09 Saturday Apr 2016
Posted in Security Education/Conferences/Events
≈ Comments Off on *iHub Research, m:lab, and UX Lab Visit
During the week of 28 March 2016 a visit was made to the iHub in Nairobi, Kenya. The iHub serves as a catalyst for the growth of the Kenyan tech community by connecting people, supporting startups, and surfacing information. View more information at http://www.ihub.co.ke/
View the iHub on The Ideal Space at https://www.youtube.com/watch?v=XuEr2Px4h-E
08 Friday Apr 2016
Posted in Security Education/Conferences/Events
≈ Comments Off on C4DLab Visit at University of Nairobi
During the week of 28 March 2016 a visit was made to the C4DLab at the University of Nairobi. Dr. Dawson will be a speaker at Nairobi Innovation Week in 2017. The forthcoming partnership with University of Nairobi will allow for UMSL students to gain insight into the Information Technology (IT) market in East Africa’s second largest city. UMSL’s cyber security department will assist in laying down the foundation for a national cyber security education standard. This will done in cooperation with UMSL’s cyber security partnerships.
05 Tuesday Apr 2016
Posted in Security Education/Conferences/Events, Uncategorized
≈ Comments Off on THREAT INTELLIGENCE WEBINAR
National CyberWatch has partnered with Threat.Connect to bring you an overview of Threat Intelligence. The webinar will cover what Threat Intelligence is, FREE faculty resources available, and how faculty can easily integrate these resources into their courses.
21 Monday Mar 2016
Posted in Uncategorized
≈ Comments Off on Security Software Supply Chain: Is What You See What You Get?
2-Hour live event Tuesday, March 22, 2016
Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London
Click here to Register!
Overview:
Software is the foundation of our computer eco-system and, just like in the real world, it doesn’t take a lot to upset them. In the non-cyber world, it has been often said ‘We are what we eat’. In the Cyber world this is still true–especially when we consider an organizations inclusion (or consumption) of software. When we buy products and include them in our infrastructure, we perform acceptance testing, in order to make sure they work and have no known vulnerabilities. Unfortunately we don’t know what components are in the products. We also don’t know if the product was built entirely by the software provider or did they use components from somewhere else.
This session will cover issues with software supply chain and development operations. It will cover the basics, including the current state of software supply chain analysis, and attempt to provide pointers on how to figure out what is in a supply chain and what the information can be used for.
For the past 25 years, Mark Kadrich has worked in the security community, building knowledge, and contributing solutions. Most recently, Mr. Kadrich has been working with his colleagues at Emagined Security filling positions as a CISO and a PCI compliance architect. He is responsible for crafting new policy and procedures regarding installation, use, testing, and compliance for both a health information exchange and a large and diverse retail service enterprise. Recently, Mark architected large crypto services environments and secure network environments. He holds degrees in Management Information Systems, Computer Engineering and Electrical Engineering.
Speakers
Michael F. Angelo
CRISC, CISSP
Michael is well known in the security community with his work designing, developing, implementing and deploying security products and architectures for multi-national corporate environments. His work includes participating, driving, and creating security standards, working on corporate policies, national and international legislation, multi-national regulatory issues, and participation in numerous international and national advisory councils. He has been a featured speaker at numerous national and international security conferences including RSA, ISSA, and InfoSec. He has also participated on the RSA national program committee. Currently, he chairs the ISSA International Webinar Committee and is a technology contributor to the U.S. Department of Commerce Information Systems Technical Advisory Council. Michael currently holds 53 U.S. patents, is a former Sigma-Xi distinguished lecturer and is the recipient of the Trusted Computing Platform Alliance (TCPA) lifetime achievement award. In 2011 he was recognized by ISSA as the Security Professional of the Year and in 2013 he was named to the ISSA Hall of Fame.
Jonathan Knudsen
Cybersecurity Engineer, Synopsys
At Synopsys, Jonathan enjoys breaking software and teaching how to make software better. Jonathan is the author of books about 2D graphics, cryptography, mobile application development, Lego robots, and pregnancy. He lives in Raleigh, North Carolina.
Derek E. Weeks
VP and Rugged DevOps Advocate, Sonatype
In 2015, Derek led the largest and most comprehensive analysis of software supply chain practices to date across 106,000 development organizations. His research detailed the consumption of billions of open source and third-party software components while also shedding new light on the scale of known vulnerable software being ingested by development organizations worldwide. Derek is a huge advocate of applying proven supply chain management principles into development and application security practices to improve efficiencies, reduce security risks, and sustain long-lasting competitive advantages. He currently serves as vice president and Rugged DevOps advocate at Sonatype. Derek is a distinguished international speaker, having delivered his research at AppSec USA, InfoSec Europe, LASCON, HP Protect, Air Force Cyber Security Forum, and numerous OWASP meet-ups.
