Planning and Conducting An IT Security Conference

Two Approaches

Robert Ono, University of California, Davis

Theresa Semmens, North Dakota State University, Fargo

2

Information Security Training Conferences

A Component of a Broader Information Security Program

Several Options Available Schedule: One-time vs On-going Focus: Technical vs Management Format: Lecture vs Hands-on Instruction Funding: Internal vs External Sponsors Location: Off-site vs Campus Facilities

3

Key Planning Areas

Conference Coordination Staff Identification of Key Objectives Program and Budget Planning Integration with Sponsors Event Logistics/Facilities Determining Session Content Project Management Post-Conference Evaluation

4

Two Examples

IT Security Symposium, UC Davis Biennial Schedule Next Conference, June 22-24, 2005 Registration Limited to University of California Staff

IT Security Conference, North Dakota State University Annual Schedule (Tentative) Next Conference, November 3, 2005 Registration open to IT staff in K-20, public , private, and

tribal

5

2005 IT Security Symposium, UC DavisConference Planning Committee

Campus IT Security Officer, Chairperson University Participation from Technical Staff

School of Veterinary Medicine Deans’ Office, College of Letters and Science Dean’s Office, College of Agricultural and Environmental

Sciences Computer Science Department Plant and Environmental Sciences Department University of California, Office of the President

Classroom Technology Specialist, IET Communication Specialist, IET Administrative Specialist, IET Project Management, IET Contract Web Developers

6

2005 IT Security Symposium, UC DavisFormal Objectives

Discuss Relevant/Timely Security Topics for System/Security Administrators,

Provide Hands-on Lab Training Opportunities for Security Knowledge/Skill Advancement

Promote Sharing of Local Security Knowledge and Expertise

Provide a Networking Opportunity Among Registrants

Serve Technical Audience of 75% UC Davis and 25% Other UC campuses   

Maintain An Affordable Conference Fee ($100 or less)

7

2005 IT Security Symposium, UC DavisConference Format

Two and a Half Day Conference Single Keynote Speaker Hands-on Instructional Labs (30 @ 3 hours each)

Campus Session Technical Presenters (6) Sponsor In-Kind Technical Presentations (24)

Instructional Lectures (15) Financial Sponsor Sessions (5) Networking Opportunity – BF/Lunches Registration Fee ($85)

8

2005 IT Security Symposium, UC DavisProject Schedule – 32 Weeks

Weeks 1-8, Bi-Weekly Meetings1. Define Objectives2. Establish Event Format and

Calendar3. Prepare Budget4. Determine Sponsor Participation5. Identify Resources for Event

1. Instructional Rooms2. Catering3. Keynote and Overflow4. Audio/Visual Requirements5. Proctors

6. Establish Subcommittees7. Prepare Communication Plan8. Initiate Development of an Online

Registration System9. Solicit Sponsors & Keynote

Weeks 9-32, Weekly Meetings

1. Request Faculty Participation

2. Prepare/Release Call for Papers

3. Review Submitted Sessions

4. Finalize Session Content

5. Prepare/Release Online Registration & Communications

6. Finalize Catering Order

7. Finalize Speaker Honorarium

8. Prepare Conference Handouts/Shirts/Bags

9. Prepare Instructional Labs

10. Arrange Proctors & Registration Staff

11. Conduct Conference

12. Post Evaluation

9

2005 IT Security Symposium, UC DavisCommunication Plan

What Are The Key Messages? Who are Target Audiences? Who Can Help Spread Messages? Web Sites – Informational and Registration Announcements – Registrants/Vendors/Speakers Publications – Organizational and Institutional Graphics Signage Acknowledgements

10

2005 IT Security Symposium, UC DavisConference Sponsors

Financial Sponsors Two Levels, $7,500 and $3,000 Independent Session Opportunity Material Display Opportunity Corporate Logo on Conference T-Shirt

