Protect Yourself against Four Key Areas of Cybersecurity
Vulnerabilities: Phone, Tablet, Email and Social Networking
In late January 2015, a sexually explicit graphic email was sent to more than 5000 users in a northwest Chicago suburban public school email system. A senior in that high school confessed to sending that email to two local high schools in that school district. Children and teenagers are quick learners in our technologically based world. They represent a larger part of our user population and can significantly impact our IT infrastructure as compared to other users. We will explore four major areas: mobile phones, tablets, email access and social networking and how potential vulnerabilities and threats can arise due to teen behavior and attitudes. We will discuss latest research, case-studies, common policies, processes and procedures that can be created, modified or reviewed in schools to enhance cybersecurity and improve IT efficiency and effectiveness
Sudesh Kannan PhD is a business consultant at PCS International and an Associate Professor at University of Maryland, University College, MD, UMUC Graduate program on Cybersecurity.
Designed for mid-career professionals who wish to help meet the challenges posed by increasing cyber-threats, the Master of Science at UMUC in Cybersecurity program uses a multi-disciplinary approach—drawing from fields such as management, law, science, business, technology and psychology—to provide students with the knowledge and skills to protect an organization’s cyber assets.
PCS International is a full-service IT Solutions Provider founded in 1986 to provide essential technology solutions for businesses and schools. Since then, PCS International has become the virtual IT department for several private schools around the Chicago area.
Trends In Cybersecurity Regulation & Enforcement
Adler Law Group
It has been a tough year for Cyber-Security. Researchers uncovered terrifying vulnerabilities in products ranging from cars, to garage doors, to skateboards. Data privacy is an issue facing every industry yet few IT departments report being prepared for, a or having a plan to, address business and legal risks that may arise from a privacy or security breach. This presentation is about the last two issues, protecting security and privacy with an overview of federal privacy laws, sector-specific requirements, recent regulatory actions around privacy and security, and some best practices regarding the security of IoT devices.
David M. Adler is a lawyer with over 18 years experience guiding entrepreneurs, executives, creative professionals and organizations through the dynamic and sometimes murky legal challenges presented by the interrelated areas of Trademark, Copyright, Trade Secrets, Privacy, Information Security, Marketing & Advertising, Social Media, Digital Business, Regulatory Compliance, Litigation and Corporate-commercial transactions. David has been designated by his peers for five consecutive years as an Illinois SuperLawyer® in the areas of Intellectual Property and Entertainment & Media Law. David has significant in-house counsel experience managing the legal affairs of industry-leading software providers in the public relations and marketing industries, negotiating, and drafting enterprise-level Software-as-a-Service (SaaS) agreements, vendor and third-party contracts with a heavy emphasis on proprietary rights. He is a prolific writer maintaining a technology-focused blog (Adlerlaw.Wordprees.com) and newsletter (Ping®) devoted to helping entrepreneurs and professionals identify, protect and monetize their creative content and ideas, and take advantage of the opportunities presented by today’s digital business platforms
Outside the practice of law, David was an Adjunct Professor teaching Music Law at DePaul College of Law, taught Entertainment Law and Introduction to E-Business at Columbia College Chicago, formerly chaired the Chicago Bar Association's Media & Entertainment Law Committee and is currently a member of the Illinois State Bar Association Intellectual Property Law Committee.
Building a Cybersecurity Incident Response Program
Gift of Hope
Building a Cybersecurity Incident Response Program Brief Description of Presentation: Doing anything in panic mode is never a good idea. This talk will discuss preparing an incident response plan and include ideas on communications, forensics, and outside counsel. Real experiences/stories will be shared
Edward Marchewka is the Director of Information Technology for Gift of Hope Organ & Tissue Donor Network. In his role, Edward is responsible for maintaining and securing the infrastructure for 24/7/365 operations, supporting the IT customer environment, and delivering and supporting the enterprise applications that run Gift of Hope. His teams work with Gift of Hope’s internal and external customers to deliver high quality information and technology services. Edward is also the Founder and Creator of CHICAGO Metrics™, a platform to a program to help manage your company's key IT and Information Security risks enabling you to have a better conversation with business leadership in terms that they understand.
