Skip to main content

Home

 

Find us on

facebook youtube flickr twitter itunes u logo

Past Talks

Dr. Liz Bowman

Dr. Elizabeth Bowman
U.S. Army Research Laboratory
Artificial Intelligence, Machine Learning and Information: Army Social Computing Research
Tuesday, December 5th
Haldeman 041 Kreindler Conference Room
4:00 PM

Dr. Fabio Pierazzi

Dr. Fabio Pierazzi
Royal Holloway University of London
Network Security Analytics for Detection of Advanced Cyberattacks
Tuesday, November 28th
Sudikoff Trust Lab (L045)
12:30 PM

V.S. Subrahmanian

V.S. Subrahmanian
Dartmouth Distinguished Professor in Cybersecurity, Technology, and Society
Bots, Socks, and Vandals
Tuesday, November 14th
Carson L01
5:00 PM 

Rand Beers

Rand Beers ('64)
Big Data, the Internet, and Social Media:  The Road to the November 2016 Election
Wednesday, November 8th
Haldeman 41 (Kreindler Conference Hall)
4:30 PM 

Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
S
udikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 

Sal Stolfo

Salvatore J. Stolfo 
Columbia University
A Brief History of Symbiote Defense
Tuesday, October 31st
Rockefeller 003
5:00 PM

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan

 

 

 

Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George

 

Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

ISTS Information Pamphlet


2012BrochureCover

 

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu

2011 Agenda

Tuesday, July 19.  Presentations (Haldeman Center, Kreindler Auditorium, Room 041)

Download a copy of the agenda.

8:30 a.m.

Conference Registration and Continental Breakfast

Location: Haldeman Center, Kreindler Auditorium, Room 041

9:00 a.m.

Welcoming Remarks

Ellen Waite-Franzen
Vice President for Information Technology and Chief Information Officer, Dartmouth College 

9:10 a.m.

Keeping the Human in the Loop

Shari Lawrence Pfleeger
Director of Research, Institute for Information Infrastructure Protection (I3P)

10:05 a.m.

The Evolution of Cyber Threats and Government Policy

Larry Clinton
President and CEO, Internet Security Alliance

11:00 a.m.

Break

11:15 a.m.

The Many Faces of Facebook

Jennifer Frank
Investigator, Plymouth State University 

12:10 p.m.

Lunch
Location:
Occom Commons, McLaughlin Cluster
Birds of a Feather Topic Tables 

1:30 p.m.

Dumb Ideas in Computer Security

Charles Pfleeger
Pfleeger Consulting Group

2:25 p.m.

Out of the Frying Pan and into the Fire: Protecting the Security of Research Data

Larry Conrad
Vice Chancellor for Information Technology and CIO, UNC Chapel Hill

3:15 p.m.

Break

3:30 p.m.

Anatomy of an Attack

Adam Goldstein and SISMAT students Brendan Graham, Justin Kearns, and Luke Korth
Dartmouth College

4:25 p.m.

Evidence-based Risk Management in Information Security

Alexander Hutton
Principal, Research & Intelligence, Verizon Business RISK Team 

5:20 p.m.

Wrap-up

5:30 p.m.

Social at the Hanover Inn, The Wheelock Room

7:00 p.m.

Free Time for Dinner

Wednesday, July 20.  Break-out Sessions (Haldeman Center)

8:30 a.m.

Continental Breakfast
Location: Haldeman Center, Russo Gallery

9:00 a.m.

Break-out Session 1

OWASP Top Ten
Kuai Hinojosa
Cigital, Inc.
Location: Haldeman Center, Room 124

Understanding Global Internet Events
Doug Madory
Renesys Corporation
Location: Haldeman Center, Room 125

Panel Discussion on Cyber Risk Insurance
Moderated by: Leslie Seabrook
Associate Director, Risk and Internal Control Services, Dartmouth College
Panelists include: Robert Wice of Beazley and Robert O'Shea of Beecher Carlson
Location: Haldeman Center, Room 031

10:10 a.m.

