Randy Marchany – VA Tech
All security is local; empower the local departmental IT staff; Business Process trumps the Security Process if there’s a conflict; learn the business process before imposing security requirements; restrictive security practices cause worse problems overall.
Three main business processes at Universities _ Academic, Administrative, Research.
Continuous Monitoring: Keeping someone from getting inside has failed miserably. Firewalls are not effective proteection devices – they are effective detection devices. Change the strategy – assume they are in so go hunt for compromised hosts; monitor outbound traffic; prevent their command and control communication; inbound monitors server side attacks; outbound monitors client side attacks.
Map developed tool that displays estimate of number of people occupying general-use classrooms and dining facilities, hour by hour throughout the week. They have a gameday app that keeps track of concentrations of people within the football stadium. Married GIS with IDP sensors so they can see where machines are that are being attacked or compromised.
Challenges: Funding, Training, Process, Technology.
Oren Sreebny 