Carnegie Mellon University

October 24, 2016 - Rangos 3

October is National Cyber Security Awareness Month, and this year’s theme is “Our Shared Responsibility”.   ISO is hosting a free mini-conference for faculty, staff and students on October 24, 2016 from 9:00 until 1:30 in Rangos 3. The morning session (9-11:30) is geared towards faculty and staff and begins with an opening by our VP of Operations, Dr Rodney McClendon and continues with emerging cyber threats, business continuity and disaster recovering planning, strengthening authentication, and improving password management with password managers.  The afternoon session (12-1:30) is geared towards students and includes discussion on careers in Cyber Security and securing Google Apps for Education.

Thank you to everyone who attended!  The slides are now available.



Welcome and Opening Remarks

Mary Ann Blair, Director, Information Security

Rodney McClendon, Vice President of Operations


Emerging Cyber Threats

Mary Ann Blair, Director of Information Security


Introduction to Business Continuity and Disaster Recovery Planning

Melanie Lucht, Sr. Manager DR/BC Services


Coming Attractions: Strengthening Authentication with 2FA

Debbie Schill, Assistant Director, Identity Services


Herding Cats: Improving Password Management

Laura Raderman, Policy and Compliance Coordinator


Q/A & Closing Remarks

Mary Ann Blair, Director of Information Security


Welcome Students: Pizza is Served


Cyburgh: Careers in Cyber Security

Summer Fowler, Technical Director

Security Professionals from the ISO and CERT


Google Apps for Education: Gmail Security Tools

Ted Pham, Manager, Security Engineering


Q/A & Closing Remarks

Mary Ann Blair, Director of Information Security

Session Details

Emerging Cyber Threats

Cyber threats are continually evolving.  Regular review and discussion of trending threats and threat actors, local susceptibility to those threats, and emerging threat mitigation strategies will prepare us all to keep the odds in our favor.

A number of threats warrant particular attention because they threaten university business in new ways and combatting them effectively requires changes in prevention, detection, and response strategies:  Advanced Persistent Threat (APT), Ransomware, and Spear Phishing.   

Introduction to Business Continuity and Disaster Recovery Planning

The presence of disasters, the havoc and disruption that is wreaked from them, and how we manage to recover from them is a topic that is ever present in the today’s society.  However, it doesn’t always take a hurricane or an earthquake to feel the impact of a disaster or disruptive event. Sometimes it can be something as simple as a car colliding with a power pole that causes a power outage for several hours.  While we can’t always prevent disruptive events from occurring, we do have the power to be proactive and create plans as to how we would continue to function despite the event.

For nearly four years, Disaster Recovery and Business Continuity Services has been rolling out a Business Continuity program throughout the Administration.  This program is helping departments to develop, maintain, and exercise Plans that would enable them to continue to provide critical services in the event they should experience a disruptive event.  Learn more about the Business Continuity Program, and how we are building a network of resiliency, one department at a time. 

Coming Attractions: Strengthening Authentication with 2FA

Currently, ID and password pair is the sole means of authenticating access to email and file storage, enterprise business, library subscriptions, licensed software downloads, and other resources.  Unfortunately, IDs and passwords are vulnerable to attack and disclosure through phishing, other forms of social engineering, and other types of attacks.  The risk posed by the significant growth in successful phishing attacks can be mitigated by strengthening authentication. In this talk, you learn more about the case for 2-factor authentication (2FA), Computing Services’ Duo 2FA service, current production uses and future plans.

Herding Cats:  Improving Password Management

Does managing the myriad accounts and passwords you use in your daily life feel like herding cats?   Are you tired of remembering all those complex passwords - especially if you are forced to change them frequently?   Are you tempted to write them down on a sticky note on your monitor or under your keyboard?  Are you tempted to reuse them across accounts?   Stop!  There’s an easier way.    Password Managers can be a secure way to remember one, strong password to unlock most if not all of your on-line world.  Come see what they are all about.

Cyburgh:  Careers in Cyber Security

Did you know that cyber security is one of the fastest growing careers?  Did you know there is a critical shortage of cyber security professionals?  The field of cyber security is diverse, spanning all sorts of backgrounds and skill sets.   Join Carnegie Mellon's Career Center, Information Security Office, and SEI/CERT to learn more about this important, dynamic, creative, and lucrative field and how it might be a good fit for you.

Gmail Security Tools for Personal and/or Google Apps for Education Users

Gmail security tools enable proactive checks for account compromise and/or recovery from a compromised account via two features, Google Security Checkup and "Sign out all other sessions".  Given the significant rise in sophisticated phishing campaigns, knowing how to monitor your account for signs of compromise and how to effectively evict an intruder can help you keep your account active and avoid adverse impacts.  These tools will be demonstrated and explained in light of recent security incidents.