Archive for October, 2015

Internet Security

Monday, October 19th, 2015

Individuals ranging from youthful pranksters to international cyber criminals continuously threaten our personal, organizational, and indeed, the security of our nation. This was addressed as well as the current status of internet security at all levels including what you can do to better protect yourself in the digital age. Ms. Cheng and Mr Rzeszut spoke at the Wednesday, October 14, 2015 meeting. The program was moderated by SSV board member Rich DeMong. Listen to the podcast of the meeting and the Q&A.

2015-10-14-1-cheng-rzeszut

[display_podcast]

2015-10-14-2-cheng (1)Elaine Cheng, managing director and chief information officer at CFA Institute, oversees all aspects of information technology globally for the organization. Her primary focus is to provide and support organization-wide IT, including infrastructure and architecture, applications development, business process re-engineering, networks, and computer operations. She is also accountable for the future vision and strategy of technology and systems at CFA Institute. Prior to joining CFA Institute, Ms. Cheng worked for M&T Bank in Buffalo, New York, as Group Vice President of Technology Business Services. In this position, she led development planning for major IT investments, managed technology relationships with retail, commercial and internal business units, and overhauled the project management process. She served as vice president of retail operations at the bank prior to this position. Ms. Cheng earned her BA from Vassar College and her MBA from the University of Rochester, both in New York.

2015-10-14-3-rzeszutEric Rzeszut is the help desk manager at UVA’s McIntire School of Commerce, and was previously an IT manager at the University of Alabama at Birmingham. He is a Certified Information Systems Security Professional (CISSP) with nearly two decades of information technology and information security experience. Eric is also co-author of the book 10 Don’ts on Your Digital Devices, a guide to data security and digital privacy for nontechnical users published by APress in 2014.

Program Summary

Elaine presented four common data protection strategies: fire walls; demilitarized zones; intrusion prevention systems; and identity and access management. She followed with nine information security breach categories: point-of-sale intrusions; payment card skimmers; crime wave; web app attacks; denial-of-service; physical theft/loss; insider misuse; cyber espionage; and miscellaneous errors. Elaine concluded with remarks about the latest corporate security and technology, and how cyber security policy can both help and hurt.

Eric is co-author of the book 10 Don’ts on Your Digital Devices, a guide to data security and digital privacy for nontechnical users published by APress in 2014. The title of his presentation was, “Five Lessons from 10 Don’ts: keeping your digital life safe and private!”

Eric provided the “official” theme of the book as follows: “In nontechnical language and engaging style, 10 Don’ts on Your Digital Devices explains to non-techie users of PCs and handheld devices exactly what to do and what not to do to protect their digital data from security and privacy threats at home, at work, and on the road. These include chronic threats such as malware and phishing attacks and emerging threats that exploit cloud-based storage and mobile apps.”

He added that more simply the book demonstrates “what not to do as a way to lead the reader to develop safer, more secure habits in the digital world.”
The 10 don’ts are: don’t get phished; don’t give up your password; don’t get lost in the cloud; don’t do secure things from insecure places; don’t look for a free lunch; don’t let the snoops in; don’t be careless when going mobile; don’t use dinosaurs; don’t trust anyone over… anything; and don’t forget the physical.