310 likes | 459 Views
Planning and Conducting An IT Security Conference Two Approaches. Robert Ono, University of California, Davis Theresa Semmens, North Dakota State University, Fargo. Information Security Training Conferences. A Component of a Broader Information Security Program Several Options Available
E N D
Planning and Conducting An IT Security Conference Two Approaches Robert Ono, University of California, Davis Theresa Semmens, North Dakota State University, Fargo
Information Security Training Conferences • A Component of a Broader Information Security Program • Several Options Available • Schedule: One-time vs On-going • Focus: Technical vs Management • Format: Lecture vs Hands-on Instruction • Funding: Internal vs External Sponsors • Location: Off-site vs Campus Facilities
Key Planning Areas • Conference Coordination Staff • Identification of Key Objectives • Program and Budget Planning • Integration with Sponsors • Event Logistics/Facilities • Determining Session Content • Project Management • Post-Conference Evaluation
Two Examples • IT Security Symposium, UC Davis • Biennial Schedule • Next Conference, June 22-24, 2005 • Registration Limited to University of California Staff • IT Security Conference, North Dakota State University • Annual Schedule (Tentative) • Next Conference, November 3, 2005 • Registration open to IT staff in K-20, public , private, and tribal
2005 IT Security Symposium, UC DavisConference Planning Committee • Campus IT Security Officer, Chairperson • University Participation from Technical Staff • School of Veterinary Medicine • Deans’ Office, College of Letters and Science • Dean’s Office, College of Agricultural and Environmental Sciences • Computer Science Department • Plant and Environmental Sciences Department • University of California, Office of the President • Classroom Technology Specialist, IET • Communication Specialist, IET • Administrative Specialist, IET • Project Management, IET • Contract Web Developers
2005 IT Security Symposium, UC DavisFormal Objectives • Discuss Relevant/Timely Security Topics for System/Security Administrators, • Provide Hands-on Lab Training Opportunities for Security Knowledge/Skill Advancement • Promote Sharing of Local Security Knowledge and Expertise • Provide a Networking Opportunity Among Registrants • Serve Technical Audience of 75% UC Davis and 25% Other UC campuses • Maintain An Affordable Conference Fee ($100 or less)
2005 IT Security Symposium, UC DavisConference Format • Two and a Half Day Conference • Single Keynote Speaker • Hands-on Instructional Labs (30 @ 3 hours each) • Campus Session Technical Presenters (6) • Sponsor In-Kind Technical Presentations (24) • Instructional Lectures (15) • Financial Sponsor Sessions (5) • Networking Opportunity – BF/Lunches • Registration Fee ($85)
2005 IT Security Symposium, UC DavisProject Schedule – 32 Weeks Weeks 9-32, Weekly Meetings • Request Faculty Participation • Prepare/Release Call for Papers • Review Submitted Sessions • Finalize Session Content • Prepare/Release Online Registration & Communications • Finalize Catering Order • Finalize Speaker Honorarium • Prepare Conference Handouts/Shirts/Bags • Prepare Instructional Labs • Arrange Proctors & Registration Staff • Conduct Conference • Post Evaluation Weeks 1-8, Bi-Weekly Meetings • Define Objectives • Establish Event Format and Calendar • Prepare Budget • Determine Sponsor Participation • Identify Resources for Event • Instructional Rooms • Catering • Keynote and Overflow • Audio/Visual Requirements • Proctors • Establish Subcommittees • Prepare Communication Plan • Initiate Development of an Online Registration System • Solicit Sponsors & Keynote
2005 IT Security Symposium, UC DavisCommunication Plan • What Are The Key Messages? • Who are Target Audiences? • Who Can Help Spread Messages? • Web Sites – Informational and Registration • Announcements – Registrants/Vendors/Speakers • Publications – Organizational and Institutional • Graphics • Signage • Acknowledgements
2005 IT Security Symposium, UC DavisConference Sponsors • Financial Sponsors • Two Levels, $7,500 and $3,000 • Independent Session Opportunity • Material Display Opportunity • Corporate Logo on Conference T-Shirt • Instructional Session Sponsors • Technical Instruction Demonstration • Material Display Opportunity • Corporate Logo on Conference T-Shirt
2005 IT Security Symposium, UC DavisBudget (2.5 days) • Ten Win/Mac/Linux/Solaris Computing Labs $ Donated • Food (2 Lunch, 3 Breakfasts, 2 Afternoon Refreshments) $13,750 • Door Prizes ($1,000 Instruction Cert x 6 and Texts) $ 5,250 • External Developers, Conference Web Registration $ 3,500 • Keynote Speaker – Streaming Video $ 3,000 • Conference T-Shirts (275) $ 2,500 • Session Speaker Gratuity (UC Speakers) $ 2,000 • Duplication/Office Supplies $ 1,000 • Facility Setup (Labor/Fees) $ 1,000 • Facility/Space Rental $ 1,000 • Speaker Appreciation Dinner $ 1,000 • Conference Polo Shirts (20) $ 650 • Bus Transportation During Event $ 500 • Keynote Speaker Gratuity $ 100 • Contingency Fund $ 3,000 • Revenue – Projected Registration Fees $18,000 • Revenue – University of California, Office of the President $ 5,000 • Revenue – External Sponsors $18,000