Before joining Gift of Hope Edward was the Enterprise Information Security and Server Operations Manager (CISO) for Chicago Public Schools, the third largest school district in the country. Additionally, his IT background includes experiences from running his own business to field service to Fortune 250 experience with Thermo Fisher Scientific. Edward holds active certifications from: (ISC)2, ITIL, PCI, Microsoft, CompTIA, and a designation from the NSA, along with legacy certifications from: Cisco and HP. He is a member of (ISC)2, AITP, and a Board Member with the Chicago InfraGard. Edward is involved with: ChicagoFIRST, Chicago Electronic Crimes Task Force, and is on the governing body for Evanta’s CISO Executive Summit.
Edward has completed, from Northern Illinois University, an MBA and an MS in Mathematics and, from Thomas Edison State College, a BS in Nuclear Engineering Technologies and a BA in Liberal Studies. He also holds a Certificate in Nonprofit Management from the Kellogg School of Management at Northwestern University.
Top 10 Things you can do to stay out of the news!
Companies are being breached at an alarming rate. While some attacks have gotten more advanced, most are taking advantage of obscure default settings and simple misconfigurations to gain access to your network and escalate privileges. This talk will focus on the top security controls that can be implemented at low cost and low impact to your network, ensuring maximum ROI of your Domain Admins valuable time. Missing this talk could mean risking your companies reputation.
Ron is a Certified Information Systems Security Professional (CISSP) and Certified Computer Examiner (CCE) with 16 years of experience in security risk management and digital forensics and over 17 years total experience in Information Technology. Ron is a Partner in the independent firm, BTB Security. Ron co-founded BTB Security after successfully developing and leading professional service teams and internal security departments. Ron has an extensively varied background performing jobs in law enforcement and information security/forensics.
Ron has experience on various systems, devices and applications and areas of focused expertise include security assessments, security monitoring, incident response, forensic investigations/examinations, and security organization implementation and review. Ron also has over twelve years experience in the programming of various languages.
Win 7 InPrivate mode not really private
Forensic examination of Microsoft Internet Explorer's InPrivate mode. Traces found in Window 7 Index.dat files.
Computer Forensic Investigator and Private Detective at PC Forensics, providing investigations into fraud, waste, and abuse, Computer Forensics, expert testimony, Cyber Crime Investigations, IT support and training.
Over 8 years as Computer Forensic Investigator at the Office of Executive Inspector General. Provide support for Investigations into fraud, waste, and abuse by state employees. Responsibilities include computer forensics, expert testimony at arbitration hearings, service of subpoenas, witness and subject interviews, providing training and IT support. Provide data analysis using MS Excel spreadsheets. Troubleshoot computer and software problems. Analysis for removal of infections from malware, trojans, and viruses.
US Postal Inspector with 22 years of experience in mail fraud, worker compensation fraud, internet fraud, computer forensics, employee theft and misconduct, mail theft investigations for stolen credit cards and checks, audits of Postal Service computer and mail delivery systems, response for anthrax mailings, revenue fraud and protection, and security reviews.
15-minute Linux DFIR Triage
Bloomsburg University of Pennsylvania
You've received a call from a client that thinks their Linux system(s) have been hacked. This talk will show you how to determine with a good degree of certainty whether or not a breach has occurred in 15 minutes or less.
Phil Polstra (aka Dr. Phil) has been programming from age 8 and causing trouble with electronics since he was 12. He has held every position in the software development world from programmer to CTO. Over the last several years he has worked on ways to do forensics and security with small computer devices. He is currently a professor teaching Digital Forensics at Bloomsburg University of Pennsylvania. In 2015 he published Linux Forensics (Pentester Academy) which is the basis for this talk.
PCI 3.1 and 3.2 and Beyond: Tips and Tricks for PCI
The Payment Card Industry Security Standards Council recently updated version 3.0 of its credit card security standard to version 3.1 and will soon release version 3.2. What are some of these changes, and what should we expect from the SSC in upcoming versions of its landmark PCI standard? This presentation will review the changes in the new 3.1 release, what will be the focus of 3.2 and general tips and tricks for maintaining PCI compliance. The credit card security world is a rapidly changing playing field, and this presentation will cover best practices for credit card security in the midst of all these changes.
Joel Dubin has been a QSA and PA-QSA since 2008, and has conducted assessments in the US, Latin America, Europe and the Middle East. He is currently a Manager in the Security and Privacy Services group at RSM US and prior to that worked for Trustwave and HSBC in credit card security. He has reviewed the credit card security of merchants and service providers, as well as, reviewing the security of credit card payment applications.
