PROGRAM
Perspectives on Security in Computing - Implications for IS Curriculum and Research
A pre-ICIS Symposium on Sunday December 11, 2005 11am-6:30pm
at the Venetian Hotel, Las Vegas
Post-Symposium update: 12/12/2005 - some slides posted
| Goal of the Symposium: | 
|
|
Speakers and panelists from Industry, Government and Universities are asked to define and describe their perspectives
on security in computing problems facing their enterprises and institutions. They will also talk about what the IS
education community can do to help alleviate these problems. Academic participants will be asked to reflect on whether
these problems are being or need to be addressed in their curriculum and research. We hope that this discussion will
lead to more alignment between the expectations of practitioners and employers and the IS academic community and
generate new ideas for research and curriculum development.
|
| Registration and Attendance Grants: |
|
|
Pre-registration to attend this sponsored Symposium is required due to limited space availability. Prospective attendees
are asked to fill in the Registration Request Form and the Symposium Organizing Committee
will screen the requests based on level of interest and potential for contribution to the goal of the symposium.
Accepted attendees have been notified.
|
| Keynote Address: |
|
| Cyber Security and the "NEW" enterprise - Howard Schmidt
|
| Cyber security used to be more about firewalls and anti-virus protection in enterprises.
Now that we have broadband into the homes, mobile devices and a class of remote workers has changed what it means to have enterprise security. The IT professional, end user and even home users now have to worry about Cyber security. Howard will talk about the threats AND how to protect from them.
|
| Microsoft Address:
|
|
| Security Progress at Microsoft - David Ladd
|
| This talk will focus on the history of the security initiative at MS following the widely publicized Bill Gates memo - along with a progress update on the current TWC initiative, including an overview of the SDL methodology. There will also be a discussion of Microsoft's work on security education outreach, including the DHS/NSA Centers of Excellence, and other initiatives to foster the production of secure software.
|
| Reading Material |
|
Attendees are encouraged to read the following materials prior to the Symposium:
[1]  The White House, February, 2003.
This document provides a good foundation of discussion of security in computing. In particular the following diagram from the document is a very useful way of categorizing the different level
of actors, and their roles and responsibilities in securing cybersecurity.
[2]  Ernst & Young, 2005.
The survey reported that a widening gap between the growing risks and what information security is actully doing to addrees them is clearly evident in the following
areas. E&Y also identified actions that could close the gap.
- The paradox of compliance
{ Seize the opportunity that compliance offers to promote information security as an integral part of the business.}
- Growing global interdependency
{ Increase the value of working with third parties, particularly in co-sourcing or outsourcing arrangements.}
- Business demands pushing the adoption of emerging rechnologies
{ Take measures that enable business to be conducted more securely with emerging technologies.}
- Organizational alignment and delivery.
{ Put into place parctices to more closely align information security with the organization.}
|
| [3] Manson, D., Curl, S. "A Comparison of Academic and Government Information Security Curriculum Standards", Proceedings of ISECON, San Diego, CA, 2003.
|
David Bray, PhD Candidate, Emory University. david_bray@bus.emory.edu.
He has served as the IT Chief of the Bioterrorism Preparedness and Response Program at the Centers for Disease Control and Prevention (CDC). David led the technology aspects of the Bioterrorism Program during the response to 9/11, the anthrax events of 2001, West Nile Virus, SARS and monkeypox in 2003, influenza, and other major outbreaks. He received the CDC Director’s Award for Information Services in 2004 and was promoted to Associate Director of Informatics. David received a BSCI in both Computer Science and Biology from Emory University, and subsequently received a MSPH in Informatics from the Rollins School of Public Health. He is pursuing a PhD in Information Systems at the Goizueta Business School, focused on improving knowledge management within and across government agencies, particularly involving the areas of national security and public health.
