America's Waterway Watch

August 14, 2010 - America's Waterway Watch is a program of the United States Coast Guard and its Reserve and Auxiliary components to encourage members of the public to be on the alert for suspicious behavior by boaters. In his presentation Jason Caudill’s goal is to acquaint is with the activities of the Auxiliary in the East Tennessee area, particularly the AWW program.

National Safe Skies Alliance

December 10, 2009 - Scott Broyles, President and Chief Operating Officer of the National Safe Skies Alliance describes their work as a federally funded non-profit organization and how they go about making a distinctive impact by evaluating innovative solutions aimed at improving aviation security.  To date Safe Skies has conducted over 200 projects, with 25 underway.  The vast majority of their work is in support of the mission of the Department of Homeland Security.

eDiscovery - Nowhere to Hide

August 13, 2009 - Electronic Discovery is the process of collecting, preserving, processing, and producing electronic information in litigation. On December 1^st, 2006, the Federal Rules of Civil Procedure were updated to include (expect) electronic information to be produced in litigation when in Federal Court. These rules placed electronic information at the same level of importance as paper in litigation.

On July 1st of this year, the same rules went into effect for TN State Courts. With the rules now in place in both Federal and State courts, there is no where to hide. Courts and attorneys are learning the value of and leveraging electronic information in most all instances of litigation.

Why should employers be thinking about litigation?  A recent Knoxville News Sentinel article explained that “People are getting fired, laid off and their job prospects are limited. So, more people are turning to litigation for a solution.

Lawyers are preparing for electronic discovery.  Will their clients be ready?  This presentation will cover the basics of electronic discovery, technical translations of the rules, and practical tips to prepare for “eDiscovery”.

August 14, 2008 - With the support of the U.S. Department of Homeland Security, CARRI is a groundbreaking program being led by the Department of Energy's Oak Ridge National Laboratory, in conjunction with a variety of other federal, regional, state and local partners. The goal of CARRI is to help develop and then share critical paths that any community or region may take to strengthen its ability to prepare for, respond to, and repidly recover from significant man-made or natural disasters with a minimal downtime to basic community, government and business services.Ann Farrar surrently serves as the CARRI Senior Program Manager at ORNL, Ann provides managment oversight and coordination to the local CARRI community efforts. In her presentation, Ann provides an excellent overview of this innovative program.

Incident Handling

April 10, 2008 - Computer viruses, worms, denial of service attacks, equipment failures, vandalism, theft and other unwelcome events can send your computer services staff scrambling and cause a variety of problems for your user community. Even the least of these situations can be a distraction for your staff. The most severe can provide an unscheduled opportunity to test your disaster recovery procedure!

How does your organization react to these events? Do you have a clearly-defined process in place to deal with unexpected incidents that threaten the security or operation of your systems.

Erik Rolf, President of Deliberare, Inc., addresses Incident Handling and Response with a tie in to law enforcement. As an information security and technology consultant in the financial services, telecommunications and health-care areas, Erik has a wealth of experience to share in his presentation.

Evolution of Wireless Security

August 9, 2007 - Most modern IT organizations have taken measures to fortify the corporate network against a variety of threats. Common setups often include ingress filters and network-segmenting firewalls, centralized monitoring of malicious software tools, an intrusion detection system and various other security infrastructure components. However, are end-users safe when they leave the friendly confines of such a protected network? In today's business environment, many employees travel to visit clients, participate in conferences and deliver presentations. Along the way, they travel through airports, stay in hotels, stop by coffee shops and visit a variety of other places that offer access to the Internet via public wireless networks. Those networks bring with them a set of threats that can make a Chief Security Officer squirm. Public wireless networks are crawling with individuals who have nothing better to do than attempt to access other computers on the network and browse their hard drives. If corporate systems aren't properly configured, they may be easy victims for these miscreants. Fortunately, this problem is easy to solve.Stephen Esposito, a Computing Specialist at the Y-12 National Security Complex in Oak Ridge, will cover the evolution of wireless security by highlighting the risks associated with various security implementations. Security measures covered will include a lack of security, MAC filtering, WEP, WPA, and WPA2. Attacks covered will include trivial attacks against a lack of security, MAC spoofing, WEP cracking, and rogue access points.