Break-out Session 2

The Building Security in Maturity Model (BSIMM)
Jason Hills
Cigital Inc.
Location: Haldeman Center, Room 124

Understanding Global Internet Events
Doug Madory
Renesys Corporation
Location: Haldeman Center, Room 125 

Panel Discussion on Cyber Risk Insurance
Moderated by: Leslie Seabrook
Associate Director, Risk and Internal Control Services, Dartmouth College
Panelists include: Robert Wice of Beazley and Robert O'Shea of Beecher Carlson
Location: Haldeman Center, Room 031

11:20 a.m.

Break-out Session 3

OWASP Top Ten
Kuai Hinojosa
Cigital Inc.
Location: Haldeman Center, Room 124

The Building Security in Maturity Model (BSIMM)
Jason Hills
Cigital Inc.
Location: Haldeman Center, Room 125

12:30 p.m.

Lunch
Location: Dartmouth Outing Club House on Occom Pond

Bus service will be provided from the Haldeman Center to the Dartmouth Outing Club House.

1:15 p.m.

Conference Wrap-Up and "Five Minutes to Security"
Location:
Dartmouth Outing Club House on Occom Pond

Steve Nyman
Chief Information Security Officer, Dartmouth College 

The Conference will conclude at 2:00 p.m.

Talk Abstracts

Keeping the Human in the Loop

As technologists, we sometimes focus only on what the technology does, not on how the users perceive, understand and use it. To improve technology and its impact, we need to weave into our architectures those characteristics that make the best use of what we know about human cognition and risk perception. This presentation uses examples of poorly-designed and well-designed technology to suggest ways toward more natural technological improvement.

Shari Lawrence Pfleeger

The Evolution of Cyber Threats and Government Policy

Cyber threats continue to grow and evolve. As they do, our appreciation of who the attackers are, what they are doing and why has also changed. For government, industry and the academic community to develop an effective model of cyber defense we need to be clear on not just the technology of cyber security but the strategic and economic dimensions as well. This presentation will attempt to provide a framework for developing a sustainable system of cyber security by identifying what problems need to be addressed, how Congress and the Obama Administration are attempting to address them and what needs to be done by both enterprises and government for us to combat modern cyber threats.

Larry Clinton

The Many Faces of Facebook

In an ever-changing technological world it is incumbent upon us to stay abreast of new technologies and the plethora of social networking sites. These sites have changed the face and nature of stalking as well as perpetrators' methods of attack and information gathering. This presentation explores the issue from a two-pronged approach: technological advances and the inherent danger of cyber stalking. Topics covered include an introduction to what social networking is, the history of it, how it is being utilized, the liabilities of various social networking sites and your use of them, Social Media outlets and your privacy, legal and personal implications of use of this site, and an opportunity to view the digital footprint left behind by the use of these various Internet sites.

Objectives:

  1. Attendees will leave with a working knowledge of the history of social networking, its various applications, uses and structural components.
  2. Attendees will learn how social networking sites are being utilized by other campus police and safety departments, administrators, the liabilities that exist and the schools responsibilities for information garnered from the site.
  3. Attendees will understand social media outlets, the institutions' privacy concerns, and the legal and personal implications of use of the site. Attendees will be able to articulate the various dangers inherit in social networking programs and the dangers that exist for personal use of the sites.

Jennifer Frank

Dumb Ideas in Computer Security

Security has been a recognized computer system requirement since the 1960s, and the field has seen significant progress since then. Without smart, dedicated researchers and practitioners, we would not have such important approaches as firewalls, intrusion detection and prevention systems, public key cryptography and public key infrastructures, biometric authentication systems, various privacy and security laws and regulations, or secure offsite backups. These significant advances do not mean that all computer security problems are "solved" in some sense.