Prior to the CDC, David worked as an application developer with both Yahoo! and a Microsoft Solutions Partner in Atlanta, GA. He also has served as a project manager and senior applications developer at the Institute for Defense Analyses, National Institutes of Health, Walter Reed Army Medical Center, and the Continuous Electron Beam Accelerator Facility. During his downtime, David volunteers with Habitat for Humanity International as a crew leader and EMT, and has worked in South Africa, the Philippines, Honduras, Romania, Nepal, Ghana, South Korea, and Kyrgyzstan. At age 5, David wanted to work for the CIA and he is fond of cats.
|
Dr. Mary Culnan, Slade Professor of Management & IT, Management Department, Bentley College. mculnan@bentley.edu.
Her current research interests include information privacy, online communities, and critical infrastructure protection related to information security on home PC’s. Her research has been published in a number of academic journals including Management Science, the MIS Quarterly, Organization Science, the Journal of Public Policy and Marketing, and the Journal of Interactive Marketing. Professor Culnan has testified before the U.S. Congress, the Massachusetts Senate and House and other government agencies on a range of privacy issues. In 1997, she served as a Commissioner on the President's Commission on Critical Infrastructure Protection. She is also the author of the 1999 Georgetown Internet Privacy Policy Survey which the Federal Trade Commission used to make recommendations to Congress, and she served on the FTC’s Advisory Committee on Access and Security. Currently she serves as a member of the GAO’s Executive Committee on Information Technology and Management. Before joining the faculty at Bentley in fall 2000, she held faculty positions at the University of Virginia, University of California, Berkeley, the American University and Georgetown University. She holds a Ph.D. in Management from UCLA.
In 2004, she moderated a forum on Securing the Weak Link in Cyperspace at Bentley College.
|
Dr. Kurt Fenstermacher. Assistant professor in Management Information Systems and Computer Science (by courtesy) at the University of Arizona. kurtf@eller.arizona.edu.
He builds adaptive systems to aid in managing knowledge and works to develop systems and institutions that balance national security with individual privacy. He currently teaches classes in artificial intelligence, software design, and security and privacy. When he can find the time, he likes to bike all the way around his hometown of Tucson, Arizona. His e-mail address is kurtf@eller.arizona.edu; you can reach him by phone at (520) 621-4016.
|
Dr. Bradley K. Jensen, Academic Relations Manager, Microsoft Corporation. bjensen@microsoft.com.
He received his Ph.D. in Business Computer Information Systems from the University of North Texas (UNT), with majors in Business Computer Information Systems and Computer Science. He is a Microsoft Corporation Academic Relationship Manager responsible for Texas, Oklahoma, Arkansas, and Louisiana. Prior to Microsoft, he was an Assistant Professor in Information Technology and Decision Sciences and Assistant Director of the Information Systems Research Center at UNT, and was also President of JMC Consulting Services, an executive management consulting firm which provides strategic and tactical IT consulting services. His research interests include privacy and security, networking, human factors, e-commerce, and document management. Dr. Jensen has been an executive and consultant with more than 20 years of sales, marketing, and IT experience with several Fortune 100 companies.
|
Dr. Roy D. Johnson, Associate Professor, Computer Information Systems department, Robinson School
of Business, Georgia State University; AIS VP of Education. roy@gsu.com.
He received a BS and MA from the Appalachian State University and a Ph.D. in Anatomy, Art and Dance from the University of Oregon. He did Post Doctoral work in MIS at the University of Minnesota and Indiana University. He has been recognized nationally and internationally for his work as a Master Teacher and Mentor. Current teaching and research interests are in Systems Analysis, Project Management, and Knowledge Transfer.
|
Dr. Stephen K. Kwan, Chair, MIS department, College of Business, San José State University.
kwan@sjsu.edu.
He received a BSc and MSc in Computer Science from the University of Oregon and a Ph.D. in Management from UCLA. His current reseach interests
are in * enterprise adoption policy of free and open source software, * economic model of enterprise knowledge management, and * the development of open standards in emerging economies.
|
David Ladd, Microsoft Research, Redmond, Washington. daveladd@microsoft.com
He is the Group Program Manager of External Research Programs in Trustworthy Computing at Microsoft Research.
