Issue 14 Final
Transcript of Issue 14 Final
-
8/4/2019 Issue 14 Final
1/36
ISSU E NU M B E R 1 4
An (ISC)2 Digital Publication
www.isc2.org
Why individuals and business units buy technologywithout the IT departments knowledge, the problemsit creates, and what can be done to stop it.
e Phenomenon
that isShadow IT
-
8/4/2019 Issue 14 Final
2/36
Computer Science
Educational Technology
Information Security
Information Systems
Information Technology
The password to your future is NSU.
NovaSoutheasternUniversityadmitsstudents
ofanyrace,color,sexualorientation,andnationalorethnicor
igin.
NovaSoutheasternUniversityis
accreditedbytheCommissiononCollegesoftheSouthernAssociationofCollegesandSchools(1866SouthernLane,Decatur,Georgia30033-4097,
Telephonenumber:404-679-4501)toawardassociates,bachelors,masters,educationalspecialist,anddoctoraldegrees.
The Graduate School of Computer and Information Sciences at Nova Southeastern University
offers forward-thinking educational programs to prepare students for leadership roles in information
technology. Designated as a National Center of Academic Excellence in Information Assurance
Education by the U.S. National Security Agency, we offer rigorous educational programs with flexible
formats for working professionals, state-of-the-art facilities, and a distinguished faculty. In this diverse
and dynamic field, our graduates are achieving success in the military, government departments,
and universities nationwide, as well as at top companies.
HOW WE STAND OUT
Designated a National Center of Academic Excellence in Information AssuranceEducation by the U.S. government since 2005
Pioneer of online education since 1984
Earn your graduate certificate, masters degree, or Ph.D degree in information security
IEEE members receive tuition discounts
Apply today and advance your career at: www.scis.nova.edu/isc
-
8/4/2019 Issue 14 Final
3/36
COVERPHOTOBYTOM
MERTON
;ABOVEILLUSTRATIONBYIKONIMAGES/ROBINH
EIGHWAY-BURY
[features]8 The Phenomenon that
is Shadow ITWhy individuals and business units
buy technology behind ITs back,
the problems it creates, and what
can be done to stop it.
BY PETER FRETTY
12 The Rules of MobileDevice ProtectionHow to spend the money securing
mobile devices in the enterprise.
BY JOHN SOAT
18 Being a Team LeaderHow to Deal with Awkward
Situations and Challenging
Personalities.
BY MARIE LINGBLOM
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 1
issue 14
[also inside]3 (ISC)2 Makes a Strong Push
Executive Letter From the desk of (ISC)2s Directorof Professional Program Development.
4 FYIMember News Read up on what (ISC)2 membersworldwide and the organization itself are doing. 7 Attendance Reveals Malware Still a Hot TopicViews and Reviews Highlights from (ISC)2sevent moderator.
16 Inaugural (ISC)2 Security Congress at a Glance
21 Securing GovernmentQ& A Lou Magnotti discusses security challengesand concerns in the government sector.
23 2011 (ISC)2 Education Resource Guide
32 A Call for Best-Practice FrameworkGlobal Insight Security standards to mitigate securitygaps in applications. BY LARS MAGNUSSON
2011 VOLUME 2
InfoSecurity Professionalis published by IDG Enterprise Custom Solutions Group, 492 Old Connecticut Path, Framingham, MA 01701 (phone: 508 935-4796). The information contained in this publicationrepresents the views and opinions of the respective authors and may not represent the views and opinions of (ISC) 2 on the issues discussed as of the date of publication. No part of this document may bereproduced, stored in or introduced into a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise), or for any purpose, without the express writtenpermission of (ISC)2. (ISC)2, the (ISC)2 digital logo and all other (ISC)2 product, service or certification names are registered marks or trademarks of the International Information Systems Security CertificationConsortium, Incorporated, in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. For subscriptioninformation or to change your address, please visit www.isc2.org. To order additional copies or obt ain permission to reprint materials, please email [email protected]. To request advertising information,please email [email protected]. 2011 (ISC)2 Incorporated. All rights reserved.
To view this issue
online, visitwww.isc2.infosecpromag.com
18
-
8/4/2019 Issue 14 Final
4/36
collocated with
SecurityCongress2 0 1 1
Premier Media Partner
Sept. 19-22, 2011 Orlando, FL
Where Traditional and Logical Security MeetAnnouncing the rst annual (ISC)2 Security Congress, which will be collocated withthe ASIS International 57th Annual Seminar and Exhibits. This event promises to provideattendees ve days packed with education and networking opportunities, and willbring together security professionals from all disciplines, making it one of the largestsecurity conferences in the world.
700 plus exhibitors from both programs Around 200 conference sessions available throughout 22 education tracks Exclusive (ISC)2 Town Hall, Member Reception and Safe and Secure Online
volunteer orientation Open to all individuals in the information security profession Two-day Intensive Education Seminars for the CISSP and CSSLP certications
(ISC)2 exam on September 18th Free 1/2 day credential clinics for CISSP, SSCP, CAP and CSSLP Earn CPEs for attending the conference
Visit www.isc2.org/congress2011 for moreinformation and special member pricing.
-
8/4/2019 Issue 14 Final
5/36
(ISC)2 Makes a Strong PushSecurity congreSS and reSultS of Job taSk analySiS
offer memberS new and continuing opportunitieS.
Were quite pleased to launch (isc)2
s cg, w w b (isc)2 g
, ww v. i w b j- w asis i 57 a sm-
exb, m smb 19-22 o,
F. T g mmb
m, xg wk. W (isc)2
x m , , gv-
, asis kw
b
. t m
m .
i v v-
g v, i g -
g . a g 16, m g
w b .
t m g-
, v: www.2.g/2011/
d.x
Mw, w
v Jb tk
a (Jta) cissp sscp .
T Jta g m m v
. W , w w v
w g xm v
mmb -- m . W g Jta v
, g:
1. W Jta wkg
, isc, k bk
gg. i m w
w mb,
m mg.
2. W b g 20- ,
g mmb, x, v m cBK cmm. T g
m w , vwg xg xm
b b , vg 10 m
bm, g bk m
g m.
3.
W v m w g. i
b
72,000 cissp. T v m
g. T , w
cissp v 22 .
4. T m b
m. dg
g, g
g k v g
mk .
o v
m, w xm b
m c
im B (ciB), w
m m . W
ciB x m
b w f xm,
g g v
vw b kg xm.a , w wg ciB
cissp, 2012 w
w xm. T csslp w w, w b
b b 2012.W v Jta . i g bv
b w am n s
i . o w b
G s .
i s cg
smb bk Jta.
s,
d. Vb t
cissp, csslp
Director of Professional Programs Development
(ISC)
2
iSSue number 14 inFosecurity proFessional 3
xv from the deSk of the (iSc)2 director of
profeSSional programS development
-
8/4/2019 Issue 14 Final
6/36
(ISC)2MEMBERNEWS
fy
4 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14
PHOTOB
Y
IMAGE
SOURCE/CORBIS
(ISC)2ISPROUDtohavewonthe
2011SC
MagazineBestProfessionalTrainingProgram
award.edistinctionwasannouncedduring
RSA2011inSanFrancisco.(ISC)2hasnow
wonveawardsfromthismagazine, including
twointhecategoryofBest Professional
CerticationProgram.
Wearehonoredandthrilledtoreceiveanotherpr
es-
tigiousawardfromSCMagazine,saysW.HordTi
pton,
CISSP-ISSEP,CAP,CISA,executivedirectorof(ISC
)2.
Inthedynamicinformationsecurityprofession,d
omain
knowledge andongoingeducationplaya criticalro
leinour
membersabilitytoeectivelypreparefor threatsa
ndsafe-
guardagainstthem.Itsextremelysatisfyingtobere
cognized
foroureortstoprovidethemhigh-quality,currentand
convenient educationoerings.
EducationProgramWinsAward
-
8/4/2019 Issue 14 Final
7/36
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 5
RepresentingLatin America
(ISC) RECENTLY ESTABLISHED aLatin American Advisory Board(LAAB), which includes senior
information security professionals.e LAAB will address workforceissues and provide assessments andinsights into the information secu-rity profession in the region.
Members include:
Gabriel Bergel,CISSP, head of IT security, ING
Willian Caprino, CISSP, co-founder and chairman,you shot the Sheri (information security confer-ence); information security specialist , Cielo
Gerardo Castillo, CISSP, IT infrastructure
manager, National Instruments
Daniel Diniz, CISSP, information security o cerfor MAC
Geraldo Fonseca, CISSP, corporate informationsecurity o cer, Operador Nacional do SistemaEltrico (ONS)
Walmir Freitas, CISSP, chief information securityo cer, Ernst & Young
Jefferson Gutierrez, CISSP, manager of Informa-tion Protection Services practice, KPMG Colombia
Ivan Martinez Ivanov, CISSP, director identity
management, IRS Mexico Francisco Milagres, CISSP, senior manager, IT
Advisory Services, KPMG Brazil
Kleber Melo, CISSP, deputy security o cer at LAMHSBC Bank and LAAB co-chair for (ISC)2
Nelson Novaes Neto, CISSP, chief security o cer,UOL Diveo
Anderson Ramos , CISSP-ISSAP, ISSMP, SSCP,business development for Latin America and LAABco-chair for (ISC)2
Ramiro Rodrigues, CISSP, chief security o cer
for BT Latin America Ezequiel Sallis, CISSP, senior information security
specialist, Root-Secure Director
Sergio Torrontegui, CISSP, informationrisk manager, AXA
e LAAB most recently met in April, anddiscussed how (ISC)2 can help support itslocal members.
Its important that professionals in LatinAmerica have a prominent voice so that wecan meet the evolving demand for skills, saysW. Hord Tipton, CISSP-ISSEP, CAP, CISA,executive director of (ISC)2. We hope that byworking with the members of the LAAB, (ISC)
can have a positive impact on the obstacles theregion is facing to foster a skilled informationsecurity workforce.
A Global BoardF O R T H E F I R S T T I M E , the (ISC)2
Board of Directors Executive Committeecomprises only of non-U.S. representatives.
The committee includes:
Diana-Lynn Contesti, CISSP-ISSAP,
ISSMP, SSCP, chairperson (Canada)
Freddy Tan, CISSP, vice-chairperson
(Asia)
Richard Nealon, CISSP, SSCP, CISM,CISA, secretary (Europe)
Flemming Faber, CISSP, treasurer
(Denmark)
More information is available at:
https://www.isc2.org/PressRelease
Details.aspx?id=7435.
1st Annual Security Congress 2011See pages 16 17 for the Security Congress 2011 at a glance. Collocated with the
ASIS International 57th Annual Seminar and Exhibits, this event will bring education and
networking opportunities to the largest security conference in the world.
