Issue 14 Final

8/4/2019 Issue 14 Final

1/36

ISSU E NU M B E R 1 4

An (ISC)2 Digital Publication

www.isc2.org

Why individuals and business units buy technologywithout the IT departments knowledge, the problemsit creates, and what can be done to stop it.

e Phenomenon

that isShadow IT


2/36

Computer Science

Educational Technology

Information Security

Information Systems

Information Technology

The password to your future is NSU.

NovaSoutheasternUniversityadmitsstudents

ofanyrace,color,sexualorientation,andnationalorethnicor

igin.

NovaSoutheasternUniversityis

accreditedbytheCommissiononCollegesoftheSouthernAssociationofCollegesandSchools(1866SouthernLane,Decatur,Georgia30033-4097,

Telephonenumber:404-679-4501)toawardassociates,bachelors,masters,educationalspecialist,anddoctoraldegrees.

The Graduate School of Computer and Information Sciences at Nova Southeastern University

offers forward-thinking educational programs to prepare students for leadership roles in information

technology. Designated as a National Center of Academic Excellence in Information Assurance

Education by the U.S. National Security Agency, we offer rigorous educational programs with flexible

formats for working professionals, state-of-the-art facilities, and a distinguished faculty. In this diverse

and dynamic field, our graduates are achieving success in the military, government departments,

and universities nationwide, as well as at top companies.

HOW WE STAND OUT

Designated a National Center of Academic Excellence in Information AssuranceEducation by the U.S. government since 2005

Pioneer of online education since 1984

Earn your graduate certificate, masters degree, or Ph.D degree in information security

IEEE members receive tuition discounts

Apply today and advance your career at: www.scis.nova.edu/isc


3/36

COVERPHOTOBYTOM

MERTON

;ABOVEILLUSTRATIONBYIKONIMAGES/ROBINH

EIGHWAY-BURY

[features]8 The Phenomenon that

is Shadow ITWhy individuals and business units

buy technology behind ITs back,

the problems it creates, and what

can be done to stop it.

BY PETER FRETTY

12 The Rules of MobileDevice ProtectionHow to spend the money securing

mobile devices in the enterprise.

BY JOHN SOAT

18 Being a Team LeaderHow to Deal with Awkward

Situations and Challenging

Personalities.

BY MARIE LINGBLOM

ISSUE NUMBER 14 INFOSECURITY PROFESSIONAL 1

issue 14

[also inside]3 (ISC)2 Makes a Strong Push

Executive Letter From the desk of (ISC)2s Directorof Professional Program Development.

4 FYIMember News Read up on what (ISC)2 membersworldwide and the organization itself are doing. 7 Attendance Reveals Malware Still a Hot TopicViews and Reviews Highlights from (ISC)2sevent moderator.

16 Inaugural (ISC)2 Security Congress at a Glance

21 Securing GovernmentQ& A Lou Magnotti discusses security challengesand concerns in the government sector.

23 2011 (ISC)2 Education Resource Guide

32 A Call for Best-Practice FrameworkGlobal Insight Security standards to mitigate securitygaps in applications. BY LARS MAGNUSSON

2011 VOLUME 2

InfoSecurity Professionalis published by IDG Enterprise Custom Solutions Group, 492 Old Connecticut Path, Framingham, MA 01701 (phone: 508 935-4796). The information contained in this publicationrepresents the views and opinions of the respective authors and may not represent the views and opinions of (ISC) 2 on the issues discussed as of the date of publication. No part of this document may bereproduced, stored in or introduced into a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise), or for any purpose, without the express writtenpermission of (ISC)2. (ISC)2, the (ISC)2 digital logo and all other (ISC)2 product, service or certification names are registered marks or trademarks of the International Information Systems Security CertificationConsortium, Incorporated, in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. For subscriptioninformation or to change your address, please visit www.isc2.org. To order additional copies or obt ain permission to reprint materials, please email [email protected]. To request advertising information,please email [email protected]. 2011 (ISC)2 Incorporated. All rights reserved.

To view this issue

online, visitwww.isc2.infosecpromag.com

18


4/36

collocated with

SecurityCongress2 0 1 1

Premier Media Partner

Sept. 19-22, 2011 Orlando, FL

Where Traditional and Logical Security MeetAnnouncing the rst annual (ISC)2 Security Congress, which will be collocated withthe ASIS International 57th Annual Seminar and Exhibits. This event promises to provideattendees ve days packed with education and networking opportunities, and willbring together security professionals from all disciplines, making it one of the largestsecurity conferences in the world.

700 plus exhibitors from both programs Around 200 conference sessions available throughout 22 education tracks Exclusive (ISC)2 Town Hall, Member Reception and Safe and Secure Online

volunteer orientation Open to all individuals in the information security profession Two-day Intensive Education Seminars for the CISSP and CSSLP certications

(ISC)2 exam on September 18th Free 1/2 day credential clinics for CISSP, SSCP, CAP and CSSLP Earn CPEs for attending the conference

Visit www.isc2.org/congress2011 for moreinformation and special member pricing.


5/36

(ISC)2 Makes a Strong PushSecurity congreSS and reSultS of Job taSk analySiS

offer memberS new and continuing opportunitieS.

Were quite pleased to launch (isc)2

s cg, w w b (isc)2 g

, ww v. i w b j- w asis i 57 a sm-

exb, m smb 19-22 o,

F. T g mmb

m, xg wk. W (isc)2

x m , , gv-

, asis kw

b

. t m

m .

i v v-

g v, i g -

g . a g 16, m g

w b .

t m g-

, v: www.2.g/2011/

d.x

Mw, w

v Jb tk

a (Jta) cissp sscp .

T Jta g m m v

. W , w w v

w g xm v

mmb -- m . W g Jta v

, g:

1. W Jta wkg

, isc, k bk

gg. i m w

w mb,

m mg.

2. W b g 20- ,

g mmb, x, v m cBK cmm. T g

m w , vwg xg xm

b b , vg 10 m

bm, g bk m

g m.

3.

W v m w g. i

b

72,000 cissp. T v m

g. T , w

cissp v 22 .

4. T m b

m. dg

g, g

g k v g

mk .

o v

m, w xm b

m c

im B (ciB), w

m m . W

ciB x m

b w f xm,

g g v

vw b kg xm.a , w wg ciB

cissp, 2012 w

w xm. T csslp w w, w b

b b 2012.W v Jta . i g bv

b w am n s

i . o w b

G s .

i s cg

smb bk Jta.

s,

d. Vb t

cissp, csslp

Director of Professional Programs Development

(ISC)

2

iSSue number 14 inFosecurity proFessional 3

xv from the deSk of the (iSc)2 director of

profeSSional programS development


6/36

(ISC)2MEMBERNEWS

fy

4 INFOSECURITY PROFESSIONAL ISSUE NUMBER 14

PHOTOB

Y

IMAGE

SOURCE/CORBIS

(ISC)2ISPROUDtohavewonthe

2011SC

MagazineBestProfessionalTrainingProgram

award.edistinctionwasannouncedduring

RSA2011inSanFrancisco.(ISC)2hasnow

wonveawardsfromthismagazine, including

twointhecategoryofBest Professional

CerticationProgram.

Wearehonoredandthrilledtoreceiveanotherpr

es-

tigiousawardfromSCMagazine,saysW.HordTi

pton,

CISSP-ISSEP,CAP,CISA,executivedirectorof(ISC

)2.

Inthedynamicinformationsecurityprofession,d

omain

knowledge andongoingeducationplaya criticalro

leinour

membersabilitytoeectivelypreparefor threatsa

ndsafe-

guardagainstthem.Itsextremelysatisfyingtobere

cognized

foroureortstoprovidethemhigh-quality,currentand

convenient educationoerings.

EducationProgramWinsAward


7/36


RepresentingLatin America

(ISC) RECENTLY ESTABLISHED aLatin American Advisory Board(LAAB), which includes senior

information security professionals.e LAAB will address workforceissues and provide assessments andinsights into the information secu-rity profession in the region.

Members include:

Gabriel Bergel,CISSP, head of IT security, ING

Willian Caprino, CISSP, co-founder and chairman,you shot the Sheri (information security confer-ence); information security specialist , Cielo

Gerardo Castillo, CISSP, IT infrastructure

manager, National Instruments

Daniel Diniz, CISSP, information security o cerfor MAC

Geraldo Fonseca, CISSP, corporate informationsecurity o cer, Operador Nacional do SistemaEltrico (ONS)

Walmir Freitas, CISSP, chief information securityo cer, Ernst & Young

Jefferson Gutierrez, CISSP, manager of Informa-tion Protection Services practice, KPMG Colombia

Ivan Martinez Ivanov, CISSP, director identity

management, IRS Mexico Francisco Milagres, CISSP, senior manager, IT

Advisory Services, KPMG Brazil

Kleber Melo, CISSP, deputy security o cer at LAMHSBC Bank and LAAB co-chair for (ISC)2

Nelson Novaes Neto, CISSP, chief security o cer,UOL Diveo

Anderson Ramos , CISSP-ISSAP, ISSMP, SSCP,business development for Latin America and LAABco-chair for (ISC)2

Ramiro Rodrigues, CISSP, chief security o cer

for BT Latin America Ezequiel Sallis, CISSP, senior information security

specialist, Root-Secure Director

Sergio Torrontegui, CISSP, informationrisk manager, AXA

e LAAB most recently met in April, anddiscussed how (ISC)2 can help support itslocal members.

Its important that professionals in LatinAmerica have a prominent voice so that wecan meet the evolving demand for skills, saysW. Hord Tipton, CISSP-ISSEP, CAP, CISA,executive director of (ISC)2. We hope that byworking with the members of the LAAB, (ISC)

can have a positive impact on the obstacles theregion is facing to foster a skilled informationsecurity workforce.

A Global BoardF O R T H E F I R S T T I M E , the (ISC)2

Board of Directors Executive Committeecomprises only of non-U.S. representatives.

The committee includes:

Diana-Lynn Contesti, CISSP-ISSAP,

ISSMP, SSCP, chairperson (Canada)

Freddy Tan, CISSP, vice-chairperson

(Asia)

Richard Nealon, CISSP, SSCP, CISM,CISA, secretary (Europe)

Flemming Faber, CISSP, treasurer

(Denmark)

More information is available at:

https://www.isc2.org/PressRelease

Details.aspx?id=7435.

1st Annual Security Congress 2011See pages 16 17 for the Security Congress 2011 at a glance. Collocated with the

ASIS International 57th Annual Seminar and Exhibits, this event will bring education and

networking opportunities to the largest security conference in the world.