Security of Searchable Encrypted Cloud Storage
In the face of growing security and privacy concerns, cloud storage providers have begun to add encryption features to their services. Products are being marketed which are claimed to preserve user indexing and search capability, while still keeping the content of the data hidden from the service provider. However, all of these schemes necessarily leak information in some form. We have developed a characterization of the leakage profiles of several searchable encryption schemes, and devised practical attack scenarios showing how the leakage is potentially exploitable in the real world. This talk will outline the principles of searchable encryption for cloud storage, present examples of leakage-based attacks, and discuss potential paths toward better security for outsourced storage.
This talk is based on joint work with David Cash, Paul Grubbs, and Thomas Ristenpart, first presented at ACM CCS 2015
Dr. Jason Perry is an Assistant Professor in the Computer and Mathematical Sciences department of Lewis University. He earned his PhD from Rutgers University in 2015, with a dissertation in the area of protocols for secure computation. His published work includes a systematization of knowledge for secure multi-party computation protocols; efficient protocols for secure policy compliance checking in databases; and analyses of the vulnerabilities of searchable encryption techniques used by cloud storage products. Jason has also done work in statistical and logic-based natural language processing.
The Security Sprint
Organizations are increasingly adopting Agile and DevOps. Incorporating Security into Agile and DevOps is an after thought and not typically streamlined. Both Agile and DevOps though closely related and complimentary do not emphasize security. In fact, culturally they do the opposite - speed of delivery typically does not equate into increased requirements especially Security. This presentation provides suggestions on how to incorporate security into Agile and DevOps. It suggests "a Security Sprint" that occurs at regular intervals. If used effectively Agile and DevOps could be a boon to the Security professionals.
Ramnath Cidambi is Managing Director of IT for ISAC. He has over 20 years of technology experience. He is a Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC). Ramnath has worked at corporations such as Monster Worldwide and United Airlines in leadership positions.
Developing Affordable Initiatives for Strategic Cyber Security Operations for Midsize to Large Companies
CISO Partner - Security, IT Risk & Compliance Practice Lead
MVP Advisory Group, LLC
Companies of all sizes have woven the internet into almost every aspect of their operations, introducing profound security risks into their business. With the shortage of cyber security talent, increased labor costs and ever changing security landscape, companies struggle in protecting themselves on shrinking budgets. Learn in this discussion how to identify key security initiatives your company should be pursuing and what other companies are doing to leverage outside resources
Laszlo is responsible for helping organizations, corporate and non-profit alike, navigate the digital frontier advising on cyber security, IT risk mitigation, compliance and building digital technology strategies that drive performance and business value. He has experience across a number of industries advising boards, developing security strategies, evaluating IT risk and spearheading critical projects for senior leadership.
A member of Infragard, ISSA and ISACA, he serves as Executive Vice President for the Chicago chapters of the Association of Information Technology Professionals (AITP), Vice-Chair of the Project Management Institute (PMI) Executive Council as well as the boards of Society for Information Management (SIM) and Illinois Technology Foundation (ITF). He is an invited guest speaker at conferences and universities providing thought leadership on the state of cyber security, mitigating technology risk, executing compliance requirements and implementing project management best practices.
Report from the trenches - Lessons learned from incident response
There is a lot to be learned by studying malware and hacker techniques. From DNS reflection attacks to fake Google Play Store app reviews, motives and methods vary wildly depending on the attacker. This presentation will center around real (anonymized) attacks investigated by illumination.io to demonstrate hacker techniques and potential defenses.
Joseph Granneman developed a passion and expertise in information security during his 20 years of experience as a CIO, CTO and CSO of hospitals and clinics in the Chicago region. It was then when he began to notice the severe security flaws present in the healthcare technology he was supposed to be implementing. He just couldn’t stand by and watch patients risk identity theft or even bodily harm due to the inadequate security that he was discovering in applications and medical equipment.
He became an active independent author and speaker in the health care information technology and information security fields publishing hundreds of articles for many different magazines and online publications. He also became active in several security standards groups, including those developing the early security frameworks for Health Information Exchanges in Illinois and information security standards for Meaningful Use certification of Electronic Medical Records.
Ethical Issues in eDiscovery
Attorney and National Sales, Director of Business Development
The presentation focuses on why corporate legal and IT departments need to better understand electronic discovery and the unique issues it presents for a corporation in litigation and investigations. The presentation reviews the relevant Federal Rules of Civil Procedure, the ABA Model Rules of Professional Conduct, case law, and covers such topics as:
- What is eDiscovery?
- Why do counsel and IT need to better understand it?