-
8/4/2019 Issue 14 Final
8/36
6 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14
A LeadershipVote
A Scholarly Eort( ISC) AWARDS SCHOLARSHIPS to supportthe research and career aspirations of studentsand faculty who are conducting critical research
and propelling the information security profes-sion forward. e 2010 recipients include:
Tim Vidas, CISSP, Carnegie MellonUniversity, Pittsburgh, U.S. Tim was awardeda travel grant to present his paper on the needfor and creation of a digital forensics memorycorpus at the HICSS-44 conference, whichwas held in January 2011.
Oscar Castaneda, CISSP, SSCP, DelUniversity of Technology, Del, Netherlands.Oscar was awarded a grant for his research
in application security. Cheng Yueqiang, Singapore Management
University, Singapore. Cheng was awardeda grant for research in cloud computing(virtualized-based security).
N O M I N A T I O N S F O R T H E 2 0 1 1 (ISC)2
U.S. Government Information Security
Leadership Awards (GISLA) are open through
July 29. Please nominate a deserving federal
information security leader in one of the
five categories: Community Awareness;Federal Contractor; Process/Policy
Improvement; Technology Improvement;
Workforce Improvement.
For more information or to nominate, visit
www.isc2.org/gisla .
Register atwww.informationsecurityasia.com/register . (ISC) members will earnup to 16 CPE credits; dont forget to enter your certification number upon registration.
E-mail [email protected] for any inquiries.
NOW IN ITS 6th YEAR, (ISC) SecureAsia is Asia-Pacics most inuential gathering of information security
professionals. Endorsed by the Ministry of Communication and Information Technology and the Ministry
of Defense of the Republic of Indonesia, SecureAsia@Jakarta will cover key information security issues that
organizations need to address in todays environment of rapidly changing technology, coupled with the grow-ing sophistication of cyber threats and attacks. Senior information security professionals from government,
industry and academia will provide insight into the measures that organizations should take to protect their
information assets from both internal and external threats. Join information security experts at SecureAsia@
Jakarta and equip yourself with knowledge that you can use in the work place.
-
8/4/2019 Issue 14 Final
9/36
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 7
Management Team
Elise YacobellisExecutive Publisher
727 683-0782 [email protected]
Timothy GaronPublisher
508 529-6103 [email protected]
Marc G. ThompsonAssociate Publisher
703 637-4408 [email protected]
Amanda DAlessandroCorporate Communications Specialist
727 785-0189 [email protected]
Sarah BohneSenior Communications Manager
616 719-9113 [email protected]
Judy LiversSenior Manager of Marketing Development727 785-0189 x239 [email protected]
Sales Team
Christa CollinsRegional Sales Manager
U.S. Southeast and Midwest352 563-5264 [email protected]
Jennifer HuntEvents Sales Manager
781 685-4667 [email protected]
Lisa O'ConnellRegional Sales Manager
IDG Media Team
Charles LeeVice President, Custom Solutions Group
Amy FreemanProject Manager
Anne TaylorManaging Editor
Joyce ChutchianEditor
Lisa O'ConnellManaging Editor
781 460-2105 [email protected]
Kim HanArt Director
Lisa StevensonProduction Manager
ADVERTISER INDEX
EC Council . . . . . . . . . . . . . . . . . . . . . . . p. 20EWF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p.31IEEE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p. 11Interop . . . . . . . . . . . . . . . . . . . . . . . . . . . . p. 22ISACA . . . . . . . . . . . . . . . . . . . . . . Back Cover(ISC)2 . . . . . . . . . . . . . . . . . . . . . . . . . . p. 2; 15Nova Southeastern . . . .Inside Front CoverTraining Camp . . . . . . . . . . . . . . . . . . . . . p. 24Tripwire . . . . . . . . . . . . . . .Inside Back CoverUMUC . . . . . . . . . . . . . . . . . . . . . . . . . . . . p. 27
For information about advertising in this
publication, please contact Tim Garon [email protected].
AS THE YEAR has gained momentum, Ive been reecting
on the (ISC)2 inkT@nk events that have been held since
the last issue of this magazine. Based on the sheer number of
people who attended the two roundtables on malware and the
volume of questions that were posed, I believe that this threat
is not yet behind us. With some labs reporting up to 60,000
pieces of new malware identied each day, I guess it should
come as no surprise.
In the Old reats, New Vectors seminar, we dug into theshiing danger of malware and how it is creeping in through
Web applications. Many malware attacks come through web-
sites we visit every day; when they appear on social media sites
such as Facebook, they exploit our users trust in their own social networks. Does
this trend point to the obsolescence of traditional user awareness training? Find
out more by checking out this seminar in the archive:
http://bit.ly/OldreatsNewVectors.
While security concerns seem to be what is holding back rapid cloud adoption,
I continue to nd it interesting how much security technology we are pushing
outside of the enterprise. It all started with vulnerability scanning many years ago,
and as we discussed in the Inside Out roundtable, a move is afoot to migrate
malware protection beyond our perimeter. As more and more threats come inthrough the Web, these proxy-based models make sense as an additional layer of
protection, especially for the mobile workforce. You can view the archived event
here: http://bit.ly/InsideOut-MovingMalwareProtection. I think youll nd this
discussion interesting, as it touches not only on the technical implications of such
a model, but also on the impact that similar services can have on us as information
security professionals.
As I prepare for the second half of the year, I look forward to watching the
continued evolution of our shared profession and await your insightful questions
in the next (ISC)2 inkT@nk.
Brandon Dunlap, Managing Director of Research, Brighty
moderators cornerVIEWS AND REVIEWS FROM (ISC)2'S EVENT MODERATOR
Dont forget to take the quizand earn CPEs:
http://bit.ly/igN8AM
For a list ofevents (ISC)2 iseither hosting orsponsoring, visitwww.isc2.org/events
Attendance RevealsMalware Still a Hot Topic
-
8/4/2019 Issue 14 Final
10/36
Peter Frettyinvestigates
why individuals and business
units buy technology behind ITs
back, the problems it creates,
and what can be done to stop it.
8 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14
e Phenomenonthat is
-
8/4/2019 Issue 14 Final
11/36
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 9
is practice, known as shadow IT, is far more common than many IT profes-
sionals would like to admit. In many cases, either individuals or departments are
not aware of the approval process to insta ll their own soware. Or, they may be
aware of the process but think it is ineective or takes more time than is available to
them, says Chris Trautwein, CISSP, information security o cer for (ISC)2. Some-
times they go outside of IT because the IT department says no to their technology
request, yet they still believe they need the specic soware.
Another reason is that privileges are not set properly on individual computers.
For instance, when the user has [Microso] XP installed on their computer, this
situation makes the user a local administrator, he adds. e result is a lack of tech-
nical control to stop the user from installing unapproved soware. is is probablythe most common reason.
All companies, no matter what size, are susceptible to shadow IT. And the
increase in cloud computing oerings has complicated the already touchy issue,
says Irfan Saif, a principal with Deloitte Consulting LLP. Most recently, the growth
of shadow IT has been facilitated by the range of feature-rich tools available through
channels such as the cloud, where collaboration, social media, and other tools such
as VoIP and SaaS applications are all easily available, and can be procured and inte-
grated into current business practices without ITs involvement, he says.
The Problems with Shadow IT
e reverberations of shadow IT purchaseshigher security management costs;
compliance inconsistencies; and the potential for data breachescan be painful.
Shadow IT organizations, which may not be as mature from an enterprise opera-
tions point of view, may not properly consider data protection, business resiliency
needs, intellectual property risks or even the appropriate legal and compliance con-
structs within their contracts, says Saif. Not only does this ultimately prevent risk
managers and auditors from having an accurate picture of the situation, but it also
elevates the risk prole and potentially will cost the company more money in terms
of operational and management costs to identify and deal with these environments,
oen inconsistently.
Of course, the impact on the organization can vary signicantly depending on
the type of soware installed or the services contracted, explains Trautwein. Dataleakage is understandably one of the biggest concerns, especially since its impossible
enabling better customer service and enhancing revenue
generation. But when IT and security departments cant
keep pace with technology, problems arise. Sometimes
individuals or entire business units go rogue, in a sense,
purchasing new soware or systems without involving IT.
Technology can be an impetus to gaining competitiveadvantage,
PHOTO
BY
TOMM
ERTON
-
8/4/2019 Issue 14 Final
12/36
10 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14
to secure the unknown, he says. But there is also
the issue of improper licensing, which can open the
organization up to a number of compliance issues.
e other concern is the patching problem; you
cannot patch applications you do not know are
installed. Again, this can lead to serious vulner-
abilities capable of crippling an organization.
How to Gain Control
Aer acknowledging its existence, it is crucial for
IT and security leaders to take steps to eliminate
occurrences of shadow IT:
Create an Enforceable Policy. Every
organization needs an acceptable use policy that
clearly indicates what users are allowed to do
without IT approval, including soware installa-
tion and using third-party sources. Beyond hav-ing a policy, its important to have users actually
sign a compliance statement that indicates they
understand the policy and that they agree to abide
by it, Trautwein says.
At the same time, the IT department needs
to be very responsive to the needs of its users, he
adds. When you are responsive, you can eliminate
users circumventing policies. It helps to be involved
and treat users as customers with service level
agreements. Outline how rapidly you will provide
responses to their requests and stick to the agree-
ment. Users appreciate when you are on the samepage as them.
To facilitate policy creation and enforcement,
Pamela Fusco, vice president of International
Information Systems Security Association, recom-
mends starting an internal security roundtable.
Its an excellent opportunity to bring in represen-
tatives from each of the business units and discuss
the policies from a corporate, geographical andindustry perspective, she says. Everyone gets to
see the big picture and collaborate, while setting the
stage for business units to adopt standard security
practices. Of course, for this to succeed, you need
to understand it takes a true culture shi. e word
security itself causes walls to come up, but you
need to have a positive attitude to help the shi.
From a technical point of view, security profes-
sionals must congure user systems or accounts
with proper privileges, says Trautwein. Its crucial
to make sure users lack the ability to install soware
on their systems rather than allowing them to serveas local administrators, he says. If the company
upgrades individual systems to a more modern
operating system, it is much easier to issue user-
level access. is is one of the most crucial steps.
Focus on Enabling. The security team
should focus on enabling business units and edu-
cating the entire organization about the dangers of
shadow IT practices. It is securitys job to make it
clear that business units need to analyze whether
or not their siloed decision introduces a risk that
can bring the whole company down, rather than
simply aecting one business unit, Fusco says.When you are focused on revenue generation, it
Demonstrating that IT can
be an enabler, as opposed
to an obstacle, and can
help provide support andultimately manage
cost and risk within the
organization should help
reduce the occurrence
of shadow IT.
Irfan Saif, principal, Deloitte Consulting LLP
PHOTO
BY
MONALYNG
RACIA/CORBIS
-
8/4/2019 Issue 14 Final
13/36
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 11
can be di cult to see the big picture.
Ultimately, the emergence of shadow IT
should serve as a lesson to IT professionals that it
is important to recognize when to let go of legacy
systems, she adds. We need to look at what we
refuse to let go. Sometimes its the users who help
us evolve. When we hold legacy systems as critical
applications for too long, it can open the organiza-tion up to massive risks.
Saif recommends information security profes-
sionals capitalize on the fact that support is an area
where shadow IT functions often struggle. The
key is to avoid punishing and focus on enabling.
Coming to their assistance opens the door to
establishing a solid, sustainable connection. e
challenge, however, is always speed and whether
IT can move fast enough to meet the needs of the
businessa key driver for shadow IT groups in
the rst place, says Saif. Demonstrating that IT
can be an enabler, as opposed to an obstacle, and
can help provide support and ultimately manage
cost and risk within the organization should help
reduce the occurrence of shadow IT.
Stay Engaged. By being proactive andengaged throughout your organization, its pos-
sible to prevent business units from creating
shadow IT environments in the rst place, says
Saif. CIOs and CISOs must strive to develop an
inclusive enterprise process with the input of key
business stakeholders to capture the needs and
desires of the business and enable them, while
keeping security, data privacy, business resil-
Become an
IEEE Certifed BiometricsProessional
Learn more and register today!www.IEEEBiometricsCertifcation.org
Why CBP?
The IEEE Certifed Biometrics Proessional (CBP)
program has two major components: Certifcation and
Training. Proessionals and organizations can
both beneft rom the IEEE CBP program.
Key advantages are:
nProve your knowledge
nIncrease your credibility
nLearn a baseline o industryknowledge
nTrain employees
nGain a competitive advantage
ience, compliance and other risks in
mind. This process must also enable
swift decision-making, particularly
when the business needs relate toquickly procuring or building certain
services, or start ing up platforms for
development and testing.
A common example is the procure-
ment of cloud computing applications.
Oen, IT is unable to approve or pro-
vide alternatives quickly enough, says
Saif. Consequently, the business moves
forward without IT having any visibil-
ity or involvement. In instances where
established processes are insu cient to
meet business unit needs, exceptionsshould be approved, but managed with
the support of IT.
According to Trautwein, engage-
ment means IT and security must secure
an active role in organizational manage-
ment. is way, as important changes
happen throughout the organization,
you are a part of facilitating strategic
changes instead of always reacting, he
says. is is a big step in helping other
business units avoid relying on third-
party sources.Information security professionals
need to understand where the company
is headed if IT is going to realistically
plan its assets, asserts Fusco. Where isthe company going, where does it want
to be in three years and what will the
competition and industry look like in
three years? Engagement is the only
way we can accurately answer these
questions.
Peter Fretty is a freelance business andtechnology writer based in Michigan.
-
8/4/2019 Issue 14 Final
14/36
12 InfoSecurIty ProfeSSIonal ISSUE NUMBER 14
IllUS
tRatIo
N
By
G
o
RDo
N
StU
DERThe rules of mobile device
protection
-
8/4/2019 Issue 14 Final
15/36
ISSUE NUMBER 14 InSI PSSIn 13
Mobile-device related security
threats
w. I 2010 I S
T p, w Sm-
m 163 -
g 2010 k
g p mp
g pp m p-
m. T p m 115 2009.Im p-
m mg k m
mmm. , p
I g
m
. CSO mgz -
58 p x-
p g m
2011, g
13 p.
mm w
p .
Widespreadand GrowinGn - .S. 12
w mp, g
M 2011
. g BI
, m mp
pp ww 2010300 m
p ggg 71 p jmp
m .g p
p mp p -
m. mp g w
k g p-
g m-
p . , p-
g, w p
m w wk. T p
p gz
mp m m-
pg g pw
, g mmgm Mm. I
300 I p
Mm, 78 p m
kw -
p wk. T
k p p
g wk,
p g k.
I mk g p
pp. M -g gwg I
mkp.
xmp, Dm m
p m kM S $19.5 m
g. p 2011
m T M , S-
p M -
m w ,
p w
ww p w m
p g pm P-, -, wk-
, gg
pp g.
whats the problem?n mm m
mm g m
x mj k
m k.
w Jq p p-
- g T MS T w p
2010. H m p:
n T pm pg
m m w
P w (.g., Ww);
n M m
mp m
P;
n k g m
m
g.
T gm. T are g m pg -
m, g pp S, Gg, M Ww
P 7, IM BkB S.
T mk wg mw
m m mp
. Hw, p
pm m m m p-
m. BI p
w p 45 p mp mk 2016, w S
mg 19 p.
k k, g
m m
wm
P w 20 . B
g p pp
w mw mkg
w m m.
k, kw DDm, q
Gg xpg m 50
pp m pp m-kp, g p.
P pm w
w g
m p, p -
g, m M,
g S I-
, g m. S
p , . V
mgm
p p,
pp M D Mg-
m w. M f p p
m ppg .
what Needs To be doNe? pm w
m m ,
g M: ;
m ( w-
wk); (
P x).
w m :D g -m
Fun cng v t hcu vc n th nt. tk cfully bu p my,
v J s.
-
8/4/2019 Issue 14 Final
16/36
14 InoSecurIty ProeSSIonal ISSUE NUMBER 14
d s h ph, d d s
hig h ph h si ps, Ms ws.
ths gd dvi, ss Mik Hig-
gis, pss imi si
nhs uivsi i Bs,
b is qi mphsiv mbi
si sg. a m ssmipph is qid.
th is d bsiss wh i
ms sig mbi dvis i
h pis, dig Higgis, is
simp: gis hm. I w
i, hv g b gisd,h ss. T dmds si -
ig, idig whs sig i d wh
h sig i , h dds.
eig pis si s
h ms ik d i p
dii wk is (.g., i-
vis pds; oS pgds; ws) is
x h is, ss Higgis.
eig s d ppiis
d hid-p sw is spi
imp bs h ps h
smphs biggs si h dis ms ppig : h bii
dwd ppiis v h I.
app s 350,000-ps iPh pps
i is app S, d Ggs adid
Mk is pid xpdig. Kpig
d-ss hds his s v
hg is di, i impssib.
Idd, w wd hs d h
si xi: jibk. I ms
k h bi-i si s
smphs pig ssm
w gisd ppiis isid.Jibkig smphs is I-
g ids, wig ss
smiz hi dvis d v swih
wk is.
T d bsiss i m-
phsiv mbi si sg
is ss pvi, ss Higgis. H
xpis h skid hk ss
smph d ik sm iss d
-mi i spisig sh m
im. I six mis [h hk]
w i, h ss. Si pssisms b b k dw s mbi
dvis d pm m wip
d, miimm b b mv mbi dms s w s -
d isigs d -mi his.
WhatsAvAilAble?
T is s b xpdig m-
kp mbi si hg.
is, lk Mbi S-
i s ivis sw h
adid, BkB, d Widws
Ph pms. Sm is mpig
p is mbi si sw igs.ad h gwig mb p
s ppiis idd mbi
si, pis Ms.
Si, imi si pssi-
s migh w sid hs sis
. Ts siv b his
s, ss Ms. hig,
hs dvis hv siiv pgm-
mig is, h ss, whih ms
hid-p si ppiis b
di impm, spi wh
ig spp h vis mbioS pms. Isd, hik i ms
pds i mbii ddss h
i sp h pbm, Ms ss.
th ssms mgig h
ip m h pbiiis
dd mg pg mbi
vim. cmpis sh s M-
mi, Mbi aiv Ds (MaD)
d Zpis mgm -
ss h ip d ig
si s sh s psswd p-
i, pi, ivis, im-w, wk ppii ispi,
d m-wip pbiiis.
Ts s ssms bk
h si sg i h h
h si mgm d s-
i pbiiis h ppi Bk-
B epis Sv, xp h sp-p vi mbi pms d
dvis, ss ei G, si -
s d dvis bd mmb
MaD. adig G, mph-
siv si ms kig h mbivim s wh. T h
ds b mppd , h ss.
Sm gizis d hikig g hs is. is,
u.S. d gvm g is i
h pss vig sh mbi
mgm/si ssms, ss
is si xivs. T mj
qims h g is sig isvi h wig:
n Mi-pm spp (
-BkB dvi pms)
n Whiisig/bkisig
ppiis
n cizd mgm wihdisibd dmiisiv ighs
n uss gps d s ppii
di dvi si piis
n ov-h-i m
n ov-h-i gi hgs
n Jibk di/gb
md sps
n rm b/disb/wip dvi
n abii vg xisig pig
ssms
Higgis ss h dsds h
dvgs mgmdvi spp h gig ifx
mbi dvis. hig, h mbi
dvi id b d bk. T
big h s, hw d w big hm
d ?
Whats the end GAme?
Ms mpis si i h
sgs idiig vbiiis, id-
iig mdii, d dv-
pig sg bkgds i mbisi, i ms pi, ss Ms.
u, giv h sgh
mbi dvis i h pis, hs
smhig bid-h--whi-h-
b-gs sii.
c sidi shd hp
imi si pssis i-
g iv sg wih ig-dg
mbi si hg spp
his w bsiss impiv.
John Soat is a freelance business andtechnology journalist based in Ohio.
Dont send anything in e-mail that you could say on the phone, anddont say anything on the phone that you can say in person.
Adam Meyers, director of cybersecurity intelligence, SRA International
-
8/4/2019 Issue 14 Final
17/36
Connect with us!
www.isc2intersec.com
https://twitter.com/isc2
www.facebook.com/isc2fb
Get a sneak peek into the CAP domains.
FREE for a limited time at www.isc2.org/previews.
TARGET:DoD Mandate 8570.1
ACTION:Learn the CAP
CBK
s the DoD Mandate in your crosshairs? Pull the trigger.
Watch these 10-15 minute webcasts, presented by
n (ISC)2 Authorized Instructor, which provide
n overview of what you should know before
taking the CAP exam. The webcast series focus on
unique aspects of the CAP including the value of the
certication, each of the 7 CAP CBK Domains,
and how to study for the exam.