8/36


A LeadershipVote

A Scholarly Eort( ISC) AWARDS SCHOLARSHIPS to supportthe research and career aspirations of studentsand faculty who are conducting critical research

and propelling the information security profes-sion forward. e 2010 recipients include:

Tim Vidas, CISSP, Carnegie MellonUniversity, Pittsburgh, U.S. Tim was awardeda travel grant to present his paper on the needfor and creation of a digital forensics memorycorpus at the HICSS-44 conference, whichwas held in January 2011.

Oscar Castaneda, CISSP, SSCP, DelUniversity of Technology, Del, Netherlands.Oscar was awarded a grant for his research

in application security. Cheng Yueqiang, Singapore Management

University, Singapore. Cheng was awardeda grant for research in cloud computing(virtualized-based security).

N O M I N A T I O N S F O R T H E 2 0 1 1 (ISC)2

U.S. Government Information Security

Leadership Awards (GISLA) are open through

July 29. Please nominate a deserving federal

information security leader in one of the

five categories: Community Awareness;Federal Contractor; Process/Policy

Improvement; Technology Improvement;

Workforce Improvement.

For more information or to nominate, visit

www.isc2.org/gisla .

Register atwww.informationsecurityasia.com/register . (ISC) members will earnup to 16 CPE credits; dont forget to enter your certification number upon registration.

E-mail [email protected] for any inquiries.

NOW IN ITS 6th YEAR, (ISC) SecureAsia is Asia-Pacics most inuential gathering of information security

professionals. Endorsed by the Ministry of Communication and Information Technology and the Ministry

of Defense of the Republic of Indonesia, SecureAsia@Jakarta will cover key information security issues that

organizations need to address in todays environment of rapidly changing technology, coupled with the grow-ing sophistication of cyber threats and attacks. Senior information security professionals from government,

industry and academia will provide insight into the measures that organizations should take to protect their

information assets from both internal and external threats. Join information security experts at SecureAsia@

Jakarta and equip yourself with knowledge that you can use in the work place.


9/36


Management Team

Elise YacobellisExecutive Publisher

727 683-0782 [email protected]

Timothy GaronPublisher


Marc G. ThompsonAssociate Publisher


Amanda DAlessandroCorporate Communications Specialist


Sarah BohneSenior Communications Manager


Judy LiversSenior Manager of Marketing Development727 785-0189 x239 [email protected]

Sales Team

Christa CollinsRegional Sales Manager

U.S. Southeast and Midwest352 563-5264 [email protected]

Jennifer HuntEvents Sales Manager


Lisa O'ConnellRegional Sales Manager

IDG Media Team

Charles LeeVice President, Custom Solutions Group

Amy FreemanProject Manager

Anne TaylorManaging Editor

Joyce ChutchianEditor

Lisa O'ConnellManaging Editor


Kim HanArt Director

Lisa StevensonProduction Manager

ADVERTISER INDEX

EC Council . . . . . . . . . . . . . . . . . . . . . . . p. 20EWF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p.31IEEE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p. 11Interop . . . . . . . . . . . . . . . . . . . . . . . . . . . . p. 22ISACA . . . . . . . . . . . . . . . . . . . . . . Back Cover(ISC)2 . . . . . . . . . . . . . . . . . . . . . . . . . . p. 2; 15Nova Southeastern . . . .Inside Front CoverTraining Camp . . . . . . . . . . . . . . . . . . . . . p. 24Tripwire . . . . . . . . . . . . . . .Inside Back CoverUMUC . . . . . . . . . . . . . . . . . . . . . . . . . . . . p. 27

For information about advertising in this

publication, please contact Tim Garon [email protected].

AS THE YEAR has gained momentum, Ive been reecting

on the (ISC)2 inkT@nk events that have been held since

the last issue of this magazine. Based on the sheer number of

people who attended the two roundtables on malware and the

volume of questions that were posed, I believe that this threat

is not yet behind us. With some labs reporting up to 60,000

pieces of new malware identied each day, I guess it should

come as no surprise.

In the Old reats, New Vectors seminar, we dug into theshiing danger of malware and how it is creeping in through

Web applications. Many malware attacks come through web-

sites we visit every day; when they appear on social media sites

such as Facebook, they exploit our users trust in their own social networks. Does

this trend point to the obsolescence of traditional user awareness training? Find

out more by checking out this seminar in the archive:

http://bit.ly/OldreatsNewVectors.

While security concerns seem to be what is holding back rapid cloud adoption,

I continue to nd it interesting how much security technology we are pushing

outside of the enterprise. It all started with vulnerability scanning many years ago,

and as we discussed in the Inside Out roundtable, a move is afoot to migrate

malware protection beyond our perimeter. As more and more threats come inthrough the Web, these proxy-based models make sense as an additional layer of

protection, especially for the mobile workforce. You can view the archived event

here: http://bit.ly/InsideOut-MovingMalwareProtection. I think youll nd this

discussion interesting, as it touches not only on the technical implications of such

a model, but also on the impact that similar services can have on us as information

security professionals.

As I prepare for the second half of the year, I look forward to watching the

continued evolution of our shared profession and await your insightful questions

in the next (ISC)2 inkT@nk.

Brandon Dunlap, Managing Director of Research, Brighty

[email protected]

moderators cornerVIEWS AND REVIEWS FROM (ISC)2'S EVENT MODERATOR

Dont forget to take the quizand earn CPEs:

http://bit.ly/igN8AM

For a list ofevents (ISC)2 iseither hosting orsponsoring, visitwww.isc2.org/events

Attendance RevealsMalware Still a Hot Topic


10/36

Peter Frettyinvestigates

why individuals and business

units buy technology behind ITs

back, the problems it creates,

and what can be done to stop it.


e Phenomenonthat is


11/36


is practice, known as shadow IT, is far more common than many IT profes-

sionals would like to admit. In many cases, either individuals or departments are

not aware of the approval process to insta ll their own soware. Or, they may be

aware of the process but think it is ineective or takes more time than is available to

them, says Chris Trautwein, CISSP, information security o cer for (ISC)2. Some-

times they go outside of IT because the IT department says no to their technology

request, yet they still believe they need the specic soware.

Another reason is that privileges are not set properly on individual computers.

For instance, when the user has [Microso] XP installed on their computer, this

situation makes the user a local administrator, he adds. e result is a lack of tech-

nical control to stop the user from installing unapproved soware. is is probablythe most common reason.

All companies, no matter what size, are susceptible to shadow IT. And the

increase in cloud computing oerings has complicated the already touchy issue,

says Irfan Saif, a principal with Deloitte Consulting LLP. Most recently, the growth

of shadow IT has been facilitated by the range of feature-rich tools available through

channels such as the cloud, where collaboration, social media, and other tools such

as VoIP and SaaS applications are all easily available, and can be procured and inte-

grated into current business practices without ITs involvement, he says.

The Problems with Shadow IT

e reverberations of shadow IT purchaseshigher security management costs;

compliance inconsistencies; and the potential for data breachescan be painful.

Shadow IT organizations, which may not be as mature from an enterprise opera-

tions point of view, may not properly consider data protection, business resiliency

needs, intellectual property risks or even the appropriate legal and compliance con-

structs within their contracts, says Saif. Not only does this ultimately prevent risk

managers and auditors from having an accurate picture of the situation, but it also

elevates the risk prole and potentially will cost the company more money in terms

of operational and management costs to identify and deal with these environments,

oen inconsistently.

Of course, the impact on the organization can vary signicantly depending on

the type of soware installed or the services contracted, explains Trautwein. Dataleakage is understandably one of the biggest concerns, especially since its impossible

enabling better customer service and enhancing revenue

generation. But when IT and security departments cant

keep pace with technology, problems arise. Sometimes

individuals or entire business units go rogue, in a sense,

purchasing new soware or systems without involving IT.

Technology can be an impetus to gaining competitiveadvantage,

PHOTO

BY

TOMM

ERTON


12/36


to secure the unknown, he says. But there is also

the issue of improper licensing, which can open the

organization up to a number of compliance issues.

e other concern is the patching problem; you

cannot patch applications you do not know are

installed. Again, this can lead to serious vulner-

abilities capable of crippling an organization.

How to Gain Control

Aer acknowledging its existence, it is crucial for

IT and security leaders to take steps to eliminate

occurrences of shadow IT:

Create an Enforceable Policy. Every

organization needs an acceptable use policy that

clearly indicates what users are allowed to do

without IT approval, including soware installa-

tion and using third-party sources. Beyond hav-ing a policy, its important to have users actually

sign a compliance statement that indicates they

understand the policy and that they agree to abide

by it, Trautwein says.

At the same time, the IT department needs

to be very responsive to the needs of its users, he

adds. When you are responsive, you can eliminate

users circumventing policies. It helps to be involved

and treat users as customers with service level

agreements. Outline how rapidly you will provide

responses to their requests and stick to the agree-

ment. Users appreciate when you are on the samepage as them.

To facilitate policy creation and enforcement,

Pamela Fusco, vice president of International

Information Systems Security Association, recom-

mends starting an internal security roundtable.

Its an excellent opportunity to bring in represen-

tatives from each of the business units and discuss

the policies from a corporate, geographical andindustry perspective, she says. Everyone gets to

see the big picture and collaborate, while setting the

stage for business units to adopt standard security

practices. Of course, for this to succeed, you need

to understand it takes a true culture shi. e word

security itself causes walls to come up, but you

need to have a positive attitude to help the shi.

From a technical point of view, security profes-

sionals must congure user systems or accounts

with proper privileges, says Trautwein. Its crucial

to make sure users lack the ability to install soware

on their systems rather than allowing them to serveas local administrators, he says. If the company

upgrades individual systems to a more modern

operating system, it is much easier to issue user-

level access. is is one of the most crucial steps.

Focus on Enabling. The security team

should focus on enabling business units and edu-

cating the entire organization about the dangers of

shadow IT practices. It is securitys job to make it

clear that business units need to analyze whether

or not their siloed decision introduces a risk that

can bring the whole company down, rather than

simply aecting one business unit, Fusco says.When you are focused on revenue generation, it

Demonstrating that IT can

be an enabler, as opposed

to an obstacle, and can

help provide support andultimately manage

cost and risk within the

organization should help

reduce the occurrence

of shadow IT.

Irfan Saif, principal, Deloitte Consulting LLP

PHOTO

BY

MONALYNG

RACIA/CORBIS


13/36


can be di cult to see the big picture.