David has worked at Microsoft Corporation for 15 years in a variety of technical and management roles. He is responsible for maintaining the research relationships between Microsoft Research and a number of the Top 30 research universities in the U.S. and worldwide. He also has responsibility for maintaining the research relationships between Microsoft Research and various agencies within the federal government including the DoD, Department of Energy, NSF and DARPA.
He has been in his current role focusing on the expansion of Trustworthy Computing research and education since 1997. His research interests include usability and security, multi-disciplinary approaches to problem-solving in Trustworthy Computing research, and the challenges posed by asynchronous advances in technology and policy. David is the co-founder of the Microsoft Trustworthy Computing Academic Advisory Board, an advisory group created to expand the technical and policy discourse between Microsoft and the academic security research community. He serves on a number of external advisory boards and committees, is an associate editor of IEEE Security and Privacy magazine, and is a member of ACM, IEEE and USENIX.
|
Kevin W. Moncreif BBA, MA. Ernst & Young LLP, partner, Security and Technology Solutions, West Coast Leader. Kevin.Moncrief@ey.com.
His areas of expertise include information technology consulting and services. Mr. Moncrief has consulted with major corporate clients in the use of advanced technologies for business applications. He has directed all phases of systems development, software package implementation, and integration projects from requirements analysis, design, development and implementation. He has over twenty five years of experience assisting clients with the selection of information systems technology and application solutions in the pharmaceutical, medical device, and chemical industries.
Over the course of the past 10 years, has specifically focused on Customer Relationship Management (CRM) is has implemented more than 15,000 end user seats of sales force automation, call center, and clinical trials seats worldwide. Speaker at various e-business-related events and quoted in several e-business journals. Has designed and delivered some of the most broad based, complex and heavily used systems.
Concurrently pursuing his PhD at Claremont Graduate University. His research is on the BioPharma industry and the adoption/effectiveness of ERP II (includes Enterprise Resource Management, Supply Chain Management and CRM).
|
Dr. Corey Schou, University Professor of Informatics,
Professor of Information Systems, Associate Dean, College of Business, Idaho State University. schou@cob.isu.edu.
Dr. Schou is the director of the National Information Assurance Training and Education Center (NIATEC) and the Simplot Decision Support Center (SDSC). These are two key components of the Informatics Research Institute.
Under his leadership, the Information Systems program was designated the National Center of Excellence in Information Assurance Education. His research and publication interests include information security and privacy, ethics, collaborative decision making, the impact of technology on organization structure, and the application of technology to managerial decision making. His work has resulted in over 200 monographs, books articles and formal presentations.
He currently serves as the Chair of the Colloquium for Information Systems Security Education (NCISSE). The Colloquium creates an environment for exchange and dialog among leaders in government, industry and academia concerning the need for and utility of information security and information assurance education.
He also serves as the editor of two journals and is the Information Assurance Series editor for a major publisher.
|
Howard A. Schmidt CISSP, CISM. President & CEO R & H Security Consulting LLC. howard@schmidt.org.
Howard has had a long
distinguished career in defense, law enforcement and corporate security
spanning almost 40 years. He has served as Vice President and Chief Information
Security Officer and Chief Security Strategist for online auction giant eBay. He
most recently served in the position of Chief Security Strategist for the US
CERT Partners Program for the National Cyber Security Division, Department of
Homeland Security.
He retired from the White House after 31
years of public service in local and federal government. He was appointed by
President Bush as the Vice Chair of the President’s Critical Infrastructure
Protection Board and as the Special Adviser for Cyberspace Security for the
White House in December 2001. He assumed the role as the Chair in January 2003
until his retirement in May 2003.