Henrik Plate
Senior Security Researcher, SAP SE
Henrik Plate works as a Senior Researcher in the Product Security Research group within SAP since 2007. During this time, he was coordinator and scientific lead of the European FP7 research project PoSecCo, built up an SAP-wide security training for application developers and performed security assessments of SAP applications. Currently, he researches new approaches and tooling for ensuring a secure consumption of third party components in the software supply chain. Before joining the SAP research group, Plate held different positions as a software engineer, and studied computer science and business administration at the University of Mannheim. He holds a diploma from the University of Mannheim and is a CISSP.
21 Monday Mar 2016
Posted in Uncategorized
≈ Comments Off on These Are the Data Centers Where Cybercriminals Hide
An excellent article was written by Lorenzo Franceschi-Bicchierai on how hackers, criminals, and hacktivists store their information and whom they go to for web hosting.
See full article at http://motherboard.vice.com/read/the-data-centers-where-cybercriminals-hide-symantec-data-havens-documentary?trk_source=recommended or read on LinkedIn at https://www.linkedin.com/pulse/most-dangerous-town-internet-where-cybercrime-goes-hide-dawson?published=t
20 Sunday Mar 2016
Posted in Student Projects
≈ Comments Off on Cryptography Domain – Steghide Application
Students in the Advanced Cyber Security Concepts course had to perform a number of activities that displayed their ability to master the cryptography domain. This included performing basic stenography encryption. The graduate student selected Steghide application to perform this task. In the figure below you can see the student’s encrypted photo and the command line commands used to decrypt it. See Steghide documentation and steps at http://steghide.sourceforge.net/documentation.php
Figure 1: Google Hangout Steghide Demonstration
19 Saturday Mar 2016
Posted in Uncategorized
≈ Comments Off on The Case For Ubuntu: Linux Operating System Performance and Usability for Use in Higher Education in a Virtualized Environment
The Case for UBUNTU Linux Operating System Performance and Usability for Use in Higher Education in a Virtualized Environment
Maurice Dawson, University of Missouri-St. Louis
Brittany DeWalt, Alabama A&M University
Simon Cleveland, Nova Southeastern University
Abstract
The use of Linux based Operating Systems (OS) in the classroom is increasing, but there is little research to address usability differences between Windows and Linux based OSs. Moreover, studies related to the ability for students to navigate effectively between Ubuntu 14.04 Long Term Support (LTS) and Windows 8 OSs are scant. This research aims to bridge the gap between modern Linux and Windows Oss, as the former represents a viable alternative to eliminate licensing costs for educational institutions. Preliminary findings, based on the analysis of the System Usability Scale results from a sample of 14 students, demonstrated that Ubuntu users did not require technical support to use the system, while the majority found little inconsistency in the system and regarded it as well integrated.
Recommended Citation
Dawson, Maurice; DeWalt, Brittany; and Cleveland, Simon, “The Case for UBUNTU Linux Operating System Performance and Usability for Use in Higher Education in a Virtualized Environment” (2016). SAIS 2016 Proceedings. Paper 23.
http://aisel.aisnet.org/sais2016/23
View presentation at
Proceeding will be published https://aisnet.org/.
Download or view paper here by clicking the following The_Case_for_UBUNTU_Linux_Operating_Syst.
17 Thursday Mar 2016
Posted in Uncategorized
≈ Comments Off on Book Chapter from CAE-CDE 4Y
Tags
As a region that is rapidly developing its technology base, Sub-Saharan Africa is experiencing many of the issues associated with the benefits of cyber technology as well as its many negative sides. This paper discusses mobile and internet technologies currently being utilized in Sub-Saharan Africa as well as some of the major cybersecurity concerns threatening networks in the region that are associated with the new economic growth on the African continent. Such topics will include a viable increased awareness of news, historical events, and recent gatherings of information on this main topic.
17 Thursday Mar 2016
Posted in Uncategorized
≈ Comments Off on “Webinar: President Obama’s National Cybersecurity Action Plan of 2016”
“President Obama’s National Cybersecurity Action Plan of 2016” webinar on March 24, 2016 at 2:00 pm eastern.
Sign up for free at http://www.eventbrite.com/e/webinar-president-obamas-national-cybersecurity-action-plan-of-2016-tickets-22499466510