-
8/4/2019 Issue 14 Final
18/36
16 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14
Cloud Security
Swiss Army Knife Tips, Tools and Techniquesfor the Well RoundedInfosecurity Professional Application Security
Session 2180 Next GenerationCloud Security Compliance
Session 2280 Using the CloudSecurity Alliance GRC Stack toattest vendor compliance
Session 2380 Cloud IncidentResponse
Session 3180 Architecting andBuilding a Secure VirtualInfrastructure and Private Cloud
Session 3280 Forensics andthe Cloud - Panel
Session 3380 Debate Collecting
of personal information fromthe Cloud
Session 4180 TBD
Session 4280 TBD
Session 2181 CriticalInfrastructure Protection& Risk Management
Session 2281 ManagingPrivacy and Security:The CISO/CPO Dialogue
Session 2381 Cyber-Security andthe Socio-Political Landscape
Going Beyond the Technology
Session 3181 Data Integrity Debate
Session 3281 TBD
Session 3381 Psychological
Principles in SocialEngineering
Session 4181 The Reality ofCyber-Centric Terrorism
Session 4281 TheRenaissance SecurityProfessional
Session 2182 Integrating SecurityConcepts into Systems andApplication Design
Session 2282 Software Security:Is OK Good Enough?
Session 2382 The Economicsof Failure
Session 3182 Security App-titude
Session 3282 Picking the RightTool for the Job: Using VendorTools to Aid in the Developmentof Secure Code
Session 3382 TBD
Session 4182 The UnintendedConsequences of Well-Intentioned Requirements
Session 4282 Integrating Securityinto the SDLC: EnterpriseSuccess Stories Panel
MondaySept. 19, 2011
11:00am 12:00pm
1:45pm 3:00pm
4:30pm 5:30pm
Tuesday
Sept. 20, 2011
11:00am 12:00pm
1:45pm 3:00pm
4:30pm 5:30pm
Wednesday
Sept. 21, 2011
11:00am 12:00pm
1:45pm 2:45pm
3:30pm 4:30pm
(ISC) Security Congress Collocated with the ASIS International
57th Annual Seminar and ExhibitsThe first annual (ISC) Security Congress offers invaluable education to all levels ofinformation security professionals, not just (ISC) members. This event will provideinformation security professionals with the tools to strengthen their security withoutrestricting their business. (ISC) and ASIS International have teamed up to bringeducation and networking opportunities to the largest security conference in the world.Register today atwww.isc2.org/congress2011.
Session 4380 Closing Keynote Session
-
8/4/2019 Issue 14 Final
19/36
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 17
PH
OTO
BY
VETTA
COLLECTIO
N
/ISTO
CKPH
OTO
Mobile Security &Social Networking
Governance, Regulationand Compliance Software Assurance
Session 2183 Yes You Can: How toSecurely Deploy and ManageEnterprise Mobile Devices
Session 2283 How to use Mobile DevicesCorrectly Setting Up SecurityGuardrails (Panel)
Session 2383 The Legal Ramificationsof Personal Mobile Devices in the
Workplace
Session 3183 The ABCs of Global MobileEnterprise Compliance
Session 3283 Mobile Applications:Assessing Mobile Risk
Session 3383 Impact of Social
Networking on Security Threats
Session 4183 Identify, Assess and MitigateSecurity Risks Associated with NewMobile Devices and Applications
Session 4283 TBD
Session 2184 A Practical Guide toImplementing a Risk ManagementStrategy
Session 2284 New and Pending GRCLegislation and how it Impact YourOrganization Panel
Session 2384 TBD
Session 3184 Control and Harmonizationof Compliance Efforts Across MultipleRegulations
Session 3283 Putting Your House inOrder Business IntelligenceGathered from 100+ SustainableGRC Implementations
Session 3384 Security Metrics and
Compliance
Session 4184 (4111) Information TechnologySecurity Council Series: Legal andCompliance Aspects of I.T. Panel
Session 4284 Lessons Learned from theFederal Trade Commission
Session 2185 Introduction to theSoftware Assurance Track
Session 2285 Measure Software Security
Session 2385 Why do Developers MakesThese Dangerous Software Errors?
Sessio n 3185 Improve your SDLC withCAPEC and CWE
Session 3285 Risk Analysis andMeasurement with CWRAF
Session 3385 Software Assurance Panel
and Wrap-Up
EXHIBITS:
September 19th 21st, 2011
(plus pre-conference eventson the 17th and 18th)
LOCATION:
Orange County ConventionCenter, Orlando, Florida, U.S.A.
REGISTER:
www.isc2.org/congress2011
-
8/4/2019 Issue 14 Final
20/36
illus
tration
by
ikon
images/robin
HeigHwa
y-bury
Complex projeCts oen equie he conibuion and collaboaion o people wih diveseabiliies, wok habis, and pesonaliies. Tey also equie a eam leade o make sue eveyhing uns
smoohly. Being an eecive eam leade is ciical in odays business wold, says Bob Hewes, a senio pa-
ne wih Boson-based Camden Consuling Goup. Tis is doubly impoan in inomaion secuiy, as
echnology is apidly changing. Youll need o daw on dieen people and expes all he ime, he adds.
When inomaion secuiy poessionals become eam leades, hey mus daw on hei vaied
expeiences, says Nelson Novaes Neo, chie secuiy oce, UOL Diveo (based in So Paulo, Bazil)and a Lain Ameican Advisoy Boad membe a (ISC)2. Fo pojec success, a eam leade mus possess
no only echnical compeency, bu also he abiliy o guide he pope developmen o behavioal
compeenciessuch as negoiaion, he says.
Good Leadership is Hard Work
I is you s ime leading a eam, how can you pepae yousel? Youll vey likely need o moivae
individuals who may be dicul, compeiive o even disupive. Youll have o mainain conol, bu have
fexibiliy o handle shiing pojec goals and deadlines.
A eam leade should hink abou he eam isel, no he pojec o he deliveables. Tey have o
ocus on geing a eam woking. Pa o ha is o ealize ha no eveyhing has o happen in omal eam
meeingsin ac many key hings happen pe- and pos-meeing, says Hewes.
Ensuing sakeholdes ae involved is anohe ciical sep. Fo example, i youe developing aninomaion secuiy pogam o he cusome conac cene, be sue o include key pesonnel om he
Being a Team Leader:
How to Deal withAwkward Situationsand ChallengingPersonalities
18 INFOSECUrItY PrOFESSIONAL issue number 14
-
8/4/2019 Issue 14 Final
21/36
ISSUE NUMBER 14 InoSecurIty ProeSSIonal 19
i sm pig migs.
Hws sggss skig hs skhds
i h sp is d whh
h g i. y d mk s
h higs k d h h s
igd wih h pj bjivs, ss
Hws. I , k i mii
igm wih gs.Is s imp h m
d hv sid kwdg h
m mmbs psiis d h-
isis, d pvid is
ppiis h dvpm
biiis d mpis, ss nvs
n. T d shd ws mm-
b h mivi s shd b
sidd idivid bsis. Wh
mivs ps migh mi-
v h; his is ii i
gd mgm.Mi h pgss h m
mmb, d giv spi, siv
d im dbk. Mk s h
pm isss disssd
p hp impv h ms
d m mmbsvi. Ts,
d is b x sss m
h pssi d m h wk,
ss nvs n.
ah sidi: D
h pss g v mpid d
d mh. T is dmi m mi d iv m
dship. Sm higs d p
d dvp v im, ss Hws.
Tis ds m h isss
ig, b jmpig v sig iss
v sd is hp ih.
Daling wit Fluctuation
T m d shd wd b
ppd hgs h migh
imp isk mgm, whh h
s m w hgis, g-is, s, dmi dis-
vis, ss nvs n. cig
mii pj m, h
d h di vi-
bs, pig d dvpig gs
msig ss, s w s dvis-
ig iv i ps wh x-
pd pbms dd.
Hws gs d dds h h k
is b w d xib. Tis gs
pig m v. nw, i i is
m h s h wi b g-ig hgs, h mb his shd b
g im [ mig gds]
h m disss, h ss.
I h pj sp di hgs,
h m d sid h m
mpsii, Hws ss. o shd
g k wh shd b
m. adjsm m mmbs
shd b md whim, b
mmbship shd b sidd
pm ih.
Activiti tat ImpovTam Ladip
Is imp s-im m d-
s pp hmsvs b dig
pi is d bks. I pi,nvs n sggss bmig mi-
i wih hm bhvi dvp-
m, idig iig, pshg,
d bhvi sis sh s g-
izi bhvi mgm. I is
v imp h m d shws
mi i his h ps-
si, di d ps ivi-is, ss nvs n. a m d
wh xhibis high s d
hsism is b smi g
d h m.
Mwhi, dds Hws, bsv
hs: Hw d h ds bh
iv d iiv ms wihi
gizi? T sss i
bh ss, h ss.
nvs n s sggss kig
dvg wk iviis. a
--wk g-gh sh s di sms hs, xmp,
h i d hm mg
m mmbs. y migh s sggs
im spig iviis, sh s
qik pik-p gm sb s,
miv d xp mwk, s-
d ivi.
Manag o B Managd
T bm i is h iv ds
ms b xib d mg
dif psiis isk wig
hmsvs b mgd b hm. Bh ds m big i,
ss Hws. T i bhv-
is h m ds shd vid,
idig:n givig giv dbk i
hs
n isig
n ivvig skhds
n gig hd wih
h id m gs
n pig m v
n wkig hgh dwih hs
tkig im d djs is
vi. eh m hs is w dvp-
ig h. lk wh is wkig
w d wh is, ss Hws. Tik
b wh shd d m , ss
, [wh shd] s dig, d
[wh shd] sp dig. Mk
djsms g h w d, bv
, is h m mmbs.
Marie Lingblom is a freelance technologyeditor and writer based in Massachusetts.
Team Leadership ChArACTerIsTICs
Nelson Novaes Neto suggests a team leader should develop a least a
ew o the ollowing characteristics to be successul:
n Gain knowledge o dierent cultures
n Establish and manage complex internal and external personal relationships
n Construct and maintain alliances to support internal and external initiatives
n Attempt to improve team cohesiveness and synergy under highlycomplex situations
n Seek and share inormation to support decision-making or plans, systemati-cally updating the members o the team on the latest developments
n Be a acilitator inside and outside the team, encouraging the resolutiono conicts and divergences
n Develop a policy o coexistence among the team, where membersthemselves defne acceptable and non-acceptable behaviors
-
8/4/2019 Issue 14 Final
22/36
-
8/4/2019 Issue 14 Final
23/36
issue number 14 InosecurIty ProessIonal 21
Q&aexperts address trending security topics
Public Versus PrivateLou Magnotti, cio of the u.s. house of representatives,
recently talked with InfoSecurIty ProfeSSIonal
about security challenges and concerns in the u.s.
government sector.
Q: What are the diferences in howinormation security is managed in
the U.S. government sector compared
with private industry?
Piv id i d
wih pig d , m-
p-iiv bi imi,
p idib im-
i (PII) mp d i,
d miiig pbii. T
gvm imi i
i i PII, g-iiv d, p,
d miig wihi bdg i.T bdg i p g mphi
h It dpm iip hgi
hg. a hdw d w hg, d
h i hg. Piv mpi
hv g w i pphig h hi -
i , xpiig h h d
hp ivig d q h impdig
pbm. o h h hd, gvm gi
m hv vi h g dpm
d m hi bdg ii h
It h im p h g
i reactive ii.