Ultimately, the emergence of shadow IT

should serve as a lesson to IT professionals that it

is important to recognize when to let go of legacy

systems, she adds. We need to look at what we

refuse to let go. Sometimes its the users who help

us evolve. When we hold legacy systems as critical

applications for too long, it can open the organiza-tion up to massive risks.

Saif recommends information security profes-

sionals capitalize on the fact that support is an area

where shadow IT functions often struggle. The

key is to avoid punishing and focus on enabling.

Coming to their assistance opens the door to

establishing a solid, sustainable connection. e

challenge, however, is always speed and whether

IT can move fast enough to meet the needs of the

businessa key driver for shadow IT groups in

the rst place, says Saif. Demonstrating that IT

can be an enabler, as opposed to an obstacle, and

can help provide support and ultimately manage

cost and risk within the organization should help

reduce the occurrence of shadow IT.

Stay Engaged. By being proactive andengaged throughout your organization, its pos-

sible to prevent business units from creating

shadow IT environments in the rst place, says

Saif. CIOs and CISOs must strive to develop an

inclusive enterprise process with the input of key

business stakeholders to capture the needs and

desires of the business and enable them, while

keeping security, data privacy, business resil-

Become an

IEEE Certifed BiometricsProessional

Learn more and register today!www.IEEEBiometricsCertifcation.org

Why CBP?

The IEEE Certifed Biometrics Proessional (CBP)

program has two major components: Certifcation and

Training. Proessionals and organizations can

both beneft rom the IEEE CBP program.

Key advantages are:

nProve your knowledge

nIncrease your credibility

nLearn a baseline o industryknowledge

nTrain employees

nGain a competitive advantage

ience, compliance and other risks in

mind. This process must also enable

swift decision-making, particularly

when the business needs relate toquickly procuring or building certain

services, or start ing up platforms for

development and testing.

A common example is the procure-

ment of cloud computing applications.

Oen, IT is unable to approve or pro-

vide alternatives quickly enough, says

Saif. Consequently, the business moves

forward without IT having any visibil-

ity or involvement. In instances where

established processes are insu cient to

meet business unit needs, exceptionsshould be approved, but managed with

the support of IT.

According to Trautwein, engage-

ment means IT and security must secure

an active role in organizational manage-

ment. is way, as important changes

happen throughout the organization,

you are a part of facilitating strategic

changes instead of always reacting, he

says. is is a big step in helping other

business units avoid relying on third-

party sources.Information security professionals

need to understand where the company

is headed if IT is going to realistically

plan its assets, asserts Fusco. Where isthe company going, where does it want

to be in three years and what will the

competition and industry look like in

three years? Engagement is the only

way we can accurately answer these

questions.

Peter Fretty is a freelance business andtechnology writer based in Michigan.


14/36

12 InfoSecurIty ProfeSSIonal ISSUE NUMBER 14

IllUS

tRatIo

N

By

G

o

RDo

N

StU

DERThe rules of mobile device

protection


15/36

ISSUE NUMBER 14 InSI PSSIn 13

Mobile-device related security

threats

w. I 2010 I S

T p, w Sm-

m 163 -

g 2010 k

g p mp

g pp m p-

m. T p m 115 2009.Im p-

m mg k m

mmm. , p

I g

m

. CSO mgz -

58 p x-

p g m

2011, g

13 p.

mm w

p .

Widespreadand GrowinGn - .S. 12

w mp, g

M 2011

. g BI

, m mp

pp ww 2010300 m

p ggg 71 p jmp

m .g p

p mp p -

m. mp g w

k g p-

g m-

p . , p-

g, w p

m w wk. T p

p gz

mp m m-

pg g pw

, g mmgm Mm. I

300 I p

Mm, 78 p m

kw -

p wk. T

k p p

g wk,

p g k.

I mk g p

pp. M -g gwg I

mkp.

xmp, Dm m

p m kM S $19.5 m

g. p 2011

m T M , S-

p M -

m w ,

p w

ww p w m

p g pm P-, -, wk-

, gg

pp g.

whats the problem?n mm m

mm g m

x mj k

m k.

w Jq p p-

- g T MS T w p

2010. H m p:

n T pm pg

m m w

P w (.g., Ww);

n M m

mp m

P;

n k g m

m

g.

T gm. T are g m pg -

m, g pp S, Gg, M Ww

P 7, IM BkB S.

T mk wg mw

m m mp

. Hw, p

pm m m m p-

m. BI p

w p 45 p mp mk 2016, w S

mg 19 p.

k k, g

m m

wm

P w 20 . B

g p pp

w mw mkg

w m m.

k, kw DDm, q

Gg xpg m 50

pp m pp m-kp, g p.

P pm w

w g

m p, p -

g, m M,

g S I-

, g m. S

p , . V

mgm

p p,

pp M D Mg-

m w. M f p p

m ppg .

what Needs To be doNe? pm w

m m ,

g M: ;

m ( w-

wk); (

P x).

w m :D g -m

Fun cng v t hcu vc n th nt. tk cfully bu p my,

v J s.


16/36

14 InoSecurIty ProeSSIonal ISSUE NUMBER 14

d s h ph, d d s

hig h ph h si ps, Ms ws.

ths gd dvi, ss Mik Hig-

gis, pss imi si

nhs uivsi i Bs,

b is qi mphsiv mbi

si sg. a m ssmipph is qid.

th is d bsiss wh i

ms sig mbi dvis i

h pis, dig Higgis, is

simp: gis hm. I w

i, hv g b gisd,h ss. T dmds si -

ig, idig whs sig i d wh

h sig i , h dds.

eig pis si s

h ms ik d i p

dii wk is (.g., i-

vis pds; oS pgds; ws) is

x h is, ss Higgis.

eig s d ppiis

d hid-p sw is spi

imp bs h ps h

smphs biggs si h dis ms ppig : h bii

dwd ppiis v h I.

app s 350,000-ps iPh pps

i is app S, d Ggs adid

Mk is pid xpdig. Kpig

d-ss hds his s v

hg is di, i impssib.

Idd, w wd hs d h

si xi: jibk. I ms

k h bi-i si s

smphs pig ssm

w gisd ppiis isid.Jibkig smphs is I-

g ids, wig ss

smiz hi dvis d v swih

wk is.

T d bsiss i m-

phsiv mbi si sg

is ss pvi, ss Higgis. H

xpis h skid hk ss

smph d ik sm iss d

-mi i spisig sh m

im. I six mis [h hk]

w i, h ss. Si pssisms b b k dw s mbi

dvis d pm m wip

d, miimm b b mv mbi dms s w s -

d isigs d -mi his.

WhatsAvAilAble?

T is s b xpdig m-

kp mbi si hg.

is, lk Mbi S-

i s ivis sw h

adid, BkB, d Widws

Ph pms. Sm is mpig

p is mbi si sw igs.ad h gwig mb p

s ppiis idd mbi

si, pis Ms.

Si, imi si pssi-

s migh w sid hs sis

. Ts siv b his

s, ss Ms. hig,

hs dvis hv siiv pgm-

mig is, h ss, whih ms

hid-p si ppiis b

di impm, spi wh

ig spp h vis mbioS pms. Isd, hik i ms

pds i mbii ddss h

i sp h pbm, Ms ss.

th ssms mgig h

ip m h pbiiis

dd mg pg mbi

vim. cmpis sh s M-

mi, Mbi aiv Ds (MaD)

d Zpis mgm -

ss h ip d ig

si s sh s psswd p-

i, pi, ivis, im-w, wk ppii ispi,

d m-wip pbiiis.

Ts s ssms bk

h si sg i h h

h si mgm d s-

i pbiiis h ppi Bk-

B epis Sv, xp h sp-p vi mbi pms d

dvis, ss ei G, si -

s d dvis bd mmb

MaD. adig G, mph-

siv si ms kig h mbivim s wh. T h

ds b mppd , h ss.

Sm gizis d hikig g hs is. is,

u.S. d gvm g is i

h pss vig sh mbi

mgm/si ssms, ss

is si xivs. T mj

qims h g is sig isvi h wig:

n Mi-pm spp (

-BkB dvi pms)

n Whiisig/bkisig

ppiis

n cizd mgm wihdisibd dmiisiv ighs

n uss gps d s ppii

di dvi si piis

n ov-h-i m

n ov-h-i gi hgs

n Jibk di/gb

md sps

n rm b/disb/wip dvi

n abii vg xisig pig

ssms

Higgis ss h dsds h

dvgs mgmdvi spp h gig ifx

mbi dvis. hig, h mbi

dvi id b d bk. T

big h s, hw d w big hm

d ?

Whats the end GAme?

Ms mpis si i h

sgs idiig vbiiis, id-

iig mdii, d dv-

pig sg bkgds i mbisi, i ms pi, ss Ms.

u, giv h sgh

mbi dvis i h pis, hs

smhig bid-h--whi-h-

b-gs sii.

c sidi shd hp

imi si pssis i-

g iv sg wih ig-dg

mbi si hg spp

his w bsiss impiv.

John Soat is a freelance business andtechnology journalist based in Ohio.

Dont send anything in e-mail that you could say on the phone, anddont say anything on the phone that you can say in person.

Adam Meyers, director of cybersecurity intelligence, SRA International


17/36

Connect with us!

www.isc2intersec.com

https://twitter.com/isc2

www.facebook.com/isc2fb

Get a sneak peek into the CAP domains.

FREE for a limited time at www.isc2.org/previews.

TARGET:DoD Mandate 8570.1

ACTION:Learn the CAP

CBK

s the DoD Mandate in your crosshairs? Pull the trigger.

Watch these 10-15 minute webcasts, presented by

n (ISC)2 Authorized Instructor, which provide

n overview of what you should know before

taking the CAP exam. The webcast series focus on

unique aspects of the CAP including the value of the

certication, each of the 7 CAP CBK Domains,

and how to study for the exam.


18/36


Cloud Security

Swiss Army Knife Tips, Tools and Techniquesfor the Well RoundedInfosecurity Professional Application Security

Session 2180 Next GenerationCloud Security Compliance

Session 2280 Using the CloudSecurity Alliance GRC Stack toattest vendor compliance

Session 2380 Cloud IncidentResponse

Session 3180 Architecting andBuilding a Secure VirtualInfrastructure and Private Cloud

Session 3280 Forensics andthe Cloud - Panel

Session 3380 Debate Collecting

of personal information fromthe Cloud

Session 4180 TBD

Session 4280 TBD

Session 2181 CriticalInfrastructure Protection& Risk Management

Session 2281 ManagingPrivacy and Security:The CISO/CPO Dialogue

Session 2381 Cyber-Security andthe Socio-Political Landscape

Going Beyond the Technology

Session 3181 Data Integrity Debate

Session 3281 TBD

Session 3381 Psychological

Principles in SocialEngineering

Session 4181 The Reality ofCyber-Centric Terrorism

Session 4281 TheRenaissance SecurityProfessional

Session 2182 Integrating SecurityConcepts into Systems andApplication Design

Session 2282 Software Security:Is OK Good Enough?

