Research and Education Networks Information Sharing and Analysis Center (REN-ISAC)

Permanent link for this collectionhttps://hdl.handle.net/2022/24531

Browse

Recent Submissions

Now showing 1 - 9 of 9
  • Item
    For Peers, By Peers: REN-ISAC Peer Assessment Service
    (2019-09-19) Bruhn, Mark; Coleman, Susan
    REN-ISAC’s Peer Assessment Service offers a broad assessment of technical, administrative, and physical aspects of a university or college cybersecurity program. The Service’s Peer Assessments (PAs) are done by seasoned higher education professionals. The use of external assessors to augment local information security resources provides a valuable, objective assessment. PA results are tremendously valuable when the assessors have direct, applicable experience in campus environments, in contrast to (usually more expensive) general vendors or commercial security consultants. Join Peer Assessment Engagement Manager Mark Bruhn and Program Manager Susan Coleman for an overview of the PA process including engagement scope options, on-site visit procedures, scheduling, and cost.
  • Item
    The New New Internet
    (2018-11-15) Ullrich, Johannes
    We all know the Internet and the "Web" are synonyms as the only protocol you will ever use is HTTP. Wrong! There is a second protocol that is simple and, unlike HTTP, "just works": DNS. But as they say, quiet waters run deep. In this talk, you will learn what is changing about DNS. How DNSSEC, a very effective but much too complex (for the average sysadmin) protocol is being replaced by simpler "DNS Cookies," and how even DNS all of a sudden starts to care about this privacy thing that you heard people talk about in the news. And yes, you will learn how to finally run DNS over HTTP to finally obsolete the last remaining reason for port-based firewalls. We will have fun and excitement with one of the most boring protocols on the internet - and you will never believe what happens on slide 23!
  • Item
    Email Authenticity with DMARC
    (2019-11-01) Thompson, Jesse
    Your institution’s brand is portrayed to the world via the email that is sent using your domains. DMARC is a security control you have to protect the brand of your institution. We will explore UW-Madison’s email domains as a case study for this TechBurst and learn the strategies being used to implement DMARC at the nation's 6th ranked research university.
  • Item
    Sweetening Your Threat Intelligence with Automated Honeypots
    (2018-06-28) Merck, Alexander; Collins, Chris
    Many organizations currently deploy honeypots within their networks to generate actionable threat intelligence. However, the process of deploying numerous honeypots across a network can require a significant amount of setup and configuration. We will present a method for dynamically and automatically deploying honeypots using Docker and Ansible, as well as deployment techniques for several popular cloud providers. By using these techniques to deploy honeypots, organizations can rapidly and easily enhance their current threat intelligence.
  • Item
    CICI Regional: SouthEast SciEntific Cybersecurity for University Research (SouthEast SECURE)
    (2018-02-22) Gemmill, Jill; Skjellum, Tony; Graves, Sara; Gadsden, Veronical; Alo, Richard
    An experienced principal investigator talks about how campus cybersecurity staff can best support NSF (and other funded) researchers for needs that are in addition to baseline campus support. A survey of over 700 National Science Foundation funded principal investigators and their familiarity with cybersecurity was conducted - learn about the surprising responses.
  • Item
    Cyber Security for Title IV Schools: How Being a "Financial Institution" Changes the Paradigm
    (2017-04-21) Harper, Thomas
    This presentation is intended to inform participants about the role of a federal OIG, and the specific role and jurisdiction of ED OIG's Technology Crimes Division within the cyber-security framework of institutions participating in the Title IV Educational Assistance programs administered by the U.S. Department of Education. The presentation will also cover cyber security requirements mandated under federal law for participating Title IV institutions, and talk about recent communications regarding these requirements from the U.S. Department of Education. The presentation should inform participants regarding cyber security event reporting requirements, and anticipated U.S. Department of Education actions regarding compliance and enforcement in this area. Although primarily targeted at a cyber security audience, this presentation will likely be relevant as well to persons involved in the administration of federally-based student financial aid.
  • Item
    Cloud Vendor Security Risk Assessments: An Update from the HEISC Shared Assessments Working Group (REN-ISAC Techburst)
    (2017-10-25) Escue, Charles
    Assessing vendor risk and security posture continues to be a time-consuming effort for many security professionals in higher education. Although many campuses commit resources to the highest priority assessments, few are able to assess all cloud services that host institutional data. To explore the potential for collaborative risk security assessments, a HEISC working group was formed with EDUCAUSE, Internet2, and REN-ISAC members to develop the Higher Education Cloud Vendor Assessment Tool (HECVAT), published in late 2016. The presenter discusses the origin and goals of the HECVAT, how the community will guide future development, how to leverage the HECVAT for beginning and existing security assessment programs, and discover ways to contribute.
  • Item
    2018 Blended Threat Resilience Workshop Series Final Findings Report Brief
    (2019-07-31) Pacenza, Jennifer; Zupan, Brett
    To encourage security improvement within the larger higher education community, REN-ISAC documented the session conversations and extrapolated high-level observations in the 2018 REN-ISAC Blended Threat Resilience Workshop Series Final Report. For the Final Findings Report Brief, we have sorted through the Final Report to provide the top five best practices revealed during the workshop series. This document is TLP:WHITE, so we encourage you to share these findings with colleagues, supervisors, and administration at your institution.
  • Item
    2018 REN-ISAC Blended Threat Resilience Workshop Series: Final Findings Report
    (2019-07-31) Zupan, Brett; Pacenza, Jennifer; Herring, Todd; Milford, Kim; Bigham, Sarah; Jabbour, Andy; Wilk, Damian; Tisza, Omar
    From May to October 2018, REN-ISAC led the development and implementation of six analogous workshops across the United States as part of the 2018 REN-ISAC Blended Threat Resilience Workshop Series. These exercises occurred in Indiana, Arizona, North Carolina, Oregon, Massachusetts, and Florida and involved member and non-member institutions, higher education organizations, and other private and public sector partners involved in higher education security.