Q: What risks do you ace in the areas o cloud com-
puting, social media, and mobile technologies?
a h bigg pig d
mmii, w b imi d
hk. Kpig p wih h hgi
d h i impii qi d
p . nw dvi m
mi h pi m. T,
pii d pd m b d d kp
gdig h whg. cv, diw-
ig w dvi b -
i g big
b kp p wih h
dvpm. I h p, gv-
m gi w pivd
big bhid h im i h
w It dvi. td h
i h m h hd
pb d h d di mmii wih h piv
w bi.
Q: How can security proessionals across the globe
work together to combat security threats?
T m bvi w i h im h-
ig imi gdig bi i.
t m cIo viw i bh di
fi hi mp, d h
imp h mp img. Ti i -
pdiv. o d v h m-
p i m hgi dvm d
h kig hk/b imi. M pp
ppi p i mmiig h x dmg ppd d h mhd b whih
h pbm i big vd. sd, h i
d dd h ii p b
im. a wd gizi m b bihd
wih mmb hig imi d p-
hibiig h pi b imi m
pi, h iiig mbd
xdii. Ti gizi wd v
i im wh bim i gwig b
p d bd.
-
8/4/2019 Issue 14 Final
24/36
See the Future of IT at Interop
NEW YORKOCT. 37 // JAVITS CONVENTION CENTER
25% off discount applies to Flex Pass, Conference + Worshop and Conference Passes only.Discount calculated based on the on-site price and not combinable with other offers. Offer goodon new registrations only. Proof of IT industry involvement required. Price after discount applied:Flex: $2,306.50, Conference + Workshop: $2,026.50, Conference: $1,606.50. UBM TechWeb 2011.
Fee Ep Pa Eta t IT Leaig EvetCloud Computing | Virtualization | SeCurity | mobility | data Center | networking
S h s it ss f 200+ techlgy cmpaie.
a fee ei cv h f f it sss.
H eyte f s s.
t h v , vs h h sc
vs. a f csss in s.
m c c v vs sc .
Becme a IT He. i vs h s
chs ss ss v sss v
f it .
Free expo pass
or save 25%*
with code
CPFKNY02
www.interop.com/newyork
WorksHoPs: oc. 34, 2011 ConFErEnCE: oc. 57, 2011 ExPo: oc. 56, 2011
ExHIBITors InCLudE:
-
8/4/2019 Issue 14 Final
25/36
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 23
AMERICAS
Acadia UniversityJodrey School of Computer ScienceWolfville, Nova Scotia, Canadahttp://cs.acadiau.ca
British Columbia Institute of TechnologyBurnaby, British Columbia, Canadawww.bcit.ca
Carleton UniversitySchool of Computer ScienceOttawa, Ontario, Canadawww.scs.carleton.ca
Concordia UniversityEngineering and Computer ScienceMontreal, Quebec, Canadahttp://encs.concordia.ca
Conestoga CollegeInstitute of Technology andAdvanced LearningKitchener, Ontario, Canadawww.conestogac.on.ca
Dalhousie UniversityFaculty of Computer ScienceHalifax, Nova Scotia, Canadawww.cs.dal.ca
McGill UniversityElectrical and Computer EngineeringMontreal, Quebec, Canadawww.mcgill.ca/ece
McMaster UniversityFaculty of EngineeringDepartment of Computing and SoftwareHamilton, Ontario, Canadawww.cas.mcmaster.ca/cas
Phirelight Learning CentreOttawa, Ontario, Canadawww.phirelight.com
Queens UniversitySchool of ComputingKingston, Ontario, Canadawww.cs.queensu.ca
Royal Military College of CanadaDepartment of Electrical and ComputerEngineeringKingston, Ontario, Canadawww.rmc.ca
Ryerson UniversityDepartment of Computer ScienceToronto, Ontario, Canadawww.scs.ryerson.ca/scs
Simon Fraser UniversitySchool of Computing ScienceBurnaby, British Columbia, Canadawww.cs.sfu.ca
The University of Western OntarioDepartment of Computer ScienceLondon, Ontario, Canadawww.csd.uwo.ca
Trent UniversityDepartment of Computing andInformation SystemsPeterborough, Ontario, Canadawww.trentu.ca/cois
University of AlbertaFaculty of ScienceDepartment of Computing ScienceEdmonton, Alberta, Canadawww.cs.ualberta.ca
University of British ColumbiaDepartment of Computer ScienceVancouver, British Columbia, Canada
www.cs.ubc.caUniversity of CalgaryDepartment of Computer ScienceCalgary, Alberta, Canadawww.cpsc.ucalgary.ca
University of ManitobaDepartment of Computer ScienceWinnipeg, Manitoba, Canadawww.cs.umanitoba.ca
University of New BrunswickDepartment of Electrical andComputer EngineeringFredericton, New Brunswick, Canadawww.unbf.ca/eng/ee
University of OttawaSchool of Information Technologyand Engineering
Ottawa, Ontario, Canadawww.site.uottawa.ca
University of TorontoDepartment of Computer ScienceToronto, Ontario, Canadawww.cs.toronto.edu
University of VictoriaDepartment of Computer ScienceVictoria, British Columbia, Canadawww.csc.uvic.ca
University of WaterlooFaculty of MathematicsSchool of Computer ScienceWaterloo, Ontario, Canadawww.cs.uwaterloo.ca
York UniversityDepartment of Computer Science
Toronto, Ontario, Canadawww.yorku.ca
Polytechnic University of Puerto RicoCenter for Information Assurance for Researchand EducationSan Juan, Puerto Ricowww.pupr.edu/poli2008-demo/ias_center.html
Air Force Institute of TechnologyCenter for Cyberspace ResearchWright-Patterson Air Force Base DaytonOhio, United Stateswww.afit.edu/ccr
Albany State UniversityAlbany, Georgia, United Stateswww.asurams.edu
Anne Arundel Community College
Computer Technologies DepartmentAnnapolis, Maryland, United Stateswww.aacc.edu
Arizona State UniversityIra A. Fulton School of EngineeringSchool of Computing and Informatics Information Assurance CenterTempe, Arizona, United Stateshttp://ia.asu.edu
Auburn UniversityInformation Assurance Laboratory
Department of Computer Science andSoftware EngineeringAuburn, Alabama, United Stateswww.eng.auburn.edu/users/hamilton/security
Bellevue UniversityCollege of Professional StudiesBellevue, Nebraska, United Stateswww.bellevue.edu/degrees/graduate/security-management-ms
Berkeley City CollegeBerkeley, California, United Stateshttp://vistawww.peralta.edu
Boston UniversityMetropolitan CollegeDepartment of Computer ScienceBoston, Massachusetts, United States
www.bu.edu/met/departments/computerBrandeis UniversityM.S. In Information AssuranceWaltham, Massachusetts, United Stateswww.brandeis.edu/gps/programscourses/programs/ias.html
California State Polytechnic University PomonaCenter for Information AssuranceCollege of Business AdministrationPomona, California, United Stateswww.bus.csupomona.edu/cis/cia
California State UniversityCenter for Information Assurance and SecuritySacramento, California, United Stateshttp://hera.ecs.csus.edu/csc/iac
California State University San BernardinoInformation Assurance and SecurityManagement CenterSan Bernardino, California, United Stateshttp://iasm.csusb.edu
Capella UniversitySchool of Business and TechnologyMinneapolis, Minnesota, United Stateswww.capella.edu/schools_programs/business_technology/business_technology_index.aspx
Capitol CollegeGraduate Programs in Network SecurityLaurel, Maryland, United Stateswww.capitol-college.edu/academics/graduate-academics/graduate-certificates
Carnegie Mellon UniversityInformation Networking InstituteMaster of Science in Information Security
Technology Information Security (Kobe MSIT-IS)Pittsburgh, Pennsylvania, United Stateshttp://www.ini.cmu.edu/degrees/kobe_msit-is
An information security professionals education tool
Educational institutions listed in this section provide a range of degree programs in the computer science and technology fields, aswell as specialized certifications in information security disciplines. (ISC)2 has a network of authorized education affiliates worldwide
for assistance in obtaining the Gold Standard in information security certifications. For specific programs see the individual Web
sites listed in this section, and be sure to look for the (ISC)2 Authorized Education Provider logo to ensure that you are receiving
Official (ISC)2 Review Seminars. Visit http://resourceguide.isc2.org for additional resource Spotlights from (ISC) 2.
