• Home
  • UMSL Cybersecurity Home
  • Events

Blog: Cybersecurity Education @ UMSL

~ An interdisciplinary collaboration for developing Cybersecurity talent

Monthly Archives: March 2016

Security Software Supply Chain: Is What You See What You Get?

21 Monday Mar 2016

Posted by Maurice Dawson in Uncategorized

≈ Comments Off on Security Software Supply Chain: Is What You See What You Get?

Tags

Events, ISSA, secure software, supply chain, web conference

Share

Security Software Supply Chain: Is What You See What You Get?

2-Hour live event Tuesday, March 22, 2016
Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London

Click here to Register! 

Overview:

Software is the foundation of our computer eco-system and, just like in the real world, it doesn’t take a lot to upset them.  In the non-cyber world, it has been often said ‘We are what we eat’. In the Cyber world this is still true–especially when we consider an organizations inclusion (or consumption) of software. When we buy products and include them in our infrastructure, we perform acceptance testing, in order to make sure they work and have no known vulnerabilities. Unfortunately we don’t know what components are in the products. We also don’t know if the product was built entirely by the software provider or did they use components from somewhere else.

This session will cover issues with software supply chain and development operations. It will cover the basics, including the current state of software supply chain analysis, and attempt to provide pointers on how to figure out what is in a supply chain and what the information can be used for.

Moderator

Mark Kadrich
Chief Information Security & Privacy Officer, San Diego Health Connect

For the past 25 years, Mark Kadrich has worked in the security community, building knowledge, and contributing solutions. Most recently, Mr. Kadrich has been working with his colleagues at Emagined Security filling positions as a CISO and a PCI compliance architect. He is responsible for crafting new policy and procedures regarding installation, use, testing, and compliance for both a health information exchange and a large and diverse retail service enterprise. Recently, Mark architected large crypto services environments and secure network environments. He holds degrees in Management Information Systems, Computer Engineering and Electrical Engineering.

Speakers

Michael F. Angelo
CRISC, CISSP
Michael is well known in the security community with his work designing, developing, implementing and deploying security products and architectures for multi-national corporate environments. His work includes participating, driving, and creating security standards, working on corporate policies, national and international legislation, multi-national regulatory issues, and participation in numerous international and national advisory councils. He has been a featured speaker at numerous national and international security conferences including RSA, ISSA, and InfoSec. He has also participated on the RSA national program committee. Currently, he chairs the ISSA International Webinar Committee and is a technology contributor to the U.S. Department of Commerce Information Systems Technical Advisory Council. Michael currently holds 53 U.S. patents, is a former Sigma-Xi distinguished lecturer and is the recipient of the Trusted Computing Platform Alliance (TCPA) lifetime achievement award. In 2011 he was recognized by ISSA as the Security Professional of the Year and in 2013 he was named to the ISSA Hall of Fame.


Jonathan Knudsen
Cybersecurity Engineer, Synopsys
At Synopsys, Jonathan enjoys breaking software and teaching how to make software better. Jonathan is the author of books about 2D graphics, cryptography, mobile application development, Lego robots, and pregnancy. He lives in Raleigh, North Carolina.


Derek E. Weeks
VP and Rugged DevOps Advocate, Sonatype

In 2015, Derek led the largest and most comprehensive analysis of software supply chain practices to date across 106,000 development organizations.  His research detailed the consumption of billions of open source and third-party software components while also shedding new light on the scale of known vulnerable software being ingested by development organizations worldwide.  Derek is a huge advocate of applying proven supply chain management principles into development and application security practices to improve efficiencies, reduce security risks, and sustain long-lasting competitive advantages. He currently serves as vice president and Rugged DevOps advocate at Sonatype. Derek is a distinguished international speaker, having delivered his research at AppSec USA, InfoSec Europe, LASCON, HP Protect, Air Force Cyber Security Forum, and numerous OWASP meet-ups.

