Spies! Spies everywhere! The Information Security Office presents SECURITY AWARENESS WEEK 2008. SAFE offers the opportunity to arm yourself with trustworthy advice from campus experts on how to keep your data and your identity safe. These tips will help keep the internet villains "shaken" -- not stirred. All events are free and open to the public.
This year's events will take place on the Mall and in various locations around campus. We will offer both general sessions for regular end users, as well as technical sessions for net managers. The sessions will be held on the main campus Tuesday and Wednesday (November 4 and 5), and on the north side of Speedway Thursday and Friday (November 6 and 7).
- OSCR TV Spot - The Spy Who Hacked Me
- General Session Presentations (video, Powerpoint, handouts)
- Technical Session Presentations (video, Powerpoint, handouts)
- Printable information sheet on week's events (PDF)
- Printable 8-1/2 x 11 flyer (pdf)
- Printable 11 x 17 poster (pdf)
- Video presentation
- PowerPoint presentation
- Office Security @ UA
- Spyware Guide EULA Analyzer by FaceTime Security Labs
- EULAlyzer by Javacool Software
- Video presentation
- PowerPoint presentation
- P2P Risks
- Facebook Privacy and Security Guide
- Facebook Security Guide
- MySpace Security Guide
- Spyware Guide EULA Analyzer by FaceTime Security Labs
- EULAlyzer by Javacool Software
- Video presentation
- PowerPoint presentation
- OWASP Top Ten Project
- UA Web Application Best Practices
- Microsoft Corporation
- UA InfoSec Office Webpage for Application Developers
- Video presentation
- PowerPoint presentation
- CIS Benchmarks
- IS-S701 - Minimum Security Standard for Networked Devices
- IS-S702 - Server Security Standard
- Server Review Baseline Template
- IS-G701 - Password Construction and Management Guideline
- IS-G702 - Anti-Virus Software Guideline
- IS-G703 - Firewall Software Guideline
- IS-G704 - Software Patching Guideline
- IS-G705 - Spyware and Adware Prevention Guideline
- IS-G706 - Minimum Security for Networked Devices Implementation Guideline
-
Anyone who owns and/or uses a computer connected to the Internet
-
Anyone who supports or maintains university computers and servers
-
AZ Athletics
-
Cisco
-
Gateway/MPC
-
Hewlett-Packard
-
OSCR
-
PGP
-
Sophos
-
UA CATS
-
UA CIO
GENERAL SESSIONS
ANTIVIRUS IS NOT ENOUGH: Securing Home Computers -- Bond had the ingenious inventor Q to help keep him out of trouble, but we mere mortals don't have such a luxury. And, while we have IT support at work to help us with safety, we don't usually have a resident "geek" to do this at home. At this session, you will get tips on your own "homeland" security, and learn about cool tools for assessing and ensuring security.
LICENSE TO STEAL: What Your IT Staff CAN'T Do For You -- Q created amazing gadgets to help Bond stay safe during his missions, but 007 would have been lost without Miss Moneypenny's safe practices. The same goes for you and your office. While your IT staff provides support with security software, the bad guys are working diligently to thwart your security gadgets and use your trusting nature against you. Learn from our experts what you can do to outsmart them.
FROM RUSSIA WITHOUT LOVE: Identity Theft & Phishing -- Bond had a virtual bevy of babes, but they usually did not have his best interests at heart. Since he knew he had a big target on his back, he stayed busy thwarting the villains' plans. Learn what you can do to keep the bad guys at bay online.
SPY ANOTHER DAY: Botnets and Spyware -- Hackers can't use your computer to provoke hostilities between nations - or can they? Spyware can allow the bad guys to steal your identity; hackers build empires of computers that they use for malicious intent; viruses, worms, and trojans can take down an entire organization. Learn about tools to prevent villains from using you as a pawn in their dastardly plans.
NOT FOR YOUR EYES ONLY: Securing Wireless and Mobile Devices -- Q would scoff at the idea of open access to his gadgets. You should view public wireless the same way. Learn about how to use wireless devices safely so that you keep your information safe from those nasty villains who are working tirelessly to intercept it.
PROFILES ARE FOREVER: Safe Surfing & Social Networking -- We can guarantee that M would frown on 007 setting up a MySpace or Facebook page, or accepting end user agreements so he could send pictures of himself online to his many hotties. Come learn about safe surfing, limiting your digital data online, and understanding what a sinister web page looks like.
TECHNICAL SESSIONS
THE MAN WITH THE ACTIVE DIRECTORY: Using AD for Improved Security -- This session would be Q’s dream of a perfect world – using automation and gadgets to free up time, save money, and keep data safe. Come get some great tips from an AD expert.
OCTOPOLICY: Security Through Group Policy -- If you’re a Double-O, playing by certain rules makes catching those dastardly villains much easier. The same is true when pushing out policy for users. This session informs UA Network Managers about the advantages of using Group Policy to improve information security and automate maintenance.
LOGS NEVER DIE: Log Management/Reporting and Incident Handling -- In Tomorrow Never Dies, 007 and M16 were monitoring “techno-terrorists” who planned on using technology to launch nuclear torpedoes, causing all sorts of havoc. While our techies may not be preventing such nefarious activities, they are still thwarting hackers and other mischief-makers on a daily basis with log management tools. Learn why log monitoring is important for security, and how logs can be managed.
WEB-RAKER: Web Application Security -- Malicious File Execution. . . . Cross-Site Scripting. . . . Injection Flaws. . . . these are the nemeses of web applications. We wouldn’t turn our departments over to Dr. No, Hugo Drax, or Goldfinger; likewise, we shouldn’t leave our websites open to such villains. Learn about practices to keep your web applications secure and the bad guys out of the loop.
LIVE AND LET COMPLY: Tools for Complying With UA Standards -- Even 007 had to follow the rules, and when he didn’t, M was not too happy. The UA has standards in place that also must be followed. This session will introduce a checklist that will allow administrators to check off security controls as they are implemented. Other benchmarks from The Center for Internet Security (CIS) will also be discussed.
GOLDENTOOLS: Centralized Tools on a Decentralized Campus -- In GoldenEye, a crime syndicate plans on using a satellite weapon to bring about a global financial meltdown. 007 prevents this by using some cool Q gadgets and his own wits. Our net managers work feverishly to prevent such catastrophes on UA computers. This session will cover the use of some nifty management tools that allow for remote management and/or reporting of computer systems.
Who should attend?
Students, faculty and staff are encouraged to stop by our tent on the Mall for free giveaways and to learn more about protecting their computer and confidential information.
SAFE08 Planning Committee
| Committee Member | Department/College |
| Kelley Bogart | Information Security |
| Teresa Banks | Information Security |
| Eric Case | Engineering |
| Cheri Darling | Risk Management |
| Robbie MacPherson | Human Resources |
| Georgios Mousouros | SBS |
| Laura Roth-Shepherd | 24/7 IT Support |
| Gil Salazar | CALS |
| Lisa Stage | STDT Computing |
Special thanks to the following vendors and UA departments for their donations:
For more information, contact the Information Security Office at 621-8476 (UISO) or iso@u.arizona.edu.