Instructional Session Sponsors Technical Instruction Demonstration Material Display Opportunity Corporate Logo on Conference T-Shirt

11

2005 IT Security Symposium, UC DavisBudget (2.5 days)

Ten Win/Mac/Linux/Solaris Computing Labs $ Donated Food (2 Lunch, 3 Breakfasts, 2 Afternoon Refreshments) $13,750 Door Prizes ($1,000 Instruction Cert x 6 and Texts) $ 5,250 External Developers, Conference Web Registration $ 3,500 Keynote Speaker – Streaming Video $ 3,000 Conference T-Shirts (275) $ 2,500 Session Speaker Gratuity (UC Speakers) $ 2,000 Duplication/Office Supplies $ 1,000 Facility Setup (Labor/Fees) $ 1,000 Facility/Space Rental $ 1,000 Speaker Appreciation Dinner $ 1,000 Conference Polo Shirts (20) $ 650 Bus Transportation During Event $ 500 Keynote Speaker Gratuity $ 100 Contingency Fund $ 3,000 Revenue – Projected Registration Fees $18,000 Revenue – University of California, Office of the President $ 5,000 Revenue – External Sponsors $18,000

12

2005 IT Security Symposium, UC DavisConference Schedule

June 22, Wed, 8-10:30am Breakfast, Opening & Keynote

June 22, Wed 10:30-12noon Concurrent Financial Sponsor Sessions

June 22, Wed, 1:45-4:45pm Instructional Computing Labs/Lectures

June 22, Wed, 12-1:30pm Lunch

June 22, Wed, 1:45-4:45pm Instructional Computing Labs/Lectures

June 23, Thu, 8-8:45am Breakfast

June 23, Thu, 9-12noon Instructional Computing Labs/Lectures

June 23, Thu, 12:15-1:30pm Lunch/Sponsor Tables

June 23, Thu, 1:45-4:45pm Instructional Computing Labs/Lectures

June 24, Fri, 8-8:45am Breakfast

June 24, Fri, 9-12noon Instructional Computing Labs/Lectures

13

2005 IT Security Symposium, UC DavisSponsors and Session Contributions

Financial Sponsors Dell and Tipping Point

Application Infrastructure and Performance Protection

KPMG International Business Improvement and

Technology Implementation Microsoft Corporation NEC Solutions America

Simplified Password Management and User Identification

Sophos Assessing Security Risks

Teros Understanding and Preventing

Web Application Attacks

Instructional Sponsors Apple Computers

OSX Tiger – New Security Features Securing OSX

IS Inc. Certified Training Securing Windows Server Active Directory Securing Windows Server 2003

MacTrainers Certified Training OSX Basics OSX Security

Microsoft Implementing Windows Update Service Secure Configuration of Windows 2003

New Horizons Certified Training Ethical Hacking Techniques

Sun Microsystems Solaris 10.x Implementing Solaris Security Toolkit

14

2005 IT Security Symposium, UC DavisUC Faculty/Staff Presentations

Campus Firewall Services Converting Policy to Reality Deploying Tripwire – A Change Auditing and Security Tool Establishing A Virtual Private Network Improving Unix Security – Advanced Topics Introduction to Computer Forensics Intrusion Detection with Open Source Tools Planning, Staffing and Sustaining a Secure Department IT

Function Running a Secure Fedora Linux Machine Identifying Unix

Compromises Vulnerability Scanners to Intrusion Prevention – What’s Next UC Davis Information Security Standards

15

2005 IT Security Symposium, UC DavisCurrent Status

Registration Open: April 4, 2005 Conference Web Site:

http://itsecuritysymposium.ucdavis.edu/ Conference Registration Site:

https://secure.ucdavis.edu/securitysymposium/

16

2005 IT Security Symposium, UC DavisLessons Learned

Start Planning Process Early Financial and Content Sponsors

Requires Objective Approach – Somewhat Similar to An RFP Consider Sponsor Interests Sponsