Ohio State’s operations, developments, and resources have immense value. Examples include intellectual property from research, patient medical records, and personal information used for outreach and communications. Every member of the university community is responsible for keeping it secure.
To recognize cyber security’s role in protecting these resources, the Office of the CIO partnered with Battelle Memorial Institute to host a Cyber Security Awareness conference last fall. Nearly 200 participants, from curious beginners to experts, gathered for the conference at the Fawcett Center on October 29.
Kathy Starkoff, Chief Information Officer at Ohio State, said that unlike Ohio State’s value, its security challenges are ever-changing. Cyber criminals are also aware of our assets’ worth, and are constantly searching for new approaches to access them. Starkoff emphasized how constant change yields more risk. “Cyber warfare” is how Tony Robinson, Battelle Memorial Institute’s Chief Information Security Officer (CISO), described the matter at hand.
Brent Huston, CEO of MicroSolved Inc., delivered the keynote address. He explained the evolution of cyber crime, including historical impacts and the way traditional crimes like social engineering and brute force theft have translated into electronic forms. Although the intentions behind thievery have not changed, tactics have moved from con artistry in person to spear phishing emails, mobile device malware, and complex, highly organized criminal operations.
Conference sessions presented solutions and remaining obstacles in defending against these tactics. Kelley Dempsey, a Senior Information Security Specialist from the National Institute of Standards and Technology (NIST) covered risk management and the resources available to IT security professionals from NIST.
“These publications are all open for public comment,” Dempsey said, further explaining how concerns raised in these comments by the public community had a heavy impact on the development of updated NIST publications. In the fast-changing environment of technology security, these collaborative efforts are tedious but worthwhile. Common standards such as NIST’s have helped transform cyber security from an art form into a science, said Douglas Davidson, President & CEO of Jacadis LLC, during his presentation on securing protected health information.
Each session provided an opportunity for IT security professionals to engage on timely security issues. Some presentations sparked friendly debates among speakers and audience members, such as allowing jailbroken or rooted phones on an enterprise server. Participants could also attend in-depth workshops covering topics including defensible software development and the foundations of access controls.
One unanimous sentiment was that no silver bullet against cyber crime exists. Staying current, however, is one common item on each security professional’s growing checklist. By collaborating with Battelle and bringing together hundreds of IT and security professionals, the OCIO affirmed their commitment to staying current and protecting the university’s systems, data and networks.