[A good initiative. WEN.]
--------------------------------------------------------------------- This message is sent to you as a service of Information Security Awareness Week (ISAW). If this has been sent to you in error; or you wish to discontinue getting information about ISAW related events, simply reply with REMOVE in the Subject. --------------------------------------------------------------------- The following items are of general interest: 1. ISAW move to OCMS opt-in email lists completed this week 2. Omaha Brown Bag Lunch Solution Series starts Friday, June 7, 2002 3. 2nd ISAW Security & Privacy Working Group Public Meeting Held 4. Cohen crafts more focused Mission Statement 5. Boy Scout "Internet Security and Safety" Signature Campaign 6. 3rd ISAW Security & Privacy WG Public Meeting Confirmed 7. Project SEEDCORN early-bird view 8. ISAW volunteers needed for Community Service Programs --------------------------------------------------------------------- ANNOUNCMENT: Friday, June 7, 2002 The 1st Brown Brag Lunch Solution Series takes place in the Parkfair Mall, Second Floor, Room 228. The solution is in the domain of: Filtering network connections and traffic. This solution series is specifically designed for rank and file system and network administrators, managers and others with a desire to improve information security in their organization. The meeting is open to the general public. There is NO fee to attend. Bring your own Brown Bag Lunch and Beverage. No alcoholic Beverages Allowed. Meeting Starts at 12:00 NOON and ends at 1:00 promptly. Handouts will be available. For more information and to RSVP contact [EMAIL PROTECTED] SEATING IS LIMITED --------------------------------------------------------------------- DETAIL 1. ISAW move to OCMS opt-in email lists completed this week We are only a few days away from moving all email correspondence into the opt-in system; which will allow recipients of ISAW email to better control the messages they receive. With many Committees and Working Groups going at full steam the load is starting to get a little much for some, so we felt this would alleviate the problem. Watch http://www.isaw.org for more information. 2. Omaha Brown Bag Lunch Solution Series starts Friday, June 7, 2002 ISAW Technical Security Working Group Outreach Events Brown Bag Lunch Solution Series in Technical Security 45-minutes of technical security power tips over lunch Noon in the heart of Downtown Omaha! Presented by Information Security Awareness Week In Cooperation with: Nebraska University Consortium on Information Assurance (NUCIA) SANS Users Group (SANSUG) UNOmaha Student Chapter of ACM Sponsored by: SANS Institute SecurityPosture Date General Topic/Location 07-Jun-02 Filtering network connections and traffic/Parkfair Mall, Second Floor, Room 228 Yes 12-Jun-02 Firewalls, proxies, and router configuration/TBD or rescheduled 20-Jun-02 Installation, configuration, and use of tools to support password testing, integrity checking, encryption, logging, and system monitoring/Parkfair Mall, Second Floor, Room 227 28-Jun-02 Intrusion detection/Parkfair Mall, Second Floor, Room 226 03-Jul-02 Keeping operating system, service, and application software current regarding patches and updates to address vulnerabilitie/TBD or rescheduled 10-Jul-02 Remote access authentication technologies/Parkfair Mall, Second Floor, Room 226 17-Jul-02 Secure configuration of standard network services/TBD or rescheduled 24-Jul-02 Secure data backup and restoration/TBD or rescheduled 31-Jul-02 Secure host installation, configuration, and deployment/TBD or rescheduled 14-Aug-02 Securing publicly accessible services/TBD or rescheduled 21-Aug-02 Security considerations in developing a network architecture/TBD or rescheduled 28-Aug-02 Security requirements for information assets/TBD or rescheduled 04-Sep-02 Security-improved protocols/TBD or rescheduled 11-Sep-02 Strong authentication methods/TBD or rescheduled 18-Sep-02 User and service account management and assignment of privileges/TBD or rescheduled 25-Sep-02 Virtual private networks/TBD or rescheduled Who Should Attend? System Administrators Network Administrators Information Security Administrators 3. 2nd ISAW Security & Privacy Working Group Public Meeting Held The 2nd ISAW SECPRIV-WG meeting was a success and please check http://www.isaw.org for the slides and other proceedings from this meeting. 4. Cohen crafts more focused Mission Statement The goal of ISAW is to improve information security in the United States. After examining this issue in depth, we have found that the most important things we can do with ISAW are to increase grass roots awareness and to help create the next generation of experts in the field. Grass roots awareness is fostered by our events around the nation. Creating the next generation of experts can only be accomplished through research and education. Therefore: The two core functions of ISAW are (1) fostering grass roots awareness and (2) fostering national scholarship and research. Grass roots awareness: This program extends from grade schools through continuing adult education classes and is coordinated through ISAW awareness week activities help around the country. ISAW creates activities and the materials needed to supporting these activities by generating proclamations and getting them instituted, helping to organize programs, getting national experts involved at the local level, building curricula for events, generating paper, audio, video, and slide shows to support these activities, and soliciting donations from corporate sponsors for these events. National scholarship and research: As a core function of ISAW, we are developing a national scholarship and research program which will seek the best and brightest students, pair them with the strongest educational programs, and fund them with joint scholarships and research grants to produce the next generation of experts. These experts in turn will work with ISAW over time to educate new students, perform new research, and form the core of our national future in this arena. 