Mobile Device Security

December 14, 2006 - Mobile devices like organizers, cell phones, etc. are becoming more and more ubiquitous. They are already in daily use for business work as well as for personal applications like e-mail. Hence mobile computing offers many opportunities for new kinds of work and business. Nevertheless, we must be aware if the risks which arise if we use mobile devices in security critical transactions without taking appropriate security measures.  In the white paper “The CIO’s Guide to Mobile Security”, the author states “organizations often underestimate the potential security risks of using wireless devices. Implementing security solutions is critical. As wireless solutions continue to build momentum and the subsequent number of wireless devices grows, the demand to manage and secure these solutions increases.”The keys to mobile computing security concerns was presented by featured speakers  Jim Human, Data Solutions Manager, and Jerry Hobson, Data Sales Engineer, both with Verizon Wireless.

Engaging the IT Sector in Global Infrastructure Protection

October 24, 2006 - Dr. Phyllis Schneck serves as the Chairman of the National Board of Directors of the FBI's InfraGard program and founding president of InfraGard Atlanta. Phyllis is mostly responsible for the strategic growth and vision of the private sector side of the InfraGard Program, and for growing the relationship between InfraGard and the Department of Homeland Security through several Directorates. As examples, Phyllis was chiefly responsible on the private sector side for the first Memorandum of Understanding between DHS and InfraGard and for engaging DHS officials at all local InfraGard Chapters nationwide. Phyllis is also responsible for leading the overall strategic plan for engaging the private sector in integrated infrastructure protection information integration and dissemination and participation in the creation of National Policy such as the National Infrastructure Protection Plan. Phyllis was recently re-elected by InfraGard local leaders nationwide to another INMA Board term. Dr. Schneck recently spoke at the 2006 Cyber Security Summit conference held at the University of Tennessee. This presentation was given at that conference.

Vishing

October 12, 2006 - Just as Internet surfers have gotten wise to the fine art of phishing, along comes a new scam utilizing a new technology. Creative thieves are now switching their efforts to "vishing," which uses Voice over Internet Protocol (VoIP) phones instead of a misdirected Web link to steal user information. According to USTelecom's Crossroads Express July 17, 2006 issue, a new telephony-based version of “phishing” dubbed “vishing” has evolved from traditional Web-based phishing scams. The new technique has been used by criminals to collect details from credit cards, including the three-digit CVV security code, expiration date and account number. “Vishing” scams usually begin when the criminal gets a cheap and easily available VoIP number and then configures an automated dialing system to call people. When the call is answered, an automated recording alerts the person that his or her credit card has been compromised and the consumer should call a phone number immediately to correct the problem. The phone number is often a toll-free number with a spoofed caller ID of a legitimate financial company. The featured speaker for this seminar was Slade Griffin who is currently a security engineer with Sword & Shield Enterprise Security, Inc.

Protecting Your Data With Optical Storage

Is the data being archived by your company adequately protected? Will it be retrievable in compliance with SOX regulations? Have all the importantant factors been taken into account when selecting the storage system to be used? Lee Tutt, business development manager for Infinite Options Inc., makes a compeling argument for chosing an optical storage system for storing and protecting your archived data.

Distrubuted Denial of Services Attacks

February 9th, 2006 — In this seminar, we will examine what happened when the Internet Root Servers came under attack from a DDOS in 2002. Did anyone notice anything wrong that day? Many lost the Internet completely that day. Most did not. One of the things addressed is how close connectivity came to being lost that day.Some are saying that 2006 will be the year for spear phishing attacks. These are attacks that are directed against specific individuals. They are much more successful that standard phishing attacks and use such techniques as appearing to be from a coworker. The corporate equivalent of spear phishing, denial of service attacks are directed against specific corporations. What can organizations do to protect themselves? Why is this important? Are organizations dependent on Internet Root Servers? The answer may surprise you.This seminar will feature Mr. Chalmer Lowe, a Fire Protection Engineer with Nexus Technical Services Corporation.

Information Assurance - Where We've Been and Where We're Going

December 15th, 2005 — Why do we seem to be stuck in a never-ending patch, test, patch, test, cycle? Why can’t the largest vendors (Cisco, Microsoft, Oracle, etc.) get it right? Dr. Burnham is one of those speakers where you will want to think of your most pressing security challenge and play “stump the professor.” The answer may be “We can’t solve that problem right now,” but you’ll definitely get an answer.

Dr. Blaine Burnham has been a major player on the security scene since the 1970’s. He will be giving a presentation on “Where We’ve Been and Where We Are Going.” Dr. Burnham understands not only the technical underpinnings of security but also how to make it work in the business environment and the drawbacks thereof. He will discuss information security landmines past, present, and future; the technical problems we can address, and those we think we can, but which we can’t.

Dr. Blaine Burnham is the Director of the Nebraska University Consortium for Information Assurance and a Senior Research Fellow for the College of Information Science and Technology.

WLAN Threats and Countermeasures

April 8, 2004 - No longer the province of specialty computer stores, wireless LANs can now be purchased at your neighborhood Wal-Mart. From the Fortune 500 Company to the home, many wireless LANs are being deployed without any hint of security. Why? Is it because the threat isn’t understood? Is it because the security countermeasures aren’t sufficient to deploy them safely? The answers to these and the below questions may surprise you.

Surfing Content Control

Emerging Threats - From Discovery to Protection

Effective Incident Handling

April 10, 2003 — Information security is only effective if you are able to stop attacks before damage is done. To accomplish this, organizations must have the right people, processes and technologies working together in order to discover and respond to events threatening critical information assets. This presentation will discuss these components and the options available to organizations in terms of people, process and technology.

"By having the appropriate people, process and technology ecosystem in place, organizations will increase the effectiveness of their information security programs. Additionally, conducting proper incident response provides security organizations with a wealth of data from which they can develop the performance metrics necessary for audits or management reports.

The featured speaker for this presentation was Mr. Steven Drew, VP of Managed Security Services for LURHQ Corporation.

Going Wireless Without a Net

February 12, 2003 — Wireless LANs are one of the hottest technologies in today’s data communications market place. Yet, their limitations also make them the most controversial. This presentation will address the balance between the convenience WLANs offer with the need to deploy them in a secure fashion. The presentation will overview how the technology works and compares it to the wired LANs that is better known and understood. From there, the vulnerabilities will start to become apparent and will be discussed in a bit more detail. Ways to mitigate the risks with smart deployment of this hot technology will then be discussed. Risk mitigation techniques will not only include things that can be done to the standard configuration, but also include add-on technologies that provide a good level of security and can make WLANs security concerns all but disappear.

The featured speaker for this presentation was Mr. Brian J. Kaldenbach, Network Operations Manager for the Oak Ridge National Laboratory data network.

Security on a Shoestring

 December 12, 2002 — This will be a very entertaining and enlightening presentation that will show you how one company has started up an IT security effort almost from scratch. You will hear how an IT person has been thrust into the security spotlight and expected to become a security professional almost overnight. Not only will there be funny stories about security happenings, but it will be all about lessons learned. No one is ever ridiculed at our meetings; we all want to learn, but sometimes security can have very funny twists and turns.

The featured speaker was Mr. Richard Scheuch, Security Manager for a local company. Mr. Scheuch, is a member of the IKMA Executive Committee.

Managing Policies

October 16, 2002 — The featured speaker for this seminar was Mr. Alex Zappani, President of Zequel Technologies, Inc., a company that develops enterprise software solutions that enable organizations to manage their internal corporate policies and procedures more efficiently. Mr. Zappani will give a presentation titled “New Trends Managing Policies and Procedures.” This topic addressed policy and procedures and how they affect the bottom line.

FBI Computer Crime

FBI and Infrastructure Handling

November 8, 2001 — A December report to Congress by the Gilmore Commission (formally known as the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction) concluded that collecting intelligence, assessing threats and sharing information are crucial steps toward increasing domestic preparedness for combating terrorism.

July 12, 2001 — The inaugural InfraGard meeting featured Jason Riddle, information security administrator for the Knoxville Utilities Board (now with Sword and Shield), who spoke about steps organizations can take to educate key employees on computer network security and how to balance in-house staff security expertise with the use of outsourced network security services providers.