Session 2382 The Economicsof Failure

Session 3182 Security App-titude

Session 3282 Picking the RightTool for the Job: Using VendorTools to Aid in the Developmentof Secure Code

Session 3382 TBD

Session 4182 The UnintendedConsequences of Well-Intentioned Requirements

Session 4282 Integrating Securityinto the SDLC: EnterpriseSuccess Stories Panel

MondaySept. 19, 2011

11:00am 12:00pm

1:45pm 3:00pm

4:30pm 5:30pm

Tuesday

Sept. 20, 2011

11:00am 12:00pm

1:45pm 3:00pm

4:30pm 5:30pm

Wednesday

Sept. 21, 2011

11:00am 12:00pm

1:45pm 2:45pm

3:30pm 4:30pm

(ISC) Security Congress Collocated with the ASIS International

57th Annual Seminar and ExhibitsThe first annual (ISC) Security Congress offers invaluable education to all levels ofinformation security professionals, not just (ISC) members. This event will provideinformation security professionals with the tools to strengthen their security withoutrestricting their business. (ISC) and ASIS International have teamed up to bringeducation and networking opportunities to the largest security conference in the world.Register today atwww.isc2.org/congress2011.

Session 4380 Closing Keynote Session


19/36


PH

OTO

BY

VETTA

COLLECTIO

N

/ISTO

CKPH

OTO

Mobile Security &Social Networking

Governance, Regulationand Compliance Software Assurance

Session 2183 Yes You Can: How toSecurely Deploy and ManageEnterprise Mobile Devices

Session 2283 How to use Mobile DevicesCorrectly Setting Up SecurityGuardrails (Panel)

Session 2383 The Legal Ramificationsof Personal Mobile Devices in the

Workplace

Session 3183 The ABCs of Global MobileEnterprise Compliance

Session 3283 Mobile Applications:Assessing Mobile Risk

Session 3383 Impact of Social

Networking on Security Threats

Session 4183 Identify, Assess and MitigateSecurity Risks Associated with NewMobile Devices and Applications

Session 4283 TBD

Session 2184 A Practical Guide toImplementing a Risk ManagementStrategy

Session 2284 New and Pending GRCLegislation and how it Impact YourOrganization Panel

Session 2384 TBD

Session 3184 Control and Harmonizationof Compliance Efforts Across MultipleRegulations

Session 3283 Putting Your House inOrder Business IntelligenceGathered from 100+ SustainableGRC Implementations

Session 3384 Security Metrics and

Compliance

Session 4184 (4111) Information TechnologySecurity Council Series: Legal andCompliance Aspects of I.T. Panel

Session 4284 Lessons Learned from theFederal Trade Commission

Session 2185 Introduction to theSoftware Assurance Track

Session 2285 Measure Software Security

Session 2385 Why do Developers MakesThese Dangerous Software Errors?

Sessio n 3185 Improve your SDLC withCAPEC and CWE

Session 3285 Risk Analysis andMeasurement with CWRAF

Session 3385 Software Assurance Panel

and Wrap-Up

EXHIBITS:

September 19th 21st, 2011

(plus pre-conference eventson the 17th and 18th)

LOCATION:

Orange County ConventionCenter, Orlando, Florida, U.S.A.

REGISTER:

www.isc2.org/congress2011


20/36

illus

tration

by

ikon

images/robin

HeigHwa

y-bury

Complex projeCts oen equie he conibuion and collaboaion o people wih diveseabiliies, wok habis, and pesonaliies. Tey also equie a eam leade o make sue eveyhing uns

smoohly. Being an eecive eam leade is ciical in odays business wold, says Bob Hewes, a senio pa-

ne wih Boson-based Camden Consuling Goup. Tis is doubly impoan in inomaion secuiy, as

echnology is apidly changing. Youll need o daw on dieen people and expes all he ime, he adds.

When inomaion secuiy poessionals become eam leades, hey mus daw on hei vaied

expeiences, says Nelson Novaes Neo, chie secuiy oce, UOL Diveo (based in So Paulo, Bazil)and a Lain Ameican Advisoy Boad membe a (ISC)2. Fo pojec success, a eam leade mus possess

no only echnical compeency, bu also he abiliy o guide he pope developmen o behavioal

compeenciessuch as negoiaion, he says.

Good Leadership is Hard Work

I is you s ime leading a eam, how can you pepae yousel? Youll vey likely need o moivae

individuals who may be dicul, compeiive o even disupive. Youll have o mainain conol, bu have

fexibiliy o handle shiing pojec goals and deadlines.

A eam leade should hink abou he eam isel, no he pojec o he deliveables. Tey have o

ocus on geing a eam woking. Pa o ha is o ealize ha no eveyhing has o happen in omal eam

meeingsin ac many key hings happen pe- and pos-meeing, says Hewes.

Ensuing sakeholdes ae involved is anohe ciical sep. Fo example, i youe developing aninomaion secuiy pogam o he cusome conac cene, be sue o include key pesonnel om he

Being a Team Leader:

How to Deal withAwkward Situationsand ChallengingPersonalities

18 INFOSECUrItY PrOFESSIONAL issue number 14


21/36

ISSUE NUMBER 14 InoSecurIty ProeSSIonal 19

i sm pig migs.

Hws sggss skig hs skhds

i h sp is d whh

h g i. y d mk s

h higs k d h h s

igd wih h pj bjivs, ss

Hws. I , k i mii

igm wih gs.Is s imp h m

d hv sid kwdg h

m mmbs psiis d h-

isis, d pvid is

ppiis h dvpm

biiis d mpis, ss nvs

n. T d shd ws mm-

b h mivi s shd b

sidd idivid bsis. Wh

mivs ps migh mi-

v h; his is ii i

gd mgm.Mi h pgss h m

mmb, d giv spi, siv

d im dbk. Mk s h

pm isss disssd

p hp impv h ms

d m mmbsvi. Ts,

d is b x sss m

h pssi d m h wk,

ss nvs n.

ah sidi: D

h pss g v mpid d

d mh. T is dmi m mi d iv m

dship. Sm higs d p

d dvp v im, ss Hws.

Tis ds m h isss

ig, b jmpig v sig iss

v sd is hp ih.

Daling wit Fluctuation

T m d shd wd b

ppd hgs h migh

imp isk mgm, whh h

s m w hgis, g-is, s, dmi dis-

vis, ss nvs n. cig

mii pj m, h

d h di vi-

bs, pig d dvpig gs

msig ss, s w s dvis-

ig iv i ps wh x-

pd pbms dd.

Hws gs d dds h h k

is b w d xib. Tis gs

pig m v. nw, i i is

m h s h wi b g-ig hgs, h mb his shd b

g im [ mig gds]

h m disss, h ss.

I h pj sp di hgs,

h m d sid h m

mpsii, Hws ss. o shd

g k wh shd b

m. adjsm m mmbs

shd b md whim, b

mmbship shd b sidd

pm ih.

Activiti tat ImpovTam Ladip

Is imp s-im m d-

s pp hmsvs b dig

pi is d bks. I pi,nvs n sggss bmig mi-

i wih hm bhvi dvp-

m, idig iig, pshg,

d bhvi sis sh s g-

izi bhvi mgm. I is

v imp h m d shws

mi i his h ps-

si, di d ps ivi-is, ss nvs n. a m d

wh xhibis high s d

hsism is b smi g

d h m.

Mwhi, dds Hws, bsv

hs: Hw d h ds bh

iv d iiv ms wihi

gizi? T sss i

bh ss, h ss.

nvs n s sggss kig

dvg wk iviis. a

--wk g-gh sh s di sms hs, xmp,

h i d hm mg

m mmbs. y migh s sggs

im spig iviis, sh s

qik pik-p gm sb s,

miv d xp mwk, s-

d ivi.

Manag o B Managd

T bm i is h iv ds

ms b xib d mg

dif psiis isk wig

hmsvs b mgd b hm. Bh ds m big i,

ss Hws. T i bhv-

is h m ds shd vid,

idig:n givig giv dbk i

hs

n isig

n ivvig skhds

n gig hd wih

h id m gs

n pig m v

n wkig hgh dwih hs

tkig im d djs is

vi. eh m hs is w dvp-

ig h. lk wh is wkig

w d wh is, ss Hws. Tik

b wh shd d m , ss

, [wh shd] s dig, d

[wh shd] sp dig. Mk

djsms g h w d, bv

, is h m mmbs.

Marie Lingblom is a freelance technologyeditor and writer based in Massachusetts.

Team Leadership ChArACTerIsTICs

Nelson Novaes Neto suggests a team leader should develop a least a

ew o the ollowing characteristics to be successul:

n Gain knowledge o dierent cultures

n Establish and manage complex internal and external personal relationships

n Construct and maintain alliances to support internal and external initiatives

n Attempt to improve team cohesiveness and synergy under highlycomplex situations

n Seek and share inormation to support decision-making or plans, systemati-cally updating the members o the team on the latest developments

n Be a acilitator inside and outside the team, encouraging the resolutiono conicts and divergences

n Develop a policy o coexistence among the team, where membersthemselves defne acceptable and non-acceptable behaviors


22/36


23/36

issue number 14 InosecurIty ProessIonal 21

Q&aexperts address trending security topics

Public Versus PrivateLou Magnotti, cio of the u.s. house of representatives,

recently talked with InfoSecurIty ProfeSSIonal

about security challenges and concerns in the u.s.

government sector.

Q: What are the diferences in howinormation security is managed in

the U.S. government sector compared

with private industry?

Piv id i d

wih pig d , m-

p-iiv bi imi,

p idib im-

i (PII) mp d i,

d miiig pbii. T

gvm imi i

i i PII, g-iiv d, p,

d miig wihi bdg i.T bdg i p g mphi

h It dpm iip hgi

hg. a hdw d w hg, d

h i hg. Piv mpi

hv g w i pphig h hi -

i , xpiig h h d

hp ivig d q h impdig

pbm. o h h hd, gvm gi

m hv vi h g dpm

d m hi bdg ii h

It h im p h g

i reactive ii.