Henrik Plate
Senior Security Researcher, SAP SE

Henrik Plate works as a Senior Researcher in the Product Security Research group within SAP since 2007. During this time, he was coordinator and scientific lead of the European FP7 research project PoSecCo, built up an SAP-wide security training for application developers and performed security assessments of SAP applications. Currently, he researches new approaches and tooling for ensuring a secure consumption of third party components in the software supply chain. Before joining the SAP research group, Plate held different positions as a software engineer, and studied computer science and business administration at the University of Mannheim. He holds a diploma from the University of Mannheim and is a CISSP.

- Share/Bookmark -

These Are the Data Centers Where Cybercriminals Hide

21 Monday Mar 2016

Posted by Maurice Dawson in Uncategorized

≈ Comments Off on These Are the Data Centers Where Cybercriminals Hide

Tags

criminal, Cyber Security Awareness, data center

Share

An excellent article was written by Lorenzo Franceschi-Bicchierai on how hackers, criminals, and hacktivists store their information and whom they go to for web hosting.

See full article at http://motherboard.vice.com/read/the-data-centers-where-cybercriminals-hide-symantec-data-havens-documentary?trk_source=recommended or read on LinkedIn at https://www.linkedin.com/pulse/most-dangerous-town-internet-where-cybercrime-goes-hide-dawson?published=t

- Share/Bookmark -

Cryptography Domain – Steghide Application

20 Sunday Mar 2016

Posted by Maurice Dawson in Student Projects

≈ Comments Off on Cryptography Domain – Steghide Application

Tags

advanced concepts, cryptography, cyber security, steghide

Share

Students in the Advanced Cyber Security Concepts course had to perform a number of activities that displayed their ability to master the cryptography domain.  This included performing basic stenography encryption.  The graduate student selected Steghide application to perform this task.  In the figure below you can see the student’s encrypted photo and the command line commands used to decrypt it.  See Steghide documentation and steps at http://steghide.sourceforge.net/documentation.php

Screenshot from 2016-03-20 19:27:49

Figure 1: Google Hangout Steghide Demonstration

- Share/Bookmark -

The Case For Ubuntu: Linux Operating System Performance and Usability for Use in Higher Education in a Virtualized Environment

19 Saturday Mar 2016

Posted by Maurice Dawson in Uncategorized

≈ Comments Off on The Case For Ubuntu: Linux Operating System Performance and Usability for Use in Higher Education in a Virtualized Environment

Tags

information systems, Linux, operating system, Ubuntu

Share

The Case for UBUNTU Linux Operating System Performance and Usability for Use in Higher Education in a Virtualized Environment

Maurice Dawson, University of Missouri-St. Louis
Brittany DeWalt, Alabama A&M University
Simon Cleveland, Nova Southeastern University

Abstract
The use of Linux based Operating Systems (OS) in the classroom is increasing, but there is little research to address usability differences between Windows and Linux based OSs. Moreover, studies related to the ability for students to navigate effectively between Ubuntu 14.04 Long Term Support (LTS) and Windows 8 OSs are scant. This research aims to bridge the gap between modern Linux and Windows Oss, as the former represents a viable alternative to eliminate licensing costs for educational institutions. Preliminary findings, based on the analysis of the System Usability Scale results from a sample of 14 students, demonstrated that Ubuntu users did not require technical support to use the system, while the majority found little inconsistency in the system and regarded it as well integrated.

Recommended Citation
Dawson, Maurice; DeWalt, Brittany; and Cleveland, Simon, “The Case for UBUNTU Linux Operating System Performance and Usability for Use in Higher Education in a Virtualized Environment” (2016). SAIS 2016 Proceedings. Paper 23.
http://aisel.aisnet.org/sais2016/23

View presentation at

The Case for Ubuntu: Linux Operating System Performance and Usability for Use in Higher Education in a Virtualized Environment from Maurice Dawson

Proceeding will be published https://aisnet.org/.

Download or view paper here by clicking the following The_Case_for_UBUNTU_Linux_Operating_Syst.