5. Boy Scout "Internet Security and Safety" Signature Campaign Dyann Bradbury and Ed Sexton are again taking the lead with the help of folks like Randy Nelson of Omaha to gather signatures for progressing the Proposed By Scout Merit Badge in "Internet Safety and Security" that they developed along with members of the steering and advisory committees. For details on this contact: Dyann Rene Bradbury <[EMAIL PROTECTED]>. See the Forums section on this Work Group for a copy of this merit badge. Also looking for adults involved in Girl Scouts and Explorers to help clone this activity badge to other youth groups. 6. 3rd ISAW Security & Privacy WG Public Meeting Confirmed The date and time for the 3rd ISAW SECPRV-WG meeting is 18-Jul-02, and will again be at the Westside Community Conference Center. The day will include various Privacy related talks, and the town meeting and keynotes are all on the topic of National Identity Cards. 7. Project SEEDCORN early-bird view As we are moving forward with the primary project of Information Security Awareness Week, it is time for the general public to get a high level view of this scholarship project: PROJECT SEEDCORN Forward: During the first Information Security Awareness Week (ISAW), Dr. Matt Bishop, a tenured faculty member at the University of California at Davis who has spent his career educating and doing leading edge research in the field, gave a keynote address on his continuing concern for the way we train, educate, and fund those individuals that create the core of our information protection technologies and capabilities. His message resonated with many others involved in ISAW and in the information protection community. Some of the others who have come forward and expressed their views on this situation include Dr. Fred Cohen, a keynote speakers at the CERT conference last year, a professor at the University of New Haven, and a researcher at Sandia National Laboratories, Dr. Lara Baker, and Dr. Blaine Burnham, who transitioned from the NSA to the Peter Kiewit Institute to help head up their information protection program. These are people who know about education, research, industry and government applications of protection technologies and expertise, education in the field, and funding to educate students. In the wake of the first year of 'Steal Fred Cohen's Prizes', a test run in which $4500 in scholarships were granted to qualified students in the field, scores of high school students were introduced to issues of ethics in the information age, and about 15 police officers were trained in the basis of digital crime scene investigation, a new idea was put forth. The idea was to solve the national need for information protection expertise, provide for the next generation of advanced information protection technologies, and fix the inadequate educational capacity in this field, all in one fell swoop. The idea is simple. We want to get corporate sponsorship to create the next generation of researchers, build the people we need, and provide us with advanced technologies suitable to corporate needs. It is the classic win-win situation. Corporations win because they get leading edge technology, advanced research, and people educated in how to deal with protection issues at a fraction of the cost they could otherwise get it for. Universities win because they get the new faculty they need and research dollars their professors need to get tenure and build the state-of-the-art, and students win because they get scholarships in top flight schools, internships in corporations where their new-found expertise can be applied, jobs when they graduate, and an education in the careers they want to follow. Dr. Cohen and I have created this draft of the Project SEEDCORN proposal - a proposal to provide the seedcorn we need in information protection to fill the national void - done in a way that will give those in industry the people and technologies suited to their needs - and done at a cost below what it would be if industry waited for someone else to do it and had to buy it from them. It is a business and educational collaboration investing in the best of the best people and institutions today, to assure a more secure future for all of us. Overview: Starting in the fall, participating institutions and sponsors will hold a nationwide search for candidates with the potential to receive scholarships through the SEEDCORN program. These students will be qualified based on grades, recommendations, and telephone and Internet interviews as candidates for the program. They will then be qualified for admittance into the participating academic institutions. A total of no more than 100 pre qualified candidates per academic institution will then be invited to attend ISAW feeder events. Each year during ISAW we will hold these feeder events. The events will consist of a 3-day hands-on intensive training course in information protection basics and the opportunity to meet with sponsors and faculty from participating academic institutions. The training will be designed to push out basic information protection skills to the best and brightest candidates, to test their ability to think and act in various settings, and to provide the students, faculty, and sponsors with the opportunity to get to know each other. Events will be held in multiple cities during or around ISAW, depending on the availability of local partners. The goal is to have three locations for 2003 -- Omaha, NE, Sacramento, CA, and West Haven, CT. The goal for 2004 is to have this program deployed through more academic partners qualified for SEEDCORN funding. The initial targets include the University of Nebraska at Omaha, University of California at Davis, and the University of New Haven. These 3-day feeder events will allow 300 students in the first year and more students as the program grows, to