2005 IT Security Symposium, UC DavisSponsors and Session Contributions • Instructional Sponsors • Apple Computers • OSX Tiger – New Security Features • Securing OSX • IS Inc. Certified Training • Securing Windows Server Active Directory • Securing Windows Server 2003 • MacTrainers Certified Training • OSX Basics • OSX Security • Microsoft • Implementing Windows Update Service • Secure Configuration of Windows 2003 • New Horizons Certified Training • Ethical Hacking Techniques • Sun Microsystems • Solaris 10.x • Implementing Solaris Security Toolkit • Financial Sponsors • Dell and Tipping Point • Application Infrastructure and Performance Protection • KPMG International • Business Improvement and Technology Implementation • Microsoft Corporation • NEC Solutions America • Simplified Password Management and User Identification • Sophos • Assessing Security Risks • Teros • Understanding and Preventing Web Application Attacks
2005 IT Security Symposium, UC DavisUC Faculty/Staff Presentations • Campus Firewall Services • Converting Policy to Reality • Deploying Tripwire – A Change Auditing and Security Tool • Establishing A Virtual Private Network • Improving Unix Security – Advanced Topics • Introduction to Computer Forensics • Intrusion Detection with Open Source Tools • Planning, Staffing and Sustaining a Secure Department IT Function • Running a Secure Fedora Linux Machine Identifying Unix Compromises • Vulnerability Scanners to Intrusion Prevention – What’s Next • UC Davis Information Security Standards
2005 IT Security Symposium, UC DavisCurrent Status • Registration Open: April 4, 2005 • Conference Web Site: http://itsecuritysymposium.ucdavis.edu/ • Conference Registration Site: https://secure.ucdavis.edu/securitysymposium/
2005 IT Security Symposium, UC DavisLessons Learned • Start Planning Process Early • Financial and Content Sponsors • Requires Objective Approach – Somewhat Similar to An RFP • Consider Sponsor Interests • Sponsorship Levels • Lots of Follow-up Required • Timing of Financial Sponsor Sessions • Local Networking Opportunities During the Conference • Computing Lab Setup • Review Post-Conference Evaluations for Suggestions
2004 IT Security Conference, NDSU, Fargo“A Call to Action” • Conference Demographics • Dual Population Base • Provide and information and networking resources for • Colleges and Universities in a tri-state area • Rural area schools, K-12 in a tri-state area • Dual Audience and Purpose • Provide information and training to: • Technical staff • Administrative staff • Conference hosted off campus • Presenters fees were “no charge” or local expertise
2004 NDSU IT Security Officer, Co-Chairperson EduTech Director, Co-Chairperson ND University System IT Security Officer NDSU ITS Management: Director, Policy Management Communications Specialist HR Specialist 2005 All of those for 2004 plus: EduTech: EduTech Help Desk Manager EduTech Coordinator of Network Services 2004 IT Security Conference, NDSU, FargoConference Planning Committee
2005 IT Security Conference, NDSU, FargoFormal Objectives • Increase awareness of IT security issues and solutions • Discuss best practices in the areas of policy, technology & operations • Increase networking opportunities with peers • Provide workable solutions for those institutions on a “shoe-string” / non-existent IT security budget • Serve a broad technical/administrative audience • Minimal Conference Fee – Many K-12 lack funding • Location – Learning Labs?
Keynote Speaker IS Risk Management – Challenges and Strategies Two panel discussions Network Authentication Patch Management Three general sessions Forensics, Wireless, MSUM solutions Luncheon speaker Windows XP Service Pack 2 in the Educational Community No Vendor booths Keynote and last general session - vendors, no product promotion Used a mix of outside and institutional expertise IT Security Conference, NDSU, FargoConference Format - 2004
Single Keynote Speaker Breakout session – two tracks – six sessions Administrative Technical One panel discussion Two general sessions Vendor booths set up from 10 AM to 2 PM Networking opportunity – BF/luncheon Registration fee ($75.00) IT Security Conference, NDSU, FargoConference Format - 2005
2005 IT Security ConferenceCommunication Plan - NDSU • Key Messages for Target Audiences • Web Site (http://its.ndsu.nodak.edu/security/conference-05/) • Information, Announcements • Registration Form • Publications – Organizational and Institutional • Signage • Forms – participant, sponsor, vendor, presenter • Acknowledgements
2005 IT Security Conference Sponsors - NDSU • Vendor Sponsorships • 2005 Conference • $500 • 2004 Conference • Symantec $500 • DakTec $500 • Cisco $1000
2005 IT Security Professionals Conference Schedule (tentative AM) Time Session 7:30 Registration 8:00 Welcome 8:30 Keynote Address – Dr. Kevin Streff, SDSU, Information Assurance 9:30 General Session – Jack Suess, Spam, Initiatives & Research 10:50 Panel Discussion – Secure Management of Wireless Networks 11:45 Luncheon & Vendor Visitation
2005 IT Security Professionals Conference Schedule (tentative PM) Breakout Sessions Track A Track T 1:00 First Response for Incidents Dr. Steven Gribble – “Security on the Move” 2:00 Dr. Huirong Fu – Cisco – Wireless War driving Information Assurance 3:00 John Weaver – ISO 17799 Dr. Steven Gribble – Measuring Spyware at the UW General Session 4:00 STAGEnet, Dan Sipes, ITD, State of North Dakota
Information Security Training Conferences - NDSU • Committee Morale • Taking Ownership • Marketing the conference • Conference Evaluations – Important • Planning for the next time • Annual/Bi-Annual? • Solid working relationship with conference location representative • Participants valued: wireless Internet access & the food!