The time is right to think critically about how far we have come in security and how much farther we still need to go. To that end, we need to look at misperceptions, falsehoods, and failures in computer security in order not to repeat past mistakes.

In this talk, Dr. Pfleeger will describe "dumb ideas" in computer security: approaches shown not to work but that reappear from time to time. Some of these dumb ideas are persistent myths that people outside of security seem not to be able to release; others are limited views that circulate within the security community. Dr. Pfleeger will conclude by offering some positive suggestions to encourage progress.

Charles Pfleeger

Out of the Frying Pan and into the Fire: Protecting the Security of Research Data

Information security in higher ed to date has focused on protecting enterprise data. However, IT professionals need to be aware that many academic research studies include the collection of sensitive data, which must be adequately protected. Funding agencies are increasingly requiring data management plans be submitted as part of grant proposals, with institutions ensuring data integrity and security. This highly interactive session will include the review and discussion of a proposed approach for addressing this issue.

Larry Conrad

Anatomy of an Attack

Those familiar with information technology at higher education institutions are well aware that many systems are under a near constant barrage of cyber-attacks. From attempted exploits of servers to continued issues with spam, phishing, and malware, colleges and universities must deal with fending off these attacks on a daily basis.

Through the use of case studies and demonstrations of attack tools and techniques, this presentation will explore the motives and methods behind these attacks as well as identify the existing and emerging institutional risks they pose. In doing so, it is also possible to uncover security controls and other mitigation efforts that can assist schools in further securing their information systems.

Adam Goldstein with SISMAT Students Brendan Graham, Justin Kearns, and Luke Korth 

Evidence-based Risk Management in Information Security

Currently, people are making decisions around information security in an ad-hoc, unstructured, and many times, unscientific way. How does an industry facing issues in complexity and adaptability move from shamanism to a rational approach?

Alex Hutton will discuss epistemological challenges in information security, risk management, and while not having *all* the answers, will offer some possible solutions towards "escaping a Kuhnian proto-science."

Alexander Hutton

 

Break-out Session Abstracts

Top Ten Web Application Security Risks You Should Know About

The Open Web Application Security Project is a nonprofit organization with the mission of making application security visible. One of the most important documents the OWASP Community has contributed to the industry is the OWASP Top Ten which is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are and the risks. OWASP urges all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that leverages the development of secure code.

Kuai Hinojosa

The Building Security In Maturity Model

The Building Security In Maturity Model (BSIMM, pronounced “bee simm”) is designed to help you understand, measure, and plan a software security initiative. The BSIMM was created by observing and analyzing real-world data from thirty leading software security initiatives. It is freely available and is licensed under the Creative Commons Attribution-Share Alike 3.0 License. The BSIMM can help you determine how your organization compares to other real-world software security initiatives and what steps can be taken to make your approach more effective. The most important use of the BSIMM is as a measuring stick to determine where your approach to software security currently stands relative to other firms. This talk will give an overview of the BSIMM and discuss how it can be used as a measuring stick for your organization, for your vendors, and paired with other security measurement methods.

Jason Hills

Understanding Global Internet Events

We're only seven months in and 2011 has been a very eventful year for the backbone of the Internet. This talk will include a technical analysis of a range of significant events from Internet outages of the Arab Spring to the fiber optic cable cut in the Caucasus. (More information is available on the Renesys blog.)

Doug Madory

Panel Discussion on Cyber Risk Insurance

Cyber Risk insurance is a relatively new, and certainly evolving, insurance product designed to protect the insured against a variety of risk exposures. This panel discussion on Cyber Risk insurance covers the topic from three diverse points of view: 1) From a buyer, 2) From an Account Executive from a national insurance brokerage firm, and 3) from an executive with an insurance company that created the product. Each will discuss their review process, rationale for seeking and/or creating insurance to meet a specific need, barriers encountered, and claim experience.

Moderated by Leslie Seabrook

Last Updated: 7/31/13