Q: What risks do you ace in the areas o cloud com-

puting, social media, and mobile technologies?

a h bigg pig d

mmii, w b imi d

hk. Kpig p wih h hgi

d h i impii qi d

p . nw dvi m

mi h pi m. T,

pii d pd m b d d kp

gdig h whg. cv, diw-

ig w dvi b -

i g big

b kp p wih h

dvpm. I h p, gv-

m gi w pivd

big bhid h im i h

w It dvi. td h

i h m h hd

pb d h d di mmii wih h piv

w bi.

Q: How can security proessionals across the globe

work together to combat security threats?

T m bvi w i h im h-

ig imi gdig bi i.

t m cIo viw i bh di

fi hi mp, d h

imp h mp img. Ti i -

pdiv. o d v h m-

p i m hgi dvm d

h kig hk/b imi. M pp

ppi p i mmiig h x dmg ppd d h mhd b whih

h pbm i big vd. sd, h i

d dd h ii p b

im. a wd gizi m b bihd

wih mmb hig imi d p-

hibiig h pi b imi m

pi, h iiig mbd

xdii. Ti gizi wd v

i im wh bim i gwig b

p d bd.


24/36

See the Future of IT at Interop

NEW YORKOCT. 37 // JAVITS CONVENTION CENTER

25% off discount applies to Flex Pass, Conference + Worshop and Conference Passes only.Discount calculated based on the on-site price and not combinable with other offers. Offer goodon new registrations only. Proof of IT industry involvement required. Price after discount applied:Flex: $2,306.50, Conference + Workshop: $2,026.50, Conference: $1,606.50. UBM TechWeb 2011.

Fee Ep Pa Eta t IT Leaig EvetCloud Computing | Virtualization | SeCurity | mobility | data Center | networking

S h s it ss f 200+ techlgy cmpaie.

a fee ei cv h f f it sss.

H eyte f s s.

t h v , vs h h sc

vs. a f csss in s.

m c c v vs sc .

Becme a IT He. i vs h s

chs ss ss v sss v

f it .

Free expo pass

or save 25%*

with code

CPFKNY02

www.interop.com/newyork

WorksHoPs: oc. 34, 2011 ConFErEnCE: oc. 57, 2011 ExPo: oc. 56, 2011

ExHIBITors InCLudE:


25/36


AMERICAS

Acadia UniversityJodrey School of Computer ScienceWolfville, Nova Scotia, Canadahttp://cs.acadiau.ca

British Columbia Institute of TechnologyBurnaby, British Columbia, Canadawww.bcit.ca

Carleton UniversitySchool of Computer ScienceOttawa, Ontario, Canadawww.scs.carleton.ca

Concordia UniversityEngineering and Computer ScienceMontreal, Quebec, Canadahttp://encs.concordia.ca

Conestoga CollegeInstitute of Technology andAdvanced LearningKitchener, Ontario, Canadawww.conestogac.on.ca

Dalhousie UniversityFaculty of Computer ScienceHalifax, Nova Scotia, Canadawww.cs.dal.ca

McGill UniversityElectrical and Computer EngineeringMontreal, Quebec, Canadawww.mcgill.ca/ece

McMaster UniversityFaculty of EngineeringDepartment of Computing and SoftwareHamilton, Ontario, Canadawww.cas.mcmaster.ca/cas

Phirelight Learning CentreOttawa, Ontario, Canadawww.phirelight.com

Queens UniversitySchool of ComputingKingston, Ontario, Canadawww.cs.queensu.ca

Royal Military College of CanadaDepartment of Electrical and ComputerEngineeringKingston, Ontario, Canadawww.rmc.ca

Ryerson UniversityDepartment of Computer ScienceToronto, Ontario, Canadawww.scs.ryerson.ca/scs

Simon Fraser UniversitySchool of Computing ScienceBurnaby, British Columbia, Canadawww.cs.sfu.ca

The University of Western OntarioDepartment of Computer ScienceLondon, Ontario, Canadawww.csd.uwo.ca

Trent UniversityDepartment of Computing andInformation SystemsPeterborough, Ontario, Canadawww.trentu.ca/cois

University of AlbertaFaculty of ScienceDepartment of Computing ScienceEdmonton, Alberta, Canadawww.cs.ualberta.ca

University of British ColumbiaDepartment of Computer ScienceVancouver, British Columbia, Canada

www.cs.ubc.caUniversity of CalgaryDepartment of Computer ScienceCalgary, Alberta, Canadawww.cpsc.ucalgary.ca

University of ManitobaDepartment of Computer ScienceWinnipeg, Manitoba, Canadawww.cs.umanitoba.ca

University of New BrunswickDepartment of Electrical andComputer EngineeringFredericton, New Brunswick, Canadawww.unbf.ca/eng/ee

University of OttawaSchool of Information Technologyand Engineering

Ottawa, Ontario, Canadawww.site.uottawa.ca

University of TorontoDepartment of Computer ScienceToronto, Ontario, Canadawww.cs.toronto.edu

University of VictoriaDepartment of Computer ScienceVictoria, British Columbia, Canadawww.csc.uvic.ca

University of WaterlooFaculty of MathematicsSchool of Computer ScienceWaterloo, Ontario, Canadawww.cs.uwaterloo.ca

York UniversityDepartment of Computer Science

Toronto, Ontario, Canadawww.yorku.ca

Polytechnic University of Puerto RicoCenter for Information Assurance for Researchand EducationSan Juan, Puerto Ricowww.pupr.edu/poli2008-demo/ias_center.html

Air Force Institute of TechnologyCenter for Cyberspace ResearchWright-Patterson Air Force Base DaytonOhio, United Stateswww.afit.edu/ccr

Albany State UniversityAlbany, Georgia, United Stateswww.asurams.edu

Anne Arundel Community College

Computer Technologies DepartmentAnnapolis, Maryland, United Stateswww.aacc.edu

Arizona State UniversityIra A. Fulton School of EngineeringSchool of Computing and Informatics Information Assurance CenterTempe, Arizona, United Stateshttp://ia.asu.edu

Auburn UniversityInformation Assurance Laboratory

Department of Computer Science andSoftware EngineeringAuburn, Alabama, United Stateswww.eng.auburn.edu/users/hamilton/security

Bellevue UniversityCollege of Professional StudiesBellevue, Nebraska, United Stateswww.bellevue.edu/degrees/graduate/security-management-ms

Berkeley City CollegeBerkeley, California, United Stateshttp://vistawww.peralta.edu

Boston UniversityMetropolitan CollegeDepartment of Computer ScienceBoston, Massachusetts, United States

www.bu.edu/met/departments/computerBrandeis UniversityM.S. In Information AssuranceWaltham, Massachusetts, United Stateswww.brandeis.edu/gps/programscourses/programs/ias.html

California State Polytechnic University PomonaCenter for Information AssuranceCollege of Business AdministrationPomona, California, United Stateswww.bus.csupomona.edu/cis/cia

California State UniversityCenter for Information Assurance and SecuritySacramento, California, United Stateshttp://hera.ecs.csus.edu/csc/iac

California State University San BernardinoInformation Assurance and SecurityManagement CenterSan Bernardino, California, United Stateshttp://iasm.csusb.edu

Capella UniversitySchool of Business and TechnologyMinneapolis, Minnesota, United Stateswww.capella.edu/schools_programs/business_technology/business_technology_index.aspx

Capitol CollegeGraduate Programs in Network SecurityLaurel, Maryland, United Stateswww.capitol-college.edu/academics/graduate-academics/graduate-certificates

Carnegie Mellon UniversityInformation Networking InstituteMaster of Science in Information Security

Technology Information Security (Kobe MSIT-IS)Pittsburgh, Pennsylvania, United Stateshttp://www.ini.cmu.edu/degrees/kobe_msit-is

An information security professionals education tool

Educational institutions listed in this section provide a range of degree programs in the computer science and technology fields, aswell as specialized certifications in information security disciplines. (ISC)2 has a network of authorized education affiliates worldwide

for assistance in obtaining the Gold Standard in information security certifications. For specific programs see the individual Web

sites listed in this section, and be sure to look for the (ISC)2 Authorized Education Provider logo to ensure that you are receiving

Official (ISC)2 Review Seminars. Visit http://resourceguide.isc2.org for additional resource Spotlights from (ISC) 2.

Spotlight on 2011 Information SecurityEducation Resource Guide


26/36


27/36


Carnegie Mellon UniversityCyLab Usable Privacy and Security LaboratoryPittsburgh, Pennsylvania, United Stateshttp://cups.cs.cmu.edu

Carnegie Mellon UniversitySoftware Engineering InstitutePittsburgh, Pennsylvania, United Stateswww.sei.cmu.edu

Champlain CollegeDivision of Continuing Professional StudiesComputer and Digital ForensicsBurlington, Vermont, United Stateswww.champlain.edu/cps/undergrad_degrees/cdf.php

Clark Atlanta UniversityDepartment of Computer and Information ScienceAtlanta, Georgia, United Stateswww.cis.cau.edu

Colorado Technical UniversityColorado Springs, Colorado, United Stateswww.coloradotech.edu

Dakota State UniversityCenter for Information AssuranceMadison, South Dakota, United Stateswww.dsu.edu/msia/information-assurance.aspx

Dartmouth CollegeThe Institute for Security, Technology and

Society (ISTS)Hanover, New Hampshire, United Stateswww.ists.dartmouth.edu

DePaul UniversityInformation Assurance CenterChicago, Illinois, United Stateshttp://diac.depaul.edu

DeVry UniversityKeller Graduate School of Management75 locations across the USAUnited Stateswww.keller.edu

Drexel UniversityDepartment of Electrical andComputer EngineeringPhiladelphia, Pennsylvania, United Stateswww.ece.drexel.edu

East Carolina UniversityDepartment of Technology SystemsGreenville, North Carolina, United Stateshttp://www.ecu.edu/cs-tecs/tech_systems.cfm

East Stroudsburg UniversityComputer Science DepartmentEast Stroudsburg, Pennsylvania,United Stateshttp://www4.esu.edu

Eastern Michigan UniversityCenter for Regional and National Securit yYpsilanti, Michigan, United Stateswww.emich.edu/cerns

ECPI College of TechnologyHampton, Virginia, United Stateswww.ecpi.edu

Emory UniversityCenter for Lifelong LearningIT@Emory Computer Forensics CertificationAtlanta, Georgia, United Stateswww.cll.emory.edu/it/certifications/computer-forensics

Florida State UniversityDepartment of Computer ScienceInformation Technology Assuranceand SecurityTallahassee, Florida, United Stateswww.cs.fsu.edu/infosec

Fort Hays State UniversityInformation Enterprise InstituteHays, Kansas, United Stateswww.fhsu.edu/iei

