Educause Security Professionals Conference – Proposal Accepted

virtual

I am excited to share that I will be presenting at the 2015 Educause Security Professionals Conference by means of an online-only session.  It will take place on May 5th from 9:15-10:15 AM.  Although I am not a complete stranger to public speaking, this will be my first presentation at Educause and my very first online presentation.  It should be an adventure!

Title:  Good Enough Security: When is it good enough?

Session Abstract:  While many security professionals focus on “best” practices, in many cases “good enough” security would suffice for deflecting the majority of threats.  In an effort to maintain a balanced viewpoint and avoid becoming myopic regarding security requirements, it is important that we come to terms with what level of security is “good enough” within the culture of higher education.  Join us for an interactive, spirited and subjective discussion regarding what level of security is “good enough” in areas such as password complexity and change requirements, network architecture, endpoint security, and many other specific scenarios.

Session Participant Engagement Strategies:  After a brief discussion surrounding the selfish herd principal and why risk based “good enough” security should not be discounted, I will present various multiple choice examples and scenarios.  Each participant will vote on what option they feel is “good enough” by means of live polling via the internet.  After voting is completed, I will offer my own perspective / experience and then go through each choice one by one.  As time allows, advocates for each option will have the opportunity to justify their choice and others will have the opportunity to express why they disagree.  The intention is to stimulate a meaningful discussion and help participants reach a reasonable viewpoint regarding what configurations, standards and designs are likely “good enough.”

What do you think of the session topic?  Do you have any ideas regarding what I should cover during this session?  Any strong opinions regarding what is “good enough security” in the environments you support or work in?  Are there security measures you have encountered that seem unnecessary or overkill? 

Share your thoughts in the comments below and don’t forget to subscribe!

New School Malware Wipes Hard Drives Old Skool Style

hard driveThis story has been over-reported on already, so I figured I would join the party! The FBI issued a warning regarding malware that completely wipes all data on a computer’s hard drive. Destructive malware is nothing new, but it has fallen out of favor with malware writers probably because there isn’t much to gain by destroying someone’s data. Of late, it seems that most destructive malware has been targeted, so for the most part the average person doesn’t need to worry about that risk. However, that may be about to change.

All evidence indicates that this malware wreaked havoc on Sony pictures recently. If I can find a bright side to this type of news, it’s the fact that people tend to listen up when they hear that they can potentially loose family photos and videos forever if they click on the wrong link. Low probability perhaps, but very high impact! So I will take this opportunity to make a few recommendations.

I am not going to tell you to install anti-virus, even if you are a Mac user, because I know that my blog readers already have AV installed…right?!  And I know you would never log in to your local workstation as an administrator to check email and surf the web, so no need to mention that!

Consider installing and using EMET if you are a Windows user. I have been running it on my Windows desktop set to “Maximum security settings” with no adverse effects.  Well, that’s not entirely true.  There was one patch recently that caused EMET to crash IE continually, but updating EMET resolved the problem.

Backup, backup, backup. Oh and don’t forget to backup your data. Make sure your data is backed up too. And if you are really smart, you will backup your data.

One more thing…AUTOMATE your backup. Don’t rely on remembering to manually copy your data to a USB drive. Automate the process otherwise when you need your backup, it will be 1 year old. I guarantee it!

Did I mention the importance of backing up your data?

Technical Details published by Symantec about Backdoor.Destover:  http://www.symantec.com/security_response/writeup.jsp?docid=2014-120209-5631-99&tabid=2

Thanks for reading and don’t forget to subscribe!