Spotlight on 2011 Information SecurityEducation Resource Guide
-
8/4/2019 Issue 14 Final
26/36
-
8/4/2019 Issue 14 Final
27/36
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 25
Carnegie Mellon UniversityCyLab Usable Privacy and Security LaboratoryPittsburgh, Pennsylvania, United Stateshttp://cups.cs.cmu.edu
Carnegie Mellon UniversitySoftware Engineering InstitutePittsburgh, Pennsylvania, United Stateswww.sei.cmu.edu
Champlain CollegeDivision of Continuing Professional StudiesComputer and Digital ForensicsBurlington, Vermont, United Stateswww.champlain.edu/cps/undergrad_degrees/cdf.php
Clark Atlanta UniversityDepartment of Computer and Information ScienceAtlanta, Georgia, United Stateswww.cis.cau.edu
Colorado Technical UniversityColorado Springs, Colorado, United Stateswww.coloradotech.edu
Dakota State UniversityCenter for Information AssuranceMadison, South Dakota, United Stateswww.dsu.edu/msia/information-assurance.aspx
Dartmouth CollegeThe Institute for Security, Technology and
Society (ISTS)Hanover, New Hampshire, United Stateswww.ists.dartmouth.edu
DePaul UniversityInformation Assurance CenterChicago, Illinois, United Stateshttp://diac.depaul.edu
DeVry UniversityKeller Graduate School of Management75 locations across the USAUnited Stateswww.keller.edu
Drexel UniversityDepartment of Electrical andComputer EngineeringPhiladelphia, Pennsylvania, United Stateswww.ece.drexel.edu
East Carolina UniversityDepartment of Technology SystemsGreenville, North Carolina, United Stateshttp://www.ecu.edu/cs-tecs/tech_systems.cfm
East Stroudsburg UniversityComputer Science DepartmentEast Stroudsburg, Pennsylvania,United Stateshttp://www4.esu.edu
Eastern Michigan UniversityCenter for Regional and National Securit yYpsilanti, Michigan, United Stateswww.emich.edu/cerns
ECPI College of TechnologyHampton, Virginia, United Stateswww.ecpi.edu
Emory UniversityCenter for Lifelong LearningIT@Emory Computer Forensics CertificationAtlanta, Georgia, United Stateswww.cll.emory.edu/it/certifications/computer-forensics
Florida State UniversityDepartment of Computer ScienceInformation Technology Assuranceand SecurityTallahassee, Florida, United Stateswww.cs.fsu.edu/infosec
Fort Hays State UniversityInformation Enterprise InstituteHays, Kansas, United Stateswww.fhsu.edu/iei
Fountainhead College of TechnologyCenter for Information Assurance andCybersecurity TrainingKnoxville, Tennessee, United Stateswww.iawire.org
George Mason UniversityDepartment of Computer ScienceFairfax, Virginia, United Stateswww.ise.gmu.edu
George Washington UniversitySchool of Engineering and Applied ScienceWashington, District of ColumbiaUnited Stateswww.seas.gwu.edu
Georgetown UniversityInstitute for Information Assurance (GIIA)Washington, D.C., United Stateshttp://www12.georgetown.edu/uis/giia
Georgia Institute of TechnologyCollege of ComputingAtlanta, Georgia, United Stateswww.cc.gatech.edu
Hagerstown Community CollegeTechnology and Computer Studies DivisionHagerstown, Maryland, United Stateswww.hagerstowncc.edu/academics/divisions/technology-computer
Idaho State UniversityNational Information Assurance Trainingand Education CenterPocatello, Idaho, United Stateshttp://niatec.isu.edu/about.htm
Illinois Institute of Technology
Center for Information SecurityChicago, Illinois, United Stateswww.iit.edu
Illinois State UniversityCenter for Information Assurance andSecurity EducationNormal, Illinois, United Stateshttp://cast.illinoisstate.edu/itk/center
Indiana UniversityCenter for Applied Cybersecurity ResearchBloomington, Indiana, United Stateshttp://cacr.iu.edu
Indiana University of PennsylvaniaInstitute for Information AssuranceIndiana, Pennsylvania, United Stateswww.iup.edu/infosecurity
Iowa State University
Information Assurance CenterAmes, Iowa, United Stateswww.iac.iastate.edu
Jacksonville State UniversityCenter for Information Security and AssuranceJacksonville, Alabama, United Stateshttp://mcis.jsu.edu/cisa
James Madison UniversityInformation Security Masters ProgramHarrisonburg, Virginia, United Stateswww.infosec.jmu.edu
Johns Hopkins UniversityInformation Security InstituteBaltimore, Maryland, United Stateswww.jhuisi.jhu.edu
Kansas State UniversityCenter for Information Systems and Assurance
Manhattan. Kansas. United Stateswww.cisa.ksu.edu
Kaplan UniversityFort Lauderdale, Florida. United Stateshttp://studentcenter.kaplan.edu/information-technology
Kennesaw State UniversityCenter for Information Security EducationKennesaw, Georgia, United Stateshttp://infosec.kennesaw.edu
Lewis UniversityInstitute for Information AssuranceRomeoville, Illinois, United Stateswww.lewisu.edu/academics/msinfosec/overview.htm
Loyola UniversityDepartment of Computer Science
Chicago, Illinois, United Stateswww.cs.luc.edu/academics/graduate/msit
Macon State CollegeSchool of Information TechnologyMacon, Georgia, United Stateswww.maconstate.edu/it
Mercy CollegeCenter for Information Assurance EducationFerry, New York, United Stateswww.mercy.edu
Metropolitan State UniversityCollege of ManagementSt. Paul, Minnesota, United Stateswww.metrostate.eduMississippi State UniversityJames Worth Bagley College of EngineeringDepartment of Computer Science and EngineeringMississippi State, Mississippi, United Stateswww.cse.msstate.edu
Missouri University of Scienceand TechnologyRolla, Missouri, United Stateshttp://cae.mst.edu
National Defense UniversityInformation Resources Management CollegeWashington, District of Columbia, United Stateswww.ndu.edu/irmc
National Defense UniversityInformation Resources Management CollegeWashington, District of Columbia, United States
http://www.ndu.edu/iCollegeNaval Postgraduate SchoolCenter for Information Systems SecurityStudies and ResearchMonterey, California, United Stateshttp://cisr.nps.edu
New Jersey City UniversityProfessional Security Studies DepartmentNew Jersey City, New Jersey, United Stateshttp://web.njcu.edu/sites/profstudies/securitystudies
New Jersey Institute of TechnologyCollege of Computing SciencesUniversity HeightsNewark, New Jersey, United Stateswww.ccs.njit.edu
New Mexico Tech
Department of Computer ScienceSocorro, New Mexico, United Stateshttp://www.cs.nmt.edu
Norfolk State UniversityInstitute for Information Assurance ResearchNorfolk, Virginia, United Stateshttp://sst.nsu.edu/ia
North Carolina A&T State UniversityCenter for Cyber DefenseGreensboro, North Carolina, United Stateshttp://caeiae.ncat.edu/CCD
North Carolina State UniversityComputer Science DepartmentRaleigh, North Carolina, United Stateshttp://www.cae-r.ncsu.edu
Northeastern UniversityCollege of Computer and Information Science
Boston, Massachusetts, United Stateswww.ccs.neu.edu
Norwich UniversityMaster of Science in Information AssuranceNorthfield, Vermont, United Stateshttp://infoassurance.norwich.edu
Nova Southeastern UniversityNational Center of Academic Excellence inInformation Assurance EducationFort Lauderdale, Florida, United Stateshttp://infosec.nova.edu
Ohio State UniversityDepartment of Computer Science and EngineeringColumbus, Ohio, United Stateswww.cse.ohio-state.edu
Oklahoma City Community CollegeOklahoma Center for Information Assurance and
Forensics Education (OCIAFE)Oklahoma City, Oklahoma, United Stateswww.occc.edu/IT/OCIAFE.html
-
8/4/2019 Issue 14 Final
28/36
26 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14
Oklahoma State UniversityCenter for Telecommunication andNetwork Security (CTANS)William S. Spears School of BusinessStillwater, Oklahoma, United Stateshttp://ctans.okstate.edu
Our Lady of the Lake UniversityComputer Information Systems and SecuritySan Antonio, Texas, United Stateswww.ollusa.edu/s/1190/ollu.aspx?sid=1190&gid=1&pgid=991
Owens Community CollegeSchool of Business and Information SystemsPerrysburg Township, Ohio, United Stateswww.owens.edu/academic_dept/bus_tech/info_tech/index.html
Pace UniversityIvan G. Seidenberg School of ComputerScience and Information SystemsWhite Plains , New York, United Stateswww.csis.pace.edu/csis
Peirce CollegePhiladelphia, Pennsylvania, United Stateswww.peirce.edu
Pennsylvania State UniversityCenter for Information AssuranceCollege of Information Sciences and TechnologyUniversity Park, Pennsylvania, United States
http://net1.ist.psu.edu/cicaPolytechnic Institute of New York UniversityBrooklyn, New York, United Stateswww.poly.edu
Portland State UniversityMaseeh College of Engineering andComputer SciencePortland, Oregon, United Stateswww.cs.pdx.edu
Prince Georges Community CollegeInformation and Engineering TechnologyDepartmentLargo, Maryland, United Stateshttp://academic.pgcc.edu/iet/security.htm
Princeton UniversityCenter for Network Science and ApplicationsPrinceton, New Jersey, United States
www.princeton.edu/cnsaPurdue UniversityThe Center for Education and Research inInformation Assurance and SecurityWest Lafayette, Indiana, United Stateswww.cerias.purdue.edu
Rasmussen CollegeEaganEagan, Minnesota, United Stateswww.rasmussen.edu
Regis UniversityMaster of Science in Computer InformationTechnology ProgramDenver, Colorado, United Stateshttp://www.regis.edu/regis.asp?sctn=cpcis
Rochester Institute of TechnologyComputing Security and InformationAssurance Center
Rochester, New York, United Stateswww.nssa.rit.edu
Rose State CollegeNetworking and Cyber Security DepartmentMidwest City, Oklahoma, United Stateswww.rose.edu/students/busdiv/networking/InfoSecCert.asp
Rutgers, The State University of New JerseyRutgers Center for Information AssuranceNew Brunswick, New Jersey, United Stateshttp://rucia.rutgers.edu
Sam Houston State UniversityComputer Science DepartmentHuntsville, Texas, United Stateswww.shsu.edu/catalog/cs.html
Seminole State College of FloridaSanford, Florida, United Stateshttp://www.seminolestate.edu
South UniversityCollege of BusinessMS in Information Systems and TechnologyInformation SecuritySavannah, Georgia, United Stateswww.southuniversity.edu/college-of-business/savannah-information-systems-and-technology-msist-173512
Southern Methodist UniversityHigh Assurance Computing and Networking LabDallas, Texas, United States
http://hacnet.smu.eduSouthern Polytechnic UniversityCenter for Information Security EducationMarietta, Georgia, United Stateshttp://cise.spsu.edu
St. Cloud State UniversityCenter for Information Assurance StudiesSt. Cloud, Minnesota, United Stateshttp://web.stcloudstate.edu/cias/index.htm
St. Petersburg CollegeIT Security Associate in Science DegreeLargo, Florida, United Stateswww.spcollege.edu/itsecurity
Stanford UniversityDepartment of Computer ScienceStanford, California, United Stateswww.cs.stanford.edu
State of New York University at BuffaloCenter of Excellence in Information SystemsAssurance, Research and Education (CEISARE)Buffalo, New York, United Stateswww.cse.buffalo.edu/caeiae
State University of New York-Stony BrookDepartment of Computer ScienceStony Brook, New York, United Stateswww.cs.sunysb.edu
Stevens Institute of TechnologySchool of Systems and EnterprisesHoboken, New Jersey, United Stateshttp://sse.stevens.edu/academics/graduate/software-engineering/program-overview/software-assurance
Stevens Institute of TechnologyDepartment of Computer Science
Hoboken, New Jersey, United Stateswww.cs.stevens-tech.edu
Syracuse UniversityCenter for Systems AssuranceSyracuse, New York, United Stateswww.csa.syr.edu
Texas A&M UniversityNetworking and Information SecurityCollege Station , Texas, United Stateshttp://nis.tamu.edu
Towson UniversityCenter for Applied Information TechnologyTowson, Maryland, United Stateshttp://www.towson.edu/outreach/cait
U.S. Naval AcademyDepartment of Computer ScienceAnnapolis, Maryland, United States
www.usna.edu/CSUnited States Air Force AcademyColorado Springs, Colorado, United Stateswww.usafa.af.mil
United States Military Academy West PointInformation Technology and Operations CenterDepartment of Electrical Engineering andComputer ScienceWest Point, New York, United Stateswww.itoc.usma.edu
University at BuffaloThe State Universi ty of New York Center ofExcellence in Information Systems AssuranceResearch and EducationDepartment of Computer Science and EngineeringBuffalo, New York, United Stateswww.cse.buffalo.edu/caeiae
University of Advancing TechnologyCenter for Information AssuranceTempe, Arizona, United Stateswww.uat.edu/academics/Information_Assurance.aspx
University of Alabama in HuntsvilleHuntsville, Alabama, United Stateswww.uah.edu
University of Alaska-FairbanksAdvanced Systems Security Education,Research, and Training CenterDepartment of Computer ScienceFairbanks, Alaska, United Stateshttp://assert.uaf.edu/index.html
University of Arizona-TucsonInformation Assurance and SecurityEducation CenterEller College of ManagementTucson, Arizona, United Stateshttp://iasec.eller.arizona.edu
University of Arkansas at Little RockCenter for Assurance, Security and SoftwareUsabilit y, Research and Education (ASSURE)Little Rock, Arkansas, United Stateshttp://ualr.edu/eit
University of California IrvineSecure Computing and Networking CenterIrvine, California, United States
http://sconce.ics.uci.eduUniversity of California-DavisComputer Security LaboratoryDepartment of Computer ScienceDavis, California, United Stateshttp://seclab.cs.ucdavis.edu
University of CincinnatiSchool of Computing Science and InformaticsCincinnati, Ohio, United Stateswww.cs.uc.edu
University of ConnecticutDepartment of Computer Science and EngineeringStorrs, Connecticut, United Stateswww.cse.uconn.edu/cms
University of DallasCenter for Information AssuranceGraduate School of Management
Irving, Texas, United Stateswww.thedallasmba.com/ia/centerforia.cfm
University of DenverDepartment of Computer ScienceDenver, Colorado, United Stateswww.cs.du.edu
University of Detroit MercyCentre for Assurance StudiesDetroit, Michigan, United Stateshttp://business.udmercy.edu/assurance-studies/index.htm
University of HoustonInformation Security ProgramCollege of TechnologyHouston, Texas, United Stateswww.tech.uh.edu
University of Idaho
Center for Secure and Dependable SystemsMoscow, Idaho, United Stateswww.csds.uidaho.edu
University of IllinoisComputer ScienceUIC College of EngineeringChicago, Illinois, United Stateshttp://engineering.uic.edu
University of Illinois at SpringfieldCenter of Systems Security and InformationAssuranceSpringfield, Illinois, United Stateshttp://csc.uis.edu/center
University of Illinois at Urbana-ChampaignDepartment of Computer ScienceUrbana, Illinois, United Stateswww.cs.uiuc.edu
-
8/4/2019 Issue 14 Final
29/36
The baTTlefield is invisible. The rewards are very real.