Fountainhead College of TechnologyCenter for Information Assurance andCybersecurity TrainingKnoxville, Tennessee, United Stateswww.iawire.org

George Mason UniversityDepartment of Computer ScienceFairfax, Virginia, United Stateswww.ise.gmu.edu

George Washington UniversitySchool of Engineering and Applied ScienceWashington, District of ColumbiaUnited Stateswww.seas.gwu.edu

Georgetown UniversityInstitute for Information Assurance (GIIA)Washington, D.C., United Stateshttp://www12.georgetown.edu/uis/giia

Georgia Institute of TechnologyCollege of ComputingAtlanta, Georgia, United Stateswww.cc.gatech.edu

Hagerstown Community CollegeTechnology and Computer Studies DivisionHagerstown, Maryland, United Stateswww.hagerstowncc.edu/academics/divisions/technology-computer

Idaho State UniversityNational Information Assurance Trainingand Education CenterPocatello, Idaho, United Stateshttp://niatec.isu.edu/about.htm

Illinois Institute of Technology

Center for Information SecurityChicago, Illinois, United Stateswww.iit.edu

Illinois State UniversityCenter for Information Assurance andSecurity EducationNormal, Illinois, United Stateshttp://cast.illinoisstate.edu/itk/center

Indiana UniversityCenter for Applied Cybersecurity ResearchBloomington, Indiana, United Stateshttp://cacr.iu.edu

Indiana University of PennsylvaniaInstitute for Information AssuranceIndiana, Pennsylvania, United Stateswww.iup.edu/infosecurity

Iowa State University

Information Assurance CenterAmes, Iowa, United Stateswww.iac.iastate.edu

Jacksonville State UniversityCenter for Information Security and AssuranceJacksonville, Alabama, United Stateshttp://mcis.jsu.edu/cisa

James Madison UniversityInformation Security Masters ProgramHarrisonburg, Virginia, United Stateswww.infosec.jmu.edu

Johns Hopkins UniversityInformation Security InstituteBaltimore, Maryland, United Stateswww.jhuisi.jhu.edu

Kansas State UniversityCenter for Information Systems and Assurance

Manhattan. Kansas. United Stateswww.cisa.ksu.edu

Kaplan UniversityFort Lauderdale, Florida. United Stateshttp://studentcenter.kaplan.edu/information-technology

Kennesaw State UniversityCenter for Information Security EducationKennesaw, Georgia, United Stateshttp://infosec.kennesaw.edu

Lewis UniversityInstitute for Information AssuranceRomeoville, Illinois, United Stateswww.lewisu.edu/academics/msinfosec/overview.htm

Loyola UniversityDepartment of Computer Science

Chicago, Illinois, United Stateswww.cs.luc.edu/academics/graduate/msit

Macon State CollegeSchool of Information TechnologyMacon, Georgia, United Stateswww.maconstate.edu/it

Mercy CollegeCenter for Information Assurance EducationFerry, New York, United Stateswww.mercy.edu

Metropolitan State UniversityCollege of ManagementSt. Paul, Minnesota, United Stateswww.metrostate.eduMississippi State UniversityJames Worth Bagley College of EngineeringDepartment of Computer Science and EngineeringMississippi State, Mississippi, United Stateswww.cse.msstate.edu

Missouri University of Scienceand TechnologyRolla, Missouri, United Stateshttp://cae.mst.edu

National Defense UniversityInformation Resources Management CollegeWashington, District of Columbia, United Stateswww.ndu.edu/irmc

National Defense UniversityInformation Resources Management CollegeWashington, District of Columbia, United States

http://www.ndu.edu/iCollegeNaval Postgraduate SchoolCenter for Information Systems SecurityStudies and ResearchMonterey, California, United Stateshttp://cisr.nps.edu

New Jersey City UniversityProfessional Security Studies DepartmentNew Jersey City, New Jersey, United Stateshttp://web.njcu.edu/sites/profstudies/securitystudies

New Jersey Institute of TechnologyCollege of Computing SciencesUniversity HeightsNewark, New Jersey, United Stateswww.ccs.njit.edu

New Mexico Tech

Department of Computer ScienceSocorro, New Mexico, United Stateshttp://www.cs.nmt.edu

Norfolk State UniversityInstitute for Information Assurance ResearchNorfolk, Virginia, United Stateshttp://sst.nsu.edu/ia

North Carolina A&T State UniversityCenter for Cyber DefenseGreensboro, North Carolina, United Stateshttp://caeiae.ncat.edu/CCD

North Carolina State UniversityComputer Science DepartmentRaleigh, North Carolina, United Stateshttp://www.cae-r.ncsu.edu

Northeastern UniversityCollege of Computer and Information Science

Boston, Massachusetts, United Stateswww.ccs.neu.edu

Norwich UniversityMaster of Science in Information AssuranceNorthfield, Vermont, United Stateshttp://infoassurance.norwich.edu

Nova Southeastern UniversityNational Center of Academic Excellence inInformation Assurance EducationFort Lauderdale, Florida, United Stateshttp://infosec.nova.edu

Ohio State UniversityDepartment of Computer Science and EngineeringColumbus, Ohio, United Stateswww.cse.ohio-state.edu

Oklahoma City Community CollegeOklahoma Center for Information Assurance and

Forensics Education (OCIAFE)Oklahoma City, Oklahoma, United Stateswww.occc.edu/IT/OCIAFE.html


28/36


Oklahoma State UniversityCenter for Telecommunication andNetwork Security (CTANS)William S. Spears School of BusinessStillwater, Oklahoma, United Stateshttp://ctans.okstate.edu

Our Lady of the Lake UniversityComputer Information Systems and SecuritySan Antonio, Texas, United Stateswww.ollusa.edu/s/1190/ollu.aspx?sid=1190&gid=1&pgid=991

Owens Community CollegeSchool of Business and Information SystemsPerrysburg Township, Ohio, United Stateswww.owens.edu/academic_dept/bus_tech/info_tech/index.html

Pace UniversityIvan G. Seidenberg School of ComputerScience and Information SystemsWhite Plains , New York, United Stateswww.csis.pace.edu/csis

Peirce CollegePhiladelphia, Pennsylvania, United Stateswww.peirce.edu

Pennsylvania State UniversityCenter for Information AssuranceCollege of Information Sciences and TechnologyUniversity Park, Pennsylvania, United States

http://net1.ist.psu.edu/cicaPolytechnic Institute of New York UniversityBrooklyn, New York, United Stateswww.poly.edu

Portland State UniversityMaseeh College of Engineering andComputer SciencePortland, Oregon, United Stateswww.cs.pdx.edu

Prince Georges Community CollegeInformation and Engineering TechnologyDepartmentLargo, Maryland, United Stateshttp://academic.pgcc.edu/iet/security.htm

Princeton UniversityCenter for Network Science and ApplicationsPrinceton, New Jersey, United States

www.princeton.edu/cnsaPurdue UniversityThe Center for Education and Research inInformation Assurance and SecurityWest Lafayette, Indiana, United Stateswww.cerias.purdue.edu

Rasmussen CollegeEaganEagan, Minnesota, United Stateswww.rasmussen.edu

Regis UniversityMaster of Science in Computer InformationTechnology ProgramDenver, Colorado, United Stateshttp://www.regis.edu/regis.asp?sctn=cpcis

Rochester Institute of TechnologyComputing Security and InformationAssurance Center

Rochester, New York, United Stateswww.nssa.rit.edu

Rose State CollegeNetworking and Cyber Security DepartmentMidwest City, Oklahoma, United Stateswww.rose.edu/students/busdiv/networking/InfoSecCert.asp

Rutgers, The State University of New JerseyRutgers Center for Information AssuranceNew Brunswick, New Jersey, United Stateshttp://rucia.rutgers.edu

Sam Houston State UniversityComputer Science DepartmentHuntsville, Texas, United Stateswww.shsu.edu/catalog/cs.html

Seminole State College of FloridaSanford, Florida, United Stateshttp://www.seminolestate.edu

South UniversityCollege of BusinessMS in Information Systems and TechnologyInformation SecuritySavannah, Georgia, United Stateswww.southuniversity.edu/college-of-business/savannah-information-systems-and-technology-msist-173512

Southern Methodist UniversityHigh Assurance Computing and Networking LabDallas, Texas, United States

http://hacnet.smu.eduSouthern Polytechnic UniversityCenter for Information Security EducationMarietta, Georgia, United Stateshttp://cise.spsu.edu

St. Cloud State UniversityCenter for Information Assurance StudiesSt. Cloud, Minnesota, United Stateshttp://web.stcloudstate.edu/cias/index.htm

St. Petersburg CollegeIT Security Associate in Science DegreeLargo, Florida, United Stateswww.spcollege.edu/itsecurity

Stanford UniversityDepartment of Computer ScienceStanford, California, United Stateswww.cs.stanford.edu

State of New York University at BuffaloCenter of Excellence in Information SystemsAssurance, Research and Education (CEISARE)Buffalo, New York, United Stateswww.cse.buffalo.edu/caeiae

State University of New York-Stony BrookDepartment of Computer ScienceStony Brook, New York, United Stateswww.cs.sunysb.edu

Stevens Institute of TechnologySchool of Systems and EnterprisesHoboken, New Jersey, United Stateshttp://sse.stevens.edu/academics/graduate/software-engineering/program-overview/software-assurance

Stevens Institute of TechnologyDepartment of Computer Science

Hoboken, New Jersey, United Stateswww.cs.stevens-tech.edu

Syracuse UniversityCenter for Systems AssuranceSyracuse, New York, United Stateswww.csa.syr.edu

Texas A&M UniversityNetworking and Information SecurityCollege Station , Texas, United Stateshttp://nis.tamu.edu

Towson UniversityCenter for Applied Information TechnologyTowson, Maryland, United Stateshttp://www.towson.edu/outreach/cait

U.S. Naval AcademyDepartment of Computer ScienceAnnapolis, Maryland, United States

www.usna.edu/CSUnited States Air Force AcademyColorado Springs, Colorado, United Stateswww.usafa.af.mil

United States Military Academy West PointInformation Technology and Operations CenterDepartment of Electrical Engineering andComputer ScienceWest Point, New York, United Stateswww.itoc.usma.edu

University at BuffaloThe State Universi ty of New York Center ofExcellence in Information Systems AssuranceResearch and EducationDepartment of Computer Science and EngineeringBuffalo, New York, United Stateswww.cse.buffalo.edu/caeiae

University of Advancing TechnologyCenter for Information AssuranceTempe, Arizona, United Stateswww.uat.edu/academics/Information_Assurance.aspx