Prior to the White House, Howard was chief
security officer for Microsoft Corp., where his duties included CISO, CSO and forming
and directing the Trustworthy Computing Security Strategies Group.
|
Dr. Mark Weiser, Associate Professor of Telecommunications and Information Technology and Fleming Professor of Technology Management, School of Business, Oklahoma State University. weiser@okstate.edu.
He is the Director of Oklahoma State University’s Center for Telecommunications and Network Security (CTANS) and Director of the Master of Science in Telecommunications Management (MSTM) Program. Weiser teaches Telecommunications Systems, Information Assurance, Digital Forensics, and hands-on Telecommunications and Networking laboratory classes. He has published in the Journal of Management Information, Communications of the ACM and other leading journals, focusing on the areas of upper-layer network protocols and technology-supported teaching.
CTANS was created to serve as the focal point for research, teaching, and outreach at OSU. In the past year, CTANS faculty have garnered research funding from DoD, NSA, AFOSR, and NSF, as well as multiple private contracts. The work spans from secure wireless communications, to trust mechanisms, to detecting deception in written documents. Under Weiser’s leadership, the graduate and undergraduate Information Assurance and Forensics curricula were developed and have grown into popular offerings, such as a Graduate Certificate, multiple Options, and an undergraduate minor. OSU is the only public institution in Oklahoma that holds the designation of Center of Academic Excellence in Information Assurance.
| | | | | | | | | | | |
Natioanl Security Agency, The National Centers of Academic Excellence in Information Assurance Education (CAEIAE) Program - Institutions.
The following is from Mark Weiser:
Regarding National Centers for Academic Excellence (CAE): NSTISSI was renamed The Committee on National Security Systems (CNSS) a
couple years ago. The "Committee on National Security Systems" creates
five standards for training in Information Assurance. The NSA administers the program that
authorizes organizations to certify under each of these standards. A
pre-requisite for being a CAE is to be qualified under CNSS 4011 and at
least one of the other four standards (Oklahome State University is qualified under all five).
The CNSS standards are:
4011) Information Systems Security Professionals
4012) Designated Approving Authority
4013) System Administration in Information Systems Security
4014) Information Systems Security Officers
4015) Systems Certifiers
The 4016 standard (Risk Analyst) is in draft form and has been awaiting
final signature for almost five months.
Additional details can be found at
http://www.nsa.gov/ia/academia/cnsstesstandards.cfm.
Carneige Mellon University
Software Engineeing Institure.
The Computer Emergency Response Team Coordination Center (CERT).
Principles of Survivability and Information Assurance.
For more info, email: sia-curriculum@sei.cmu.edu with "RFI - SIA Curriculum in the subject line.
TRUST, Team for Research in Ubiquitous Secure Technology - Institutions: Carneige Mellon University, University of California Berkeley, Mills College, Stanford University, San José State University, Smith College, Vanderbilt University, Cornell University.
|
| EDUCAUSE - Executive Security Awareness. Some tips for educators can also be found at: National Cyber Security Alliance.
| | | | | | |
| Thomas L. Case, Georgia Southern University. tcase@georgiasouthern.edu.
|
| Willing to share syllabus of: CISM 5131 Fundamentals of Computer Security and CISM 4631 Enterprise Security.
| and for CISM 7337 Enterprise Security Management (MBS IS concentration):
Reviews concepts, theory, methodologies and techniques discussed in IS security literature and practice. Includes: information systems security management, risk analysis and management, physical and logical security, database and telecommunications security, continuity planning, computer abuse, internet and electronic commerce, legal and social issues.
| Minder Chen, George Mason University. mchen@gmu.edu.
|
| http://gunston.doit.gmu.edu/ecommerce/policy/references.htm
| http://gunston.doit.gmu.edu/ecommerce/policy/doc/SecurityPolicy.ppt
| Siew Chan, Western Michigan University. Siew.Chan@wmich.edu.
|
| "An exploratory study on system security and hacker hiring", Review of Business Information Systems, 2004.
| "An empirical investigation of hacking behavior", Review of Business Information Systems, 2005 .