- Effective representation/competency
- Accuracy of discovery certifications
- Duty of candor
- Unauthorized practice of law
- Duty to supervise non-attorneys
- Protection of attorney-client privilege
- Data mining
Adam Bottner is an attorney and director of business development for DTI. Bottner works with clients to scope and implement workflow solutions for a wide range of eDiscovery projects, including SEC and DOJ investigations and complex civil litigation matters. Bottner is a frequent author and speaker at continuing legal education programs, including programs relating to eDiscovery management and litigation readiness. Bottner chairs the Chicago Bar Association's Cyber Law & Data Privacy Committee and is also an adjunct professor at IIT Chicago-Kent College of Law, where he is currently teaching an electronic discovery class- eDiscovery 495.
Network Steganography Techniques
Manuel Martínez Arizmendi, Osama Al Ramahi, Robert Waziak Jr
Steganography is the science and art of encoding secret messages in seemingly innocuous images or other media serving as communication channel in a manner that the message is known only to the sender and the intended recipient (Ami; Berg). It differs from the earlier encryption method of cryptography mainly by way of how it goes beyond the former's focus on protecting a message's content by both protecting and hiding the message as well as the communicating parties (Ami). Key to the encryption in cryptography and stenography is the use of algorithms. The early algorithms developed to aid cryptographic encryption soon failed in the task of securing communication as the existence of secret messages could be unravelled by attackers who began to delete part of the cypher text (Ami). In steganography, different algorithms have been developed in the bid to keep ahead of attackers and improve the security of hidden digital messages (Berg, et al.).
MP4 Video Setganography
Alfredo Fernandez & Anthony Ramirez
The MP4 files has become to most used video media file available, and will mostly likely remain at the top for a long time to come. This makes MP4 files an interesting candidate for steganography. With its size and structure, it offers a challenge to stego-developers. While some attempts have been made to create the “perfect” stego-file, few are as successful as Martin Fiedler’s TCSteg. TCSteg allows users to hide a TrueCrypt hidden volume in an MP4 file. The structure of the file makes it difficult to identify that a volume exists. In our analysis of TCSteg, we will show how Fielder’s code works and how we may be able to detect the existence of steganography. We will then implement these methods for future steganography analysis’s use. We will also show that TCStego works successfully with the TrueCrypt fork, VeraCrypt.
Gentiana Desipojci, Adrijan Seferi, Michael Theis
MP3 files have been used for a long time as they provide an efficient way of storing and transmitting audio data that can be rendered with almost CD quality. They are widely used because of these features. While there has been a lot of work in using images as steganography medium, steganography in the MP3 files has been less explored. This paper will describe the techniques of inserting covert data into an encoded MP3 main data portion, which is the part of MP3 file where the audio data is actually stored. It will also describe the steganalysis involved in recovering the hidden information.
F5 JPEG Steganography
Yike Dai, Jean-Claude Rock, Deepu Kumar, John Siergiej
As steganography aims for low possibility of detection instead of robustness in data hiding and algorithms that have been developed to address this goal for JPEG image file carriers began with JSTEG Algorithm. However statistical analysis made JSTEG detectable. An improved algorithm called F3 increased the difficulty of detection; however it too succumbed to more advanced statistical analysis. The latest algorithm, named F5 has shown itself to be difficult to detect. This presentation will discuss the evolution of JPEG steganography, provide examples, and investigate the details of detecting covert information using F5.
Virtual Honeypot Fingerprinting
Victor Gomes, Christopher Hernandez, Kayode Omojola, David Schluchter
Scanners such as nmap and nessus are increasingly able to differentiate between real computers and honeypots. In this paper, KFSensor and Honeyd, two widely-used low-interaction honeypots, are deployed to simulate FTP and HTTP servers in an isolated, virtual environment. This environment is populated with legitimate virtual machines running actual services to both hide the honeypots and to provide a control baseline for analysis. Both honeypots were identified using commonly available network scanning and vulnerability analysis tools. Both honeypots are evaluated and compared along with a discussion of high interaction honeypots.
Thibaut Granger, Justin Poirier, Melanie Thompson
With the increasing use of full encryption on computers and mobile devices, the need for acquisition and analysis of dynamic RAM memory is becoming more and more important. This paper provides insight into the latest RAM Forensic acquisition and analysis tools. We will compare the acquisition tools WinPmem, Memoryze, and FTK Imager, and the analysis tools Mandiant Redline, Volatility, and Rekall. Based on a series of comparisons we will merits if the tools. The presentation will include demonstrations that illustrate our findings. Further work will include the implementation of a forensic analysis system.