University of Alabama in HuntsvilleHuntsville, Alabama, United Stateswww.uah.edu

University of Alaska-FairbanksAdvanced Systems Security Education,Research, and Training CenterDepartment of Computer ScienceFairbanks, Alaska, United Stateshttp://assert.uaf.edu/index.html

University of Arizona-TucsonInformation Assurance and SecurityEducation CenterEller College of ManagementTucson, Arizona, United Stateshttp://iasec.eller.arizona.edu

University of Arkansas at Little RockCenter for Assurance, Security and SoftwareUsabilit y, Research and Education (ASSURE)Little Rock, Arkansas, United Stateshttp://ualr.edu/eit

University of California IrvineSecure Computing and Networking CenterIrvine, California, United States

http://sconce.ics.uci.eduUniversity of California-DavisComputer Security LaboratoryDepartment of Computer ScienceDavis, California, United Stateshttp://seclab.cs.ucdavis.edu

University of CincinnatiSchool of Computing Science and InformaticsCincinnati, Ohio, United Stateswww.cs.uc.edu

University of ConnecticutDepartment of Computer Science and EngineeringStorrs, Connecticut, United Stateswww.cse.uconn.edu/cms

University of DallasCenter for Information AssuranceGraduate School of Management

Irving, Texas, United Stateswww.thedallasmba.com/ia/centerforia.cfm

University of DenverDepartment of Computer ScienceDenver, Colorado, United Stateswww.cs.du.edu

University of Detroit MercyCentre for Assurance StudiesDetroit, Michigan, United Stateshttp://business.udmercy.edu/assurance-studies/index.htm

University of HoustonInformation Security ProgramCollege of TechnologyHouston, Texas, United Stateswww.tech.uh.edu

University of Idaho

Center for Secure and Dependable SystemsMoscow, Idaho, United Stateswww.csds.uidaho.edu

University of IllinoisComputer ScienceUIC College of EngineeringChicago, Illinois, United Stateshttp://engineering.uic.edu

University of Illinois at SpringfieldCenter of Systems Security and InformationAssuranceSpringfield, Illinois, United Stateshttp://csc.uis.edu/center

University of Illinois at Urbana-ChampaignDepartment of Computer ScienceUrbana, Illinois, United Stateswww.cs.uiuc.edu


29/36

The baTTlefield is invisible. The rewards are very real.

The cyber battlefeld is swarming with terrorists, hackers and spies looking to steal secrets, knock out power

grids and more. Thats why employers rom Cyber Command to private businesses need cybersecurity experts

now. And why a bachelors or masters degree or graduate certiicate in cybersecurity rom University o

Maryland University College (UMUC) is in high demand. Oered completely online, its your chance to fght back

against cyber terrorismwhile advancing your career.

Designated as a National Center of Academic Excellence in Information

Assurance Education by the NSA and DHS

Programs include a BS and MS in cybersecurity, MS in cybersecurity policy,

and three graduate certifcates

Financial aid and an interest-free monthly payment plan available

eo o. 800-888-UMUC umuc.edu/globalsecurityCopyright 2011 University of Maryland University College

cybersecuriTy


30/36


University of KansasInformation Assurance LaboratoryInformation and TelecommunicationsTechnology Center (ITTC)Lawrence, Kansas, United Stateshttp://ial.ittc.ku.edu

University of LouisvilleComputer Engineering and Computer ScienceLouisville, Kentucky, United Stateshttp://louisville.edu/speed/computer

University of Louisville

College of Business and Speed Schoolof EngineeringLouisville, Kentucky, United Stateswww.louisville.edu/infosec

University of MarylandThe Graduate SchoolCollege Park, Maryland, United Stateshttp://www.gradschool.umd.edu

University of Maryland University CollegeAdelphi, Maryland, United Stateswww.umuc.edu

University of Maryland, Baltimore CountyCenter for Information Security and AssuranceBaltimore, Maryland, United Stateswww.cisa.umbc.edu

University of Massachusetts-AmherstDepartment of Computer Science

Amherst, Massachusetts, United Stateswww.cs.umass.edu

University of Massachusetts-LowellLowell, Massachusetts, United Stateswww.uml.edu

University of MemphisCenter for Information Assurance ComputerScience DepartmentMemphis, Tennessee, United Stateshttp://cfia.memphis.edu/home

University of MinnesotaInstitute of TechnologyDepartment of Computer Science andEngineering - Information Assurance CenterMinneapolis, Minnesota, United Stateswww.cs.umn.edu

University of Missouri- Columbia

Application Security Education ProgramDivision of Information TechnologyColumbia, Missouri, United Stateshttp://asep.missouri.edu

University of Missouri-RollaCenter for Critical Infrastructure ProtectionRolla, Missouri, United Stateshttp://ccip.mst.edu

University of Nebraska at OmahaNebraska University Consortium onInformation AssuranceCollege of Information Science and TechnologyOmaha, Nebraska, United Stateshttp://nucia.ist.unomaha.edu

University of Nevada Las VegasSchool of InformaticsLas Vegas, Nevada, United States

http://informatics.unlv.eduUniversity of New MexicoCenter for Information Assurance Research andEducationAlbuquerque, New Mexico, United Stateshttp://ia.mgt.unm.edu

University of New OrleansDepartment of Computer ScienceNew Orleans, Louisiana, United Stateswww.cs.uno.edu

University of North Carolina at CharlotteThe Laboratory of InformationIntegration Security and PrivacyDepartment of Software andInformation SystemsCharlotte, North Carolina, United Stateswww.sis.uncc.edu/LIISP

University of North TexasCenter for Information and Computer SecurityDenton, Texas, United Stateshttp://www.unt.edu/training

University of PennsylvaniaDepartment of Computer andInformation SciencePhiladelphia, Pennsylvania, United Stateswww.cis.upenn.edu

University of PittsburghSchool of Information ScienceLaborator y of Education and Research onSecurity Assured Information SystemsPittsburgh, Pennsylvania, United Stateswww.sis.pitt.edu/%7Elersais

University of South CarolinaCenter for Information Assurance EngineeringColumbia, South Carolina, United Stateswww.cse.sc.edu/research/isl

University of Tennessee at ChattanoogaInformation Security CenterChattanooga, Tennessee, United Stateswww.utc.edu/cisa

University of Texas at DallasCybersecurity and EmergencyPreparedness InstituteErik Jonsson School of Engineeringand Computer Science

Richardson, Texas, United Stateswww.utdallas.edu/research/dfepi

University of Texas at El PasoCenter for Information AssuranceEl Paso, Texas, United Stateswww.cs.utep.edu/cfia

University of Texas at San AntonioCollege of BusinessSan Antonio, Texas, United Stateshttp://business.utsa.edu

University of Texas Health ScienceCenter at HoustonSchool of Biomedical InformaticsHouston, Texas, United Stateswww.uhouston.edu/sbml/education/applied

University of TulsaCenter for Information Security

Tulsa, Oklahoma, United Stateswww.cis.utulsa.edu

University of VirginiaSchool of Engineering and Applied ScienceCharlottesville, Virginia, United Stateswww.seas.virginia.edu

University of WashingtonCenter for Information Assurance andCybersecurityInstitute of TechnologyTacoma, Washington, United Stateshttp://ciac.ischool.washington.edu

Utica CollegeSchool of Business and Justice StudiesUtica, New York, United Stateshttp://www.utica.edu/academic/ssm/cybersecurity

Vanguard Integrity ProfessionalsRACF Trainingenterprise security softwareLas Vegas, Nevada, United Stateshttps://training.go2vanguard.com

Virginia Polytechnic Institute andState UniversityComputer Science DepartmentBlacksburg, Virginia, United Stateshttp://www.cs.vt.edu

Walden UniversityCollege of Management and TechnologyMinneapolis, Minnesota, United Stateswww.waldenu.edu

Walsh CollegeBusiness Information TechnologyInformation Assurance CenterTroy, Michigan, United States

http://www.walshcollege.edu/iac

Weber State UniversityOgden, Utah, United Stateswww.weber.edu

West Chester University of PennsylvaniaCenter for Academic Excellence inInformation AssuranceDepartment of Computer ScienceWest Chester, Pennsylvania, United Stateswww.cs.wcupa.edu

West Virginia UniversityInstitute for Information Assurance StudiesMorgantown, West Virginia, United Stateshttp://www.csee.wvu.edu/IIAS

Western Governors UniversityCollege of Information TechnologySalt Lake City, Utah, United Stateswww.wgu.edu/online_it_degrees/information_security_assurance_degree

ASIA-PACIFIC

Macquarie UniversityDepartment of ComputingNorth Ryde, New South Wales, Australiawww.comp.mq.edu.au

Macquarie UniversityThe Centre for Advanced ComputingAlgorithms and Cryptography (ACAC)

North Ryde, New South Wales, Australiawww.ics.mq.edu.au/acac

Macquarie UniversityInformation and Networked Systems SecurityResearchNorth Ryde, New South Wales, Australiawww.comp.mq.edu.au/research/inss

Queensland University of TechnologyFaculty of Science and TechnologySchool of Software Engineering andData CommunicationsBrisbane, Queensland, Australiahttp://www.scitech.qut.edu.au

The Australian National UniversityFaculty of Engineering andInformation TechnologyDepartment of Computer ScienceCanberra, Australian Capital Territory

Australiahttp://cs.anu.edu.au

The University of AdelaideSchool of Computer ScienceAdelaide, South Australia, Australiawww.cs.adelaide.edu.au

The University of AdelaideDefence and Security ClusterAdelaide, South Australia, Australiawww.adelaide.edu.au/desec

The University of MelbourneFaculty of EngineeringMelbourne, Victoria, Australiawww.eng.unimelb.edu.au

The University of MelbourneThe Research Network for a Secure AustraliaMelbourne, Victoria, Australia

www.civenv.unimelb.edu.au/research/centres/rnsa.html

The University of New South WalesSchool of Engineering and Information TechnologyCanberra, Australian Capital TerritoryAustraliawww.itee.adfa.edu.au

University of South AustraliaSchool of Computer and Information Science,Advanced Computing Research CentreMawson Lakes, Australiawww.acrc.unisa.edu.au

Beijing University of Posts andTelecommunicationsSchool of Computer Science and TechnologyBeijing, Chinawww.bupt.edu.cn

Beijing University of Posts andTelecommunicationsSchool of Information EngineeringBeijing, Chinawww.bupt.edu.cn


31/36


Fudan UniversitySchool of Information Science and EngineeringBeijing, Chinahttp://www.fudan.edu.cn/englishnew