Fariborz Farahmand, Purdue University. fariborz@purdue.edu.
| Chairing ICIS session on "Security and Assurance: Economic Issues and Security", 2:00pm-3:30pm, Tuesday Dec. 13, in Room 506/507.
| Alok Gupta, Carlson School of Management, University of Minnisota. agupta@csom.umn.edu.
|
| Undergraduate Course: IDSC 4490 - Network Security and Data Integrity.
| Stephen C. Hayne, Colorado State University. stephen.hayne@colostate.edu.
|
| Course Syllabus: Advanced Networks and Security.
| Anat Hovav, Korea University Business School. Anat098@yahoo.com, anatzh@korea.ac.kr.
|
| "Economic and Risk Assessment of IS Security", presented on a Panel at AMCIS 2005.
| Associate Editor for the Journal of Information Systems Security
| Associate Editor for the ICIS mini-track on Information Security
| Patrick C. K. Hung, Faculty of Business and Information Technology, University of Ontario Institute of Technology. patrick.hung@uoit.ca.
|
| Undergraduate Program: Bachelor of Information Technology (Honours) - Information Technology Security.
Security Research Group: METIS.
Upcoming Event: Fourth Annual Conference on Privacy, Security and Trust.
| Dan J. Kim, Michigan State University. dankim@msu.edu.
|
| Willing to share experience in research, teaching and work with the MSU CyberSecurity Workshop committee: http://www.msu.edu/~dankim.
| Zhangxi Lin,Texas Tech University. Zhangxi.lin@ttu.edu.
|
| Resource Page for Teaching.
Dinesh Mirchandani, University of Missouri, St. Louis. mirchandanid@umsl.edu.
| "Reducing Internet Abuse in the Workplace", Dinesh Mirchandani and Jaideep Motwani,
in S.A.M. Advanced Management Journal, 68(1), pp. 22-27, 2003.
| "A Comparative Analysis of Managerial and User Perspectives on Internet Abuse in the Workplace", Dinesh Mirchandani, Working Paper.
| H. Raghav RaoState University of New York. mgmtrao@buffalo.edu.
|
| CEISARE Center of Excellence in Information Systems Assurance Research and Education.
| Call for chapters: Managing Information Assurance in Financial Services.
| Paul Safonov, St. Cloud State University. Safonov@stcloudstate.edu.
|
| D. Guster, D. Podkorytov, P. Safonov, and A. Rudenko. "Development of an Enhanced Security Strategy for Linux Hosts".
D. Guster, D. Podkorytov, P. Safonov, and C. Hall. "Business Computer Information Systems Security against Hacking Attacks: Application of Distributed Processing and Software Modifiers in Defense of Password Files".
P. Safonov, D. Guster, D. Podkorytov, and R. Sultanov. "The Impact of Processor Type on the Performance of Distributed Password Breaking Routines".
D. Guster, D. Podkorytov, P. Safonov, and C. Hall. "Using Distributed Processing to Check for Vulnerabilities in Password files".
D. Guster, A. Al-Hamamah, and P. Safonov, "Building a Computer Network Security Plan: Analysis of Network Security Log Information".
| Ramesh Subramanian, Quinnipiac University. Ramesh.Subramanian@quinnipiac.edu
|
| Course Syllabus: CIS650 - Information Systems Security
| Jingguo Wang, State University of New York At Buffalo. wang7@buffalo.edu.
|
| Wang, J., A. Chaudhury, R. Rao. 2005. "An Extreme Value Approach to Information Technology Security Investment." In the proceeding of the International Conference on Information Systems (ICIS), Las Vegas, December 11-14.
| Steven Walczak, University of Colorado at Denver and Health Sciences Center. swalczak@carbon.cudenver.edu.
|
| Graduate Course: ISMG 6430 (Information Systems Security and Privacy)
.
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
|