- Share/Bookmark -

Book Chapter from CAE-CDE 4Y

17 Thursday Mar 2016

Posted by Maurice Dawson in Uncategorized

≈ Comments Off on Book Chapter from CAE-CDE 4Y

Tags

book chapter, cae, research

Share

Communication, Technology, and Cyber Crime in Sub-Saharan Africa

Dustin Bessette (National Graduate School of Quality Management, USA), Jane A. LeClair (National Cybersecurity Institute at Excelsior College, USA), Randall E. Sylvertooth (National Cybersecurity Institute at Excelsior College, USA) and Sharon L. Burton (Florida Institute of Technology, USA)

Abstract

As a region that is rapidly developing its technology base, Sub-Saharan Africa is experiencing many of the issues associated with the benefits of cyber technology as well as its many negative sides. This paper discusses mobile and internet technologies currently being utilized in Sub-Saharan Africa as well as some of the major cybersecurity concerns threatening networks in the region that are associated with the new economic growth on the African continent. Such topics will include a viable increased awareness of news, historical events, and recent gatherings of information on this main topic.

Bessette, D., LeClair, J. A., Sylvertooth, R. E., & Burton, S. L. (2015). Communication, Technology, and Cyber Crime in Sub-Saharan Africa. In M. Dawson, & M. Omar (Eds.)New Threats and Countermeasures in Digital Crime and Cyber Terrorism (pp. 286-297). Hershey, PA: Information Science Reference. doi:10.4018/978-1-4666-8345-7.ch016
View chapter at http://www.igi-global.com/chapter/communication-technology-and-cyber-crime-in-sub-saharan-africa/131409
- Share/Bookmark -

“Webinar: President Obama’s National Cybersecurity Action Plan of 2016”

17 Thursday Mar 2016

Posted by Maurice Dawson in Uncategorized

≈ Comments Off on “Webinar: President Obama’s National Cybersecurity Action Plan of 2016”

Tags

cyber security, Cyber Security Awareness, meeting, Obama

Share

Webinar: President Obama’s National Cybersecurity Action Plan of 2016

Organized by National Cybersecurity Institute

“President Obama’s National Cybersecurity Action Plan of 2016” webinar on March 24, 2016 at 2:00 pm eastern.

Sign up for free at http://www.eventbrite.com/e/webinar-president-obamas-national-cybersecurity-action-plan-of-2016-tickets-22499466510

- Share/Bookmark -

Good information security habits

15 Tuesday Mar 2016

Posted by Shaji Khan in Security Tips

≈ Comments Off on Good information security habits

Share

A start on good security habits compiled by US-CERT: https://www.us-cert.gov/ncas/tips/ST04-003

- Share/Bookmark -

Before you connect a new computer to the Internet

15 Tuesday Mar 2016

Posted by Shaji Khan in Security Tips

≈ Comments Off on Before you connect a new computer to the Internet

Share

A guide by US-Cert on simple things we can do before we connect a brand new machine to the Internet: https://www.us-cert.gov/ncas/tips/ST15-003

- Share/Bookmark -

Securing Home Networks

15 Tuesday Mar 2016

Posted by Shaji Khan in Security Tips

≈ Comments Off on Securing Home Networks

Share

A simple guide by US-CERT on securing home networks: https://www.us-cert.gov/ncas/tips/ST15-002

- Share/Bookmark -
← Older posts

Recent

  • U.S. Air Force Internship Program
  • U.S. Bank Awards three Cybersecurity Scholarships to UMSL students
  • UMSL to lead the Midwest Association of Information Systems 2018 Conference
  • Federal IT/Cybersecurity Job Fair in Maryland
  • Cybersecurity Virtual Career Fair

Categories

  • Community Resources
  • Cyber Competitions
  • Cybersecurity Students
  • Guest Speaker
  • Jobs
  • Security Education/Conferences/Events
  • Security Tips
  • Student Projects
  • Student Research Papers
  • Uncategorized

Archives

  • November 2017
  • October 2017
  • September 2017
  • February 2017
  • October 2016
  • August 2016
  • July 2016
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2014
  • September 2014

Blogs and Sites

  • UMSL Cybersecurity Home
  • Information Systems Department
  • Math and Computer Science
  • Criminology and Criminal Justice
  • STLCyberCon.org

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Proudly powered by WordPress Theme: Chateau by Ignacio Ricci.