The cyber battlefeld is swarming with terrorists, hackers and spies looking to steal secrets, knock out power
grids and more. Thats why employers rom Cyber Command to private businesses need cybersecurity experts
now. And why a bachelors or masters degree or graduate certiicate in cybersecurity rom University o
Maryland University College (UMUC) is in high demand. Oered completely online, its your chance to fght back
against cyber terrorismwhile advancing your career.
Designated as a National Center of Academic Excellence in Information
Assurance Education by the NSA and DHS
Programs include a BS and MS in cybersecurity, MS in cybersecurity policy,
and three graduate certifcates
Financial aid and an interest-free monthly payment plan available
eo o. 800-888-UMUC umuc.edu/globalsecurityCopyright 2011 University of Maryland University College
cybersecuriTy
-
8/4/2019 Issue 14 Final
30/36
28 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14
University of KansasInformation Assurance LaboratoryInformation and TelecommunicationsTechnology Center (ITTC)Lawrence, Kansas, United Stateshttp://ial.ittc.ku.edu
University of LouisvilleComputer Engineering and Computer ScienceLouisville, Kentucky, United Stateshttp://louisville.edu/speed/computer
University of Louisville
College of Business and Speed Schoolof EngineeringLouisville, Kentucky, United Stateswww.louisville.edu/infosec
University of MarylandThe Graduate SchoolCollege Park, Maryland, United Stateshttp://www.gradschool.umd.edu
University of Maryland University CollegeAdelphi, Maryland, United Stateswww.umuc.edu
University of Maryland, Baltimore CountyCenter for Information Security and AssuranceBaltimore, Maryland, United Stateswww.cisa.umbc.edu
University of Massachusetts-AmherstDepartment of Computer Science
Amherst, Massachusetts, United Stateswww.cs.umass.edu
University of Massachusetts-LowellLowell, Massachusetts, United Stateswww.uml.edu
University of MemphisCenter for Information Assurance ComputerScience DepartmentMemphis, Tennessee, United Stateshttp://cfia.memphis.edu/home
University of MinnesotaInstitute of TechnologyDepartment of Computer Science andEngineering - Information Assurance CenterMinneapolis, Minnesota, United Stateswww.cs.umn.edu
University of Missouri- Columbia
Application Security Education ProgramDivision of Information TechnologyColumbia, Missouri, United Stateshttp://asep.missouri.edu
University of Missouri-RollaCenter for Critical Infrastructure ProtectionRolla, Missouri, United Stateshttp://ccip.mst.edu
University of Nebraska at OmahaNebraska University Consortium onInformation AssuranceCollege of Information Science and TechnologyOmaha, Nebraska, United Stateshttp://nucia.ist.unomaha.edu
University of Nevada Las VegasSchool of InformaticsLas Vegas, Nevada, United States
http://informatics.unlv.eduUniversity of New MexicoCenter for Information Assurance Research andEducationAlbuquerque, New Mexico, United Stateshttp://ia.mgt.unm.edu
University of New OrleansDepartment of Computer ScienceNew Orleans, Louisiana, United Stateswww.cs.uno.edu
University of North Carolina at CharlotteThe Laboratory of InformationIntegration Security and PrivacyDepartment of Software andInformation SystemsCharlotte, North Carolina, United Stateswww.sis.uncc.edu/LIISP
University of North TexasCenter for Information and Computer SecurityDenton, Texas, United Stateshttp://www.unt.edu/training
University of PennsylvaniaDepartment of Computer andInformation SciencePhiladelphia, Pennsylvania, United Stateswww.cis.upenn.edu
University of PittsburghSchool of Information ScienceLaborator y of Education and Research onSecurity Assured Information SystemsPittsburgh, Pennsylvania, United Stateswww.sis.pitt.edu/%7Elersais
University of South CarolinaCenter for Information Assurance EngineeringColumbia, South Carolina, United Stateswww.cse.sc.edu/research/isl
University of Tennessee at ChattanoogaInformation Security CenterChattanooga, Tennessee, United Stateswww.utc.edu/cisa
University of Texas at DallasCybersecurity and EmergencyPreparedness InstituteErik Jonsson School of Engineeringand Computer Science
Richardson, Texas, United Stateswww.utdallas.edu/research/dfepi
University of Texas at El PasoCenter for Information AssuranceEl Paso, Texas, United Stateswww.cs.utep.edu/cfia
University of Texas at San AntonioCollege of BusinessSan Antonio, Texas, United Stateshttp://business.utsa.edu
University of Texas Health ScienceCenter at HoustonSchool of Biomedical InformaticsHouston, Texas, United Stateswww.uhouston.edu/sbml/education/applied
University of TulsaCenter for Information Security
Tulsa, Oklahoma, United Stateswww.cis.utulsa.edu
University of VirginiaSchool of Engineering and Applied ScienceCharlottesville, Virginia, United Stateswww.seas.virginia.edu
University of WashingtonCenter for Information Assurance andCybersecurityInstitute of TechnologyTacoma, Washington, United Stateshttp://ciac.ischool.washington.edu
Utica CollegeSchool of Business and Justice StudiesUtica, New York, United Stateshttp://www.utica.edu/academic/ssm/cybersecurity
Vanguard Integrity ProfessionalsRACF Trainingenterprise security softwareLas Vegas, Nevada, United Stateshttps://training.go2vanguard.com
Virginia Polytechnic Institute andState UniversityComputer Science DepartmentBlacksburg, Virginia, United Stateshttp://www.cs.vt.edu
Walden UniversityCollege of Management and TechnologyMinneapolis, Minnesota, United Stateswww.waldenu.edu
Walsh CollegeBusiness Information TechnologyInformation Assurance CenterTroy, Michigan, United States
http://www.walshcollege.edu/iac
Weber State UniversityOgden, Utah, United Stateswww.weber.edu
West Chester University of PennsylvaniaCenter for Academic Excellence inInformation AssuranceDepartment of Computer ScienceWest Chester, Pennsylvania, United Stateswww.cs.wcupa.edu
West Virginia UniversityInstitute for Information Assurance StudiesMorgantown, West Virginia, United Stateshttp://www.csee.wvu.edu/IIAS
Western Governors UniversityCollege of Information TechnologySalt Lake City, Utah, United Stateswww.wgu.edu/online_it_degrees/information_security_assurance_degree
ASIA-PACIFIC
Macquarie UniversityDepartment of ComputingNorth Ryde, New South Wales, Australiawww.comp.mq.edu.au
Macquarie UniversityThe Centre for Advanced ComputingAlgorithms and Cryptography (ACAC)
North Ryde, New South Wales, Australiawww.ics.mq.edu.au/acac
Macquarie UniversityInformation and Networked Systems SecurityResearchNorth Ryde, New South Wales, Australiawww.comp.mq.edu.au/research/inss
Queensland University of TechnologyFaculty of Science and TechnologySchool of Software Engineering andData CommunicationsBrisbane, Queensland, Australiahttp://www.scitech.qut.edu.au
The Australian National UniversityFaculty of Engineering andInformation TechnologyDepartment of Computer ScienceCanberra, Australian Capital Territory
Australiahttp://cs.anu.edu.au
The University of AdelaideSchool of Computer ScienceAdelaide, South Australia, Australiawww.cs.adelaide.edu.au
The University of AdelaideDefence and Security ClusterAdelaide, South Australia, Australiawww.adelaide.edu.au/desec
The University of MelbourneFaculty of EngineeringMelbourne, Victoria, Australiawww.eng.unimelb.edu.au
The University of MelbourneThe Research Network for a Secure AustraliaMelbourne, Victoria, Australia
www.civenv.unimelb.edu.au/research/centres/rnsa.html
The University of New South WalesSchool of Engineering and Information TechnologyCanberra, Australian Capital TerritoryAustraliawww.itee.adfa.edu.au
University of South AustraliaSchool of Computer and Information Science,Advanced Computing Research CentreMawson Lakes, Australiawww.acrc.unisa.edu.au
Beijing University of Posts andTelecommunicationsSchool of Computer Science and TechnologyBeijing, Chinawww.bupt.edu.cn
Beijing University of Posts andTelecommunicationsSchool of Information EngineeringBeijing, Chinawww.bupt.edu.cn
-
8/4/2019 Issue 14 Final
31/36
ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 29
Fudan UniversitySchool of Information Science and EngineeringBeijing, Chinahttp://www.fudan.edu.cn/englishnew
Nankai UniversityCollege of Information Technical ScienceTianjin, Chinahttp://it.nankai.edu.cn/ITEMIS/index.asp
Peking UniversityInstitute of Computer Science and TechnologyBeijing, Chinawww.icst.pku.edu.cnPeking UniversityNetwork & Information Security LabBeijing, Chinahttp://infosec.pku.edu.cn
Shandong UniversityCryptography and Information Security LaboratoryJinan, Chinawww.infosec.sdu.edu.cn
Shanghai Jiao Tong UniversitySchool of Information Security EngineeringShanghai, Chinahttp://infosec.sjtu.edu.cn
The Chinese Academy of SciencesGraduate SchoolSchool of Information Science and EngineeringBeijing, China
http://www.gscas.ac.cn/gscasenglish/index.aspx
The Chinese Academy of SciencesGraduate SchoolInstitute of Software (ISCAS)Beijing, Chinahttp://iscas.ac.cn/english/index.action
The Chinese Academy of SciencesGraduate SchoolThe State Key Laboratory of Information SecurityBeijing, Chinawww.is.ac.cn
Tongji UniversityDepartment of Computer Science and TechnologyShanghai, Chinawww.tongji.edu.cn/english/inc/index.asp
Tsinghua University
School of Information Science and TechnologyBeijing, Chinawww.sist.tsinghua.edu.cn
University of Science and Technologyof ChinaDepartment of Information SecurityHefei, Anhui Province, Chinahttp://infosec.ustc.edu.cn
Wuhan UniversityThe College of Computer ScienceWuhan, Chinahttp://cslab.whu.edu.cn/index.php
Xidian UniversitySchool of Computer Science and TechnologyXiAn, Chinahttp://www.xidian.edu.cn
Biometrics Research Centre
Faculty of EngineeringDepartment of ComputingKowloon, Hong Konghttp://www4.comp.polyu.edu.hk/~biometrics
City University of Hong KongFaculty of Science and EngineeringDepartment of Computer ScienceKowloon, Hong Kongwww.cs.cityu.edu.hk
City University of Hong KongDepartment of Electronic EngineeringKowloon, Hong Kongwww.ee.cityu.edu.hk
The Chinese University of Hong KongDepartment of Computer Scienceand EngineeringHong Kongwww.cse.cuhk.edu.hk
The Hong Kong Polytechnic UniversityFaculty of EngineeringDepartment of ComputingKowloon, Hong Kongwww.comp.polyu.edu.hk
The Hong Kong University of Scienceand TechnologySchool of ScienceDepartment of Computer ScienceKowloon, Hong Kongwww.cs.ust.hk
The University of Hong KongDepartment of Computer ScienceHong Kongwww.cs.hku.hk
Indian Institute of Technology-BombayDepartment of Computer Scienceand EngineeringBombay, Indiahttp://www.cse.iitb.ac.in
Indian Institute of Technology-KharagpurDepartment of Computer Scienceand EngineeringKharagpur, Indiawww.iitkgp.ernet.in
Indian Institute of Technology-MadrasDepartment of Computer Scienceand Engineering
Madras, Indiawww.cse.iitm.ac.in
Graduate School of Applied InformaticsUniversity of HyogoCarnegie Mellon UniversityMaster of Science in InformationTechnology Information SecurityKobe, Japanhttp://www.cmuj.jp
Institute of Information SecurityYokohama, Japanhttp://www.iisec.jp
Dongguk UniversityGraduate School of International Affairs& InformationDepartment of Information SecuritySeoul, Koreahttp://www.dongguk.edu
Hanyang UniversityThe College of Information and CommunicationsSeoul, Koreahttp://www.hanyang.ac.kr/english
Korea Advanced Institute of Scienceand TechnologyInformation Technology Convergence CampusDaedeok Science Town, Koreahttp://www.kaist.edu
Korea Advanced Institute of Scienceand TechnologyDivision of Computer ScienceDaejeon, Koreawww.kaist.edu
Korea UniversityCentre for the Information Security TechnologiesSeoul, Korea
http://cist.korea.ac.krSeoul National UniversitySchool of Computer Science and EngineeringSeoul, Koreahttp://web.cse.snu.ac.kr/english/index.asp
Sogang UniversityDepartment of Computer ScienceSeoul, Koreahttp://cs.sogang.ac.kr
Soongsil UniversityDepartment of Information ScienceSeoul, Koreahttp://com.ssu.ac.kr
Sungkyunkwan UniversitySchool of Information andCommunication EngineeringSuwon, Korea
http://icc.skku.ac.kr/icchome/e11.jsp
Choongang UniversityGraduate School of Information TechnologySeoul, Korea, Republic ofhttp://gsi.cau.ac.kr
Semyung UniversitySemyung Information & Communication SystemJechon, Korea, Republic ofhttp://smics.semyung.ac.kr
International Islamic University MalaysiaKulliyyah of Information and CommunicationTechnologyKuala Lumpur, Malaysiahttp://kict.iium.edu.my
Multimedia UniversityCentre for Cryptography and Information SecuritySelangor, Malaysiahttp://foe.mmu.edu.my/main/research/ccis/index.html
Swinburne UniversitySarawak CampusInformation Security Research (iSECURES) LabSarawak, Malaysiawww.swinburne.edu.my/iSECURES
Universiti Sains MalaysiaSchool of Computer SciencesPenang, Malaysiawww.cs.usm.my
Universiti Sains Malaysia
National Advance IPv6 Centre of ExcellencePenang, Malaysiawww.nav6.org
Universiti Teknologi MalaysiaFaculty of Computer Science andInformation SystemsKuala Lumpur, Malaysiawww.fsksm.utm.myUniversity of CanterburyCollege of EngineeringThe Department of Computer Science& Software EngineeringChristchurch, New Zealandwww.cosc.canterbury.ac.nz
University of OtagoInformation Science School of BusinessDunedin, New Zealandhttp://www.infoscience.otago.ac.nz
Nanyang PolytechnicSchool of Information TechnologySingaporewww.nyp.edu.sg
Nanyang Technological UniversitySchool of Electrical and Electronic EngineeringCentre for Information SecuritySingaporewww.ntu.edu.sg/eee/cis
National University of SingaporeInstitute of Systems ScienceSingaporewww.iss.nus.edu.sg/iss/index.jsp
National University of SingaporeSchool of ComputingSingaporewww.comp.nus.edu.sg
Singapore Management UniversitySchool of Information SystemsSingaporewww.sis.smu.edu.sg
Singapore PolytechnicSchool of Digital Media and Infocomm TechnologySingaporewww.sp.edu.sg
National Central UniversityDepartment of Computer Science andInformation EngineeringChung-li, Tao-yuan, Taiwanwww.csie.ncu.edu.tw
National Cheng Kung UniversityDepartment of Computer Science andInformation EngineeringTainan City, Taiwanwww.csie.ncku.edu.tw
-
8/4/2019 Issue 14 Final
32/36
30 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14
National Chiao Tung UniversityCollege of Computer ScienceHsinchu, Taiwanwww.ccs.nctu.edu.tw
National Chiao Tung UniversityCollege of Electrical and Computer EngineeringHsinchu, Taiwanwww.eecs.nctu.edu.tw
National Chung Cheng UniversityDepartment of Computer Science andInformation EngineeringMin-Hsiung, Chia-Yi, Taiwanwww.cs.ccu.edu.tw
National Chung Cheng UniversityDepartment of Information ManagementMin-Hsiung, Chia-Yi, Taiwanwww.mis.ccu.edu.tw
National Chung-Hsing UniversityDepartment of Computer ScienceTai-Chung City, Taiwanwww.nchu.edu.tw
National Sun Yat-sen UniversityDepartment of Computer Scienceand EngineeringKaohsiung, Taiwanwww.cse.nsysu.edu.tw
National Taiwan UniversityDepartment of Computer Science and
Information EngineeringTaipei, Taiwanwww.csie.ntu.edu.tw
National Taiwan UniversityDepartment of Electrical EngineeringTaipei, Taiwanwww.ee.ntu.edu.tw
National Taiwan University of Scienceand TechnologyDepartment of Information ManagementTaipei City, Taiwanhttp://star7.cs.ntust.edu.tw
EUROPE, MIDDLE EAST, AFRICA
Ecole Nationale Suprieure dIngnieursde BourgesFilire STI, Bourges, Francewww.ensi-bourges.frENST Bretagne et SUPELECMastre Spcialis en Scurit desSystmes dInformationRennes, Francehttp://www.supelec.fr
Universit BordeauxSciences et TechnologiesDpartement dInformatiqueTalence, Francewww.u-bordeaux1.fr
Universit de Technologie de TroyesMaster Sciences et TechnologieSpcialit Scurit des Systmes dInformationTroyes, Francewww.utt.fr/uk/index.php
Universit Franois-Rabelais
UFR Sciences et techniquesDpartement InformatiqueBlois, Francehttp://www.univ-tours.fr
Universit NantesDpartement InformatiqueNantes, Francewww.iut-nantes.univ-nantes.fr
Fachhochschule fr Oekonomie& ManagementUniversity of Applied SciencesGermanywww.fom.de/bachelor_of_it-engineering_studieninhalte.html
Ruhr-Universitt BochumHorst Grtz InstituteBochum, Germany
www.ruhr-uni-bochum.de
Dublin City UniversityFaculty of Engineering and ComputingDublin, Irelandwww.dcu.ie/engineering_and_computing/index.shtml
Universit? degli Studi di MilanoSicurezza dei Sistemi e delle Reti InformaticheCrema, Italywww.cdlonline.unimi.it/cdlOnline/default.asp
Universit degli Studi di Roma La SapienzaRome, Italyhttp://security.di.uniroma1.it/masterUniversit Ca Foscari VeneziaVenice, Italywww.dsi.unive.it/sicurezza
Moscow Engineering Physics Institute(State University)Department of CyberneticsMoscow, Russiawww.mipt.ru/eng
Gteborgs UniversitetComputer Science and EngineeringGteborg, Swedenwww.chalmers.se/cse
KTH, Skolan fr Informations-OchKommunikationsteknikKista, Swedenwww.it.kth.se
ETH, Swiss Federal Institute ofTechnology ZurichCenter for Security StudiesZurich, Switzerlandwww.css.ethz.ch
Birmingham City UniversityBirminghamUnited Kingdomhttp://www.bcu.ac.uk
Canterbury Christ Church UniversityDepartment of ComputingCanterbury, Kent, United Kingdomwww.cante