also produce reports and logs that are very useful for diagnosis and discovery.
You need a plan for how you will structure and organize your reporting function. There are 3 general types of reports. What these categories will include will depend on your industry and company policies—a look at the UWCISO website will help you see how they organize their reporting function. Explore the site—this gives you good examples you can follow.