participate, and will help lead us to the 30 students per institution that we will grant scholarships to. Participation is limited to High School Seniors, students in undergraduate programs of our academic partners, graduate students currently attending those academic institutions, and applicants who are judged to be of exceptional merit from anywhere in the United States. All candidates must be US citizens or permanent residents, must have at least a 3.0 out of 4.0 academic average, and must not have a criminal record. At the end of the event, the sponsors and participating institutions will get together and select 30 candidates for scholarships at each of the qualified academic institutions. Participants who do not get scholarships will still be accepted to and able to attend these schools, and will win formal recognition, but they will not qualify for the scholarships in the upcoming academic year. Candidates will be evaluated based on merit, focus, desire to attain an advanced degree, and demonstrated potential. This program will be an equal opportunity program and will qualify candidates without regard to race, religion, or national origin. In addition to the award of scholarships, an identical amount will be granted to the academic institutions to sponsor research by the professors involved in the program, such research to be performed with substantial participation by the students in the SEEDCORN program. Scholarships for new initiates and those continuing in SEEDCORN along with the research grants for their mentors will be distributed through their schools in time for the start of the academic year. These scholarships are available for full out of state tuition (or a negotiated tuition rate for the SEEDCORN program) for: One (1) full year of education as an undergraduate, renewable annually for up to four (4) years or graduation; and two (2) full years of Masters level work; and three (3) full years of Doctoral work. Students and their academic mentors will also participate with sponsors in project SEEDCORN events to be held at least twice per academic year (including the annual ISAW event). These events will include: Every student participant and faculty participant will give a 15-minute presentation on their research and recent results. Every sponsor organization will give a 15-minute presentation on their organization and opportunities in this area. At the ISAW event, undergraduate students will act as technical assistants, graduate students will act as trainers, and professors will act as lead instructors for the annual meetings. Each presenter will also provide a paper on their work which will be published as conference proceedings and made available to all sponsor organizations in advance of the meetings and will be published over the Internet after the meeting. Each event will produce winning papers for each of the undergraduate, MS, Ph.D., and professor levels, with judgments about papers made by the combined committee of academic and sponsor organizations and winners will be given awards at the annual ISAW event. Meeting time for sponsors and students will be held so that students will have the opportunity to discuss internships and employment. Meeting time for sponsors and faculty will be held for the exchange of information on academic results and sponsor protection needs. It is intended that events will be held at different institution locations on a rotating basis to give all sponsors, academic institutions, and students the opportunity to expose each other to the entire program and its full membership. This will also facilitate the exchange of information so vital to a healthy and successful program. SEEDCORN specific events will be exclusive to sponsors, sponsored students, and academic institutions, and will also act as a time when the executive committee, review boards, and other bodies of the program can meet in person to discuss issues and make group decisions. These events will also provide an exclusive venue for working toward early licensing of technologies produced by SEEDCORN into sponsor organizations and for recruiting of students for internships, coop programs, and as new hires. PROGRAMS Student [3 Day INFOSEC Conference Tuition + $1000 Scholar Grant] High School Seniors (18+) Undergraduate Scholar [Tuition and Full Ride Grant in Aid]** Honors Undergraduate (one year renewable) Masters Scholar (two years) Doctoral Scholar (three years) Mentor [Matching Tuition Research Grant in Aid]** Undergraduate Mentor [Matching one year renewable] Masters Mentor [Matching two year[ Doctoral Scholar [Matching three year] ---------------------------------------------------------- Future Confirmed Meetings Central US Meetings of the Privacy Working Group 21-Apr-02 HIPAA (held as planned) 30-May-02 Anonymity (held as planned) 18-Jul-02 National Identity Cards (next meeting!) 19-Sep-02 Electronic Surveillance 21-Nov-02 Medical Records 16-Jan-03 Workplace Privacy 20-Mar-03 Digital Rights Management Best Regards, ISAW -- Chet Uber, [EMAIL PROTECTED], PGP B8DE8D3F Senior Advisor, SecurityPosture http://www.securityposture.com http://www.isaw.org 7660 Dodge Street, Suite D - Omaha, NE 68114 vox +1 402.498.2673 fax +1 402.391.3906 cell +1 402.671.9720 -------------------------------------------------------------------------- If you are not the intended recipient be advised that you have received this email in error and any use, dissemination, forwarding, printing or copying of it is strictly prohibited. It is the responsibility of the addressee to scan this mail and any attachments for computer viruses or other defects. The sender does not accept liability for any loss or damage of any nature, however caused, which may result directly or indirectly from this email or any file attached. -------------------------------------------------------------------------- "Security First, Security Always!" (c) 2001-2002 All Rights Reserved. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
