A start on good security habits compiled by US-CERT: https://www.us-cert.gov/ncas/tips/ST04-003
Good information security habits
15 Tuesday Mar 2016
Posted Security Tips
in≈ Comments Off on Good information security habits
15 Tuesday Mar 2016
Posted Security Tips
in≈ Comments Off on Good information security habits
A start on good security habits compiled by US-CERT: https://www.us-cert.gov/ncas/tips/ST04-003
15 Tuesday Mar 2016
Posted Security Tips
in≈ Comments Off on Before you connect a new computer to the Internet
A guide by US-Cert on simple things we can do before we connect a brand new machine to the Internet: https://www.us-cert.gov/ncas/tips/ST15-003
15 Tuesday Mar 2016
Posted Security Tips
in≈ Comments Off on Securing Home Networks
A simple guide by US-CERT on securing home networks: https://www.us-cert.gov/ncas/tips/ST15-002
08 Tuesday Mar 2016
Posted Security Education/Conferences/Events
in≈ Comments Off on iPhone Security Meeting
Tags
6:30 PM to 9:00 PM
4240 Duncan Ave
2nd Floor
Saint Louis, MO (map)
Join us and learn about the advanced security features of iOS devices and how they protect our privacy.
iOS devices are secure right out of the box and deliver a great user experience. This is possible because Apple makes the hardware, software, and services that power all iOS devices — ensuring every element is built with security in mind.
Join us to discuss the security of iOS 9 devices, iPhone and iPad.
• Touch ID and Passcodes
• Encryption and Data Protection
• App Security and iOS Updates
• iMessage and FaceTime
• iCloud Backup and Apple ID
• Find My iPhone and Activation Lock
• Mobile Device Management (MDM)
• Privacy Controls and more…
Learn about the ongoing case.
“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand… This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.” – Tim Cook – Apple.com
We’ll discuss:
• The Need for Encryption
• The San Bernardino Case
• The Threat to Data Security
• A Dangerous Precedent
And the answers to:
• Why is Apple objecting to the government’s order?
• Is it technically possible to do what the government has ordered?
• What should happen from here?
This is an event open for anyone interested in the future of CyberSecurity.
Great discussions, pizza, refreshments, and much more!
Register at http://www.meetup.com/ApplePro/events/228787263/
25 Monday Jan 2016
Posted Uncategorized
in≈ Comments Off on New IoT Journal to be Launced
The International Journal of Hyperconnectivity and the Internet of Things (IJHIoT) is set to be officially launched in 2017. The IJHIoT shall focus on a variety of topics relating to IoT and the current age of hyperconnectivity including security concerns, applications of IoT, development and management of the IoT, wearable computing, IoT for home automation, smart cities, etc. The editor-in-chief of the journal shall be Dr. Maurice Dawson who is a faculty member in the Information Systems Department.
See schedule below that shows the dates for the IJHIoT.
The signed contract can be viewed by clicking on the following link Dawson_IJHIoT agreement_signed_IGI
14 Thursday Jan 2016
Posted Student Projects
in≈ Comments Off on Student projects in Cloud Computing
In this semester-wide project, students are required to design cloud architecture for a hypothetical company. They are required to address all aspects of cloud, including security and auditing. Two of the projects are added here.
14 Thursday Jan 2016
Posted Student Research Papers
in≈ Comments Off on Mobile Cloud Computing: Cloudlets, Offloading, and Other Platform Specific Concerns
Tags
Mobile Cloud Computing is the intersection of mobile computing devices (cellphones, tablets, etc.) and familiar cloud computing concepts; mobile devices can see significant benefits from leveraging the cloud, from increased computational speed and extended battery-life (generally a major concern for mobile devices), to the ability for a resource poor device to run resource intensive mobile applications. The presentation therefore will be about cloud computing as it applies specifically to mobile devices. The vast majority of the discussion is applicable to general cloud computing (and thus of broader interest to the class), but there will be a focus on the challenges pertinent to a mobile device using cloud computing (some cursory background on necessary included topics, for example, mobile network tower handoff, will be provided as needed). Such challenges include, but are not limited to: latency and connectivity (both of which effect seamlessness and QoS); and computational offloading which has many subproblems such as how much of the/which of the computations do we offload, why, and what are the structural/architectural limitations thereof. Further discussion will explore proposed/tested solutions to these specific issues, while also elaborating on some of the measurable benefits of adopting cloud computing for mobile devices: device-battery savings, faster processing, and the ability for resource poor devices to run resource intensive applications. Many, quite possibly all, of the issues discussed won’t have “given”/standard answers as they are areas of open research (especially where the limitations imposed by mobile devices are applied), but the discussion will be backed with hard data and specific approaches to these issues drawn from the available research literature. Expected topics of discussion relating to the problems presented by mobile cloud computing will include cloudlets (vs cloud frameworks) with regard to seamlessness and QoS, and methods of offloading computations (theory/algorithms for execution offloading: why dynamic not static code partitioning, minimizing state transfer costs, and other possible considerations).
The complete presentation is available here: MobileCloudComputing
13 Wednesday Jan 2016
Posted Student Research Papers
in≈ Comments Off on Cloud Computing: Regulation of Emerging Technology.
Tags
13 Wednesday Jan 2016
Posted Student Projects
in≈ Comments Off on FALL 2015 INFSYS 6868 Software Assurance – Student Research Papers
INFSYS 6868 Software Assurance – Student Research Papers
Software Development Security: Security Driven Development
Abstract: Security design patterns in the software development life cycle has taken a back seat to create better user experience. At the cost of this better user experience is the risk associated with the lack of focus in security. This becomes an issue for companies that experience major security breaches and must continue to patch their patterns rather than, taking a security driven approach to designing their software. In this paper we will explore the benefits of moving toward a security driven development pattern. In the paper the focus will be centered on business processes and involving security throughout the organizational ecosystem. The benefits and challenges that is associated with moving toward a security driven development pattern and how to build a security driven organization.
Click here to view research paper Secuirty_Driven_Dev_Sasa_Basara
Third Party Risk Management: Cost-effective Approach
Abstract: This paper focuses on importance of third-party risk management and outsourcing risks. Specifically this paper will emphasize the importance of building supplier relationships in safe, secure and productive way applying risk-based approach to supplier oversight and relationship management. Benefits and challenges outlined along with recommendations on how to build risk averse and policy compliant corporate culture.
Click here to view research paper Third Party Risk Management
Improving Web Application Security by Eliminating CWEs
Abstract: This study examined improving web application security by eliminating CWEs. With the developing of web application, securities are becoming more and more important and complicated. The article states the current situation of the web application security and provides possible solution method. By understanding the CWEs and eliminating CWEs can help web application developers to solve or minimizing the security problems. The study listed three CWEs as examples to show how to understand and eliminate CWEs. Problem-solving based method can help people quickly understand the advantage of using CWEs to improve web application. Cloud Computing is also covered in the study for the future research directions.
Click here to view research paper Weijie_Chen_ResearchPaper