Security: September 2007 Archives

I will be attending Cosac in Killashee house tomorrow (Tue 25th Sept 2007). My expectations for this event are quiet high as it is costing my employer 909 euros for one days attendance.

I plan to attend the following talks.

0930 - 1015 It's not about the technology Jim Gamble Child Exploitation and On-line Protection Centre

10.15 11.50 Anatomy of an Incident: An Interactive Workshop Lawrence D. Dietz Tal Global

1150 - 1300 A Unique Approach to Attack Trace-back Dr. Peter Stephenson Norwich University

14.00 - 15.10 Information Security Metrics is Coming of Age: Will You Be At The Party Gerry O'Neill Inforisca Services Limited

1530 - 1640 Self-Defeating Networks - Using NAC to Hack Aaron Earle AE&E Corporation

1650 - 1800 Strategic Roadmapping & Planning for Security, Risk & Governance - a Refresh Gerry O'Neill Inforisca Services Limited

1810 - 1900 Issues of the Day Hot Topic Forum John O'Leary Computer Security Institute

This is what Boston College did in 2005 when it suffered a data breach. The full story including the details of the forensics and the team they had to put in place is presented in a Network World Article. This team included both legal and PR people as the 100,000 records of Alumni was affected. It turned out that it a rogue server in a utility closet was hacked. Boston College maintains that ethically they were obliged to tell the affected individuals. Even though the actual database wasn't compromised a series of scratch files for bulk mailing had been.

What was interesting with regards to informing them was that they chose the traditional letter in the post signed by management option. They felt that this approach worked and helped to regain trust.

This example should server to highlight that customers needs should be placed first.