Past Trainings

The tension between cybersecurity and researchers has long hampered attempts to secure research. It is also why institutional cybersecurity efforts in academia have been confined to the most sensitive research. The status quo has persisted for other reasons as well, for instance the complexity of the research environment, but latest developments in the regulatory and cyber threat landscape are quickly changing the status quo. Funding requirements scoped beyond individual awards and newly evolving threats are pointing to a future where securing research holistically is no longer optional.

This webinar is an overview of the recently published white paper, "Effective Cybersecurity for Research," by William Drake and Anurag Shankar. The white paper describes an approach to cybersecurity for research that is showing great promise in breaking the security versus research impasse. A product of years of effort at Indiana University, it focuses exclusively on the researcher and the research mission, reduces the cybersecurity and compliance burden on the researcher, and aims to secure all research. It has been stress tested on campus, with success evidenced by research.

For the past two years, Duke faculty member David Hoffman, students, and the IT Security Office have partnered with Chris Olsen and the Proxywar-e team to develop a solution to:

• Know and mitigate digital attacks targeting Duke
• Automatically stop attacks; inform digital entities enabling the attackers via 3rd-party code
• Understand and stop the digital attack vector’s impact on our network and endpoints
• Simplify attribution for digital attacks

Ransomware has existed in some form for more than 30 years. In the past 10, it has become an expected part of an attacker’s toolkit for monetizing a compromise. In this webinar, Ryan Kiser discussed the history of ransomware, the evolution of the business model which fuels its growth, how this can inform our defensive strategies, and what easy wins we can accomplish to help us to protect against it.

This webinar briefly covered the contents of the white paper by Ishan Abhinit and Mark Krenz of Indiana University's Center for Applied Cybersecurity Research (CACR) on security issues related to Google Drive. In this paper, the authors enumerate the security-related issues encountered while using Google Drive and document the solutions that they have adopted for mitigating these issues.

An important challenge facing security teams is how to accurately and rapidly identify and block attacks. Security teams make use of broad toolkits to defend networks, systems and data such as antimalware software, anti-phishing appliances, and intrusion protection and detection devices. In more recent years, threat intelligence has played an increasingly important role in protecting the enterprise. Since 2014, Duke has partnered with other higher education entities and research labs to advance the STINGAR project and demonstrate how partners can collaboratively protect themselves from malicious network activity. 

Subscribing to a vulnerability identification or scanning service is great for network security. But, how do you manage the vulnerability data and create a manageable and trackable workflow that doesn't overwhelm staff? How do you measure progress? There is no one-size-fits-all solution. This webinar will provide questions that a higher education or research facility or project cybersecurity team should ask themselves and spur ideas that can be used to frame a solution for vulnerability management that fits their needs.

Cybersecurity professionals supporting research and higher education understand the value of  having a common language with senior management. Published March 1, the Trusted CI Framework Implementation Guide for Research Cyberinfrastructure Operators provides such a common language, which can lead to mutual understanding, shared goals, and mutually agreed-upon action plans and resource allocations. Join Craig Jackson, architect of the Trusted CI Framework and Susan Sons, Deputy Director of Research SOC, as they discuss how to use the Framework to enhance relationships with key stakeholders while driving forward action to improve the overall cybersecurity posture of an organization.

View the recording Read publishing