Nankai UniversityCollege of Information Technical ScienceTianjin, Chinahttp://it.nankai.edu.cn/ITEMIS/index.asp

Peking UniversityInstitute of Computer Science and TechnologyBeijing, Chinawww.icst.pku.edu.cnPeking UniversityNetwork & Information Security LabBeijing, Chinahttp://infosec.pku.edu.cn

Shandong UniversityCryptography and Information Security LaboratoryJinan, Chinawww.infosec.sdu.edu.cn

Shanghai Jiao Tong UniversitySchool of Information Security EngineeringShanghai, Chinahttp://infosec.sjtu.edu.cn

The Chinese Academy of SciencesGraduate SchoolSchool of Information Science and EngineeringBeijing, China

http://www.gscas.ac.cn/gscasenglish/index.aspx

The Chinese Academy of SciencesGraduate SchoolInstitute of Software (ISCAS)Beijing, Chinahttp://iscas.ac.cn/english/index.action

The Chinese Academy of SciencesGraduate SchoolThe State Key Laboratory of Information SecurityBeijing, Chinawww.is.ac.cn

Tongji UniversityDepartment of Computer Science and TechnologyShanghai, Chinawww.tongji.edu.cn/english/inc/index.asp

Tsinghua University

School of Information Science and TechnologyBeijing, Chinawww.sist.tsinghua.edu.cn

University of Science and Technologyof ChinaDepartment of Information SecurityHefei, Anhui Province, Chinahttp://infosec.ustc.edu.cn

Wuhan UniversityThe College of Computer ScienceWuhan, Chinahttp://cslab.whu.edu.cn/index.php

Xidian UniversitySchool of Computer Science and TechnologyXiAn, Chinahttp://www.xidian.edu.cn

Biometrics Research Centre

Faculty of EngineeringDepartment of ComputingKowloon, Hong Konghttp://www4.comp.polyu.edu.hk/~biometrics

City University of Hong KongFaculty of Science and EngineeringDepartment of Computer ScienceKowloon, Hong Kongwww.cs.cityu.edu.hk

City University of Hong KongDepartment of Electronic EngineeringKowloon, Hong Kongwww.ee.cityu.edu.hk

The Chinese University of Hong KongDepartment of Computer Scienceand EngineeringHong Kongwww.cse.cuhk.edu.hk

The Hong Kong Polytechnic UniversityFaculty of EngineeringDepartment of ComputingKowloon, Hong Kongwww.comp.polyu.edu.hk

The Hong Kong University of Scienceand TechnologySchool of ScienceDepartment of Computer ScienceKowloon, Hong Kongwww.cs.ust.hk

The University of Hong KongDepartment of Computer ScienceHong Kongwww.cs.hku.hk

Indian Institute of Technology-BombayDepartment of Computer Scienceand EngineeringBombay, Indiahttp://www.cse.iitb.ac.in

Indian Institute of Technology-KharagpurDepartment of Computer Scienceand EngineeringKharagpur, Indiawww.iitkgp.ernet.in

Indian Institute of Technology-MadrasDepartment of Computer Scienceand Engineering

Madras, Indiawww.cse.iitm.ac.in

Graduate School of Applied InformaticsUniversity of HyogoCarnegie Mellon UniversityMaster of Science in InformationTechnology Information SecurityKobe, Japanhttp://www.cmuj.jp

Institute of Information SecurityYokohama, Japanhttp://www.iisec.jp

Dongguk UniversityGraduate School of International Affairs& InformationDepartment of Information SecuritySeoul, Koreahttp://www.dongguk.edu

Hanyang UniversityThe College of Information and CommunicationsSeoul, Koreahttp://www.hanyang.ac.kr/english

Korea Advanced Institute of Scienceand TechnologyInformation Technology Convergence CampusDaedeok Science Town, Koreahttp://www.kaist.edu

Korea Advanced Institute of Scienceand TechnologyDivision of Computer ScienceDaejeon, Koreawww.kaist.edu

Korea UniversityCentre for the Information Security TechnologiesSeoul, Korea

http://cist.korea.ac.krSeoul National UniversitySchool of Computer Science and EngineeringSeoul, Koreahttp://web.cse.snu.ac.kr/english/index.asp

Sogang UniversityDepartment of Computer ScienceSeoul, Koreahttp://cs.sogang.ac.kr

Soongsil UniversityDepartment of Information ScienceSeoul, Koreahttp://com.ssu.ac.kr

Sungkyunkwan UniversitySchool of Information andCommunication EngineeringSuwon, Korea

http://icc.skku.ac.kr/icchome/e11.jsp

Choongang UniversityGraduate School of Information TechnologySeoul, Korea, Republic ofhttp://gsi.cau.ac.kr

Semyung UniversitySemyung Information & Communication SystemJechon, Korea, Republic ofhttp://smics.semyung.ac.kr

International Islamic University MalaysiaKulliyyah of Information and CommunicationTechnologyKuala Lumpur, Malaysiahttp://kict.iium.edu.my

Multimedia UniversityCentre for Cryptography and Information SecuritySelangor, Malaysiahttp://foe.mmu.edu.my/main/research/ccis/index.html

Swinburne UniversitySarawak CampusInformation Security Research (iSECURES) LabSarawak, Malaysiawww.swinburne.edu.my/iSECURES

Universiti Sains MalaysiaSchool of Computer SciencesPenang, Malaysiawww.cs.usm.my

Universiti Sains Malaysia

National Advance IPv6 Centre of ExcellencePenang, Malaysiawww.nav6.org

Universiti Teknologi MalaysiaFaculty of Computer Science andInformation SystemsKuala Lumpur, Malaysiawww.fsksm.utm.myUniversity of CanterburyCollege of EngineeringThe Department of Computer Science& Software EngineeringChristchurch, New Zealandwww.cosc.canterbury.ac.nz

University of OtagoInformation Science School of BusinessDunedin, New Zealandhttp://www.infoscience.otago.ac.nz

Nanyang PolytechnicSchool of Information TechnologySingaporewww.nyp.edu.sg

Nanyang Technological UniversitySchool of Electrical and Electronic EngineeringCentre for Information SecuritySingaporewww.ntu.edu.sg/eee/cis

National University of SingaporeInstitute of Systems ScienceSingaporewww.iss.nus.edu.sg/iss/index.jsp

National University of SingaporeSchool of ComputingSingaporewww.comp.nus.edu.sg

Singapore Management UniversitySchool of Information SystemsSingaporewww.sis.smu.edu.sg

Singapore PolytechnicSchool of Digital Media and Infocomm TechnologySingaporewww.sp.edu.sg

National Central UniversityDepartment of Computer Science andInformation EngineeringChung-li, Tao-yuan, Taiwanwww.csie.ncu.edu.tw

National Cheng Kung UniversityDepartment of Computer Science andInformation EngineeringTainan City, Taiwanwww.csie.ncku.edu.tw


32/36


National Chiao Tung UniversityCollege of Computer ScienceHsinchu, Taiwanwww.ccs.nctu.edu.tw

National Chiao Tung UniversityCollege of Electrical and Computer EngineeringHsinchu, Taiwanwww.eecs.nctu.edu.tw

National Chung Cheng UniversityDepartment of Computer Science andInformation EngineeringMin-Hsiung, Chia-Yi, Taiwanwww.cs.ccu.edu.tw

National Chung Cheng UniversityDepartment of Information ManagementMin-Hsiung, Chia-Yi, Taiwanwww.mis.ccu.edu.tw

National Chung-Hsing UniversityDepartment of Computer ScienceTai-Chung City, Taiwanwww.nchu.edu.tw

National Sun Yat-sen UniversityDepartment of Computer Scienceand EngineeringKaohsiung, Taiwanwww.cse.nsysu.edu.tw

National Taiwan UniversityDepartment of Computer Science and

Information EngineeringTaipei, Taiwanwww.csie.ntu.edu.tw

National Taiwan UniversityDepartment of Electrical EngineeringTaipei, Taiwanwww.ee.ntu.edu.tw

National Taiwan University of Scienceand TechnologyDepartment of Information ManagementTaipei City, Taiwanhttp://star7.cs.ntust.edu.tw

EUROPE, MIDDLE EAST, AFRICA

Ecole Nationale Suprieure dIngnieursde BourgesFilire STI, Bourges, Francewww.ensi-bourges.frENST Bretagne et SUPELECMastre Spcialis en Scurit desSystmes dInformationRennes, Francehttp://www.supelec.fr

Universit BordeauxSciences et TechnologiesDpartement dInformatiqueTalence, Francewww.u-bordeaux1.fr

Universit de Technologie de TroyesMaster Sciences et TechnologieSpcialit Scurit des Systmes dInformationTroyes, Francewww.utt.fr/uk/index.php

Universit Franois-Rabelais

UFR Sciences et techniquesDpartement InformatiqueBlois, Francehttp://www.univ-tours.fr

Universit NantesDpartement InformatiqueNantes, Francewww.iut-nantes.univ-nantes.fr

Fachhochschule fr Oekonomie& ManagementUniversity of Applied SciencesGermanywww.fom.de/bachelor_of_it-engineering_studieninhalte.html

Ruhr-Universitt BochumHorst Grtz InstituteBochum, Germany

www.ruhr-uni-bochum.de

Dublin City UniversityFaculty of Engineering and ComputingDublin, Irelandwww.dcu.ie/engineering_and_computing/index.shtml

Universit? degli Studi di MilanoSicurezza dei Sistemi e delle Reti InformaticheCrema, Italywww.cdlonline.unimi.it/cdlOnline/default.asp

Universit degli Studi di Roma La SapienzaRome, Italyhttp://security.di.uniroma1.it/masterUniversit Ca Foscari VeneziaVenice, Italywww.dsi.unive.it/sicurezza

Moscow Engineering Physics Institute(State University)Department of CyberneticsMoscow, Russiawww.mipt.ru/eng

Gteborgs UniversitetComputer Science and EngineeringGteborg, Swedenwww.chalmers.se/cse

KTH, Skolan fr Informations-OchKommunikationsteknikKista, Swedenwww.it.kth.se

ETH, Swiss Federal Institute ofTechnology ZurichCenter for Security StudiesZurich, Switzerlandwww.css.ethz.ch

Birmingham City UniversityBirminghamUnited Kingdomhttp://www.bcu.ac.uk

Canterbury Christ Church UniversityDepartment of ComputingCanterbury, Kent, United Kingdomwww.cante

Date post:	07-Apr-2018
Category:	Documents
Upload:	gendalf83
View:	231 times
Download:	0 times

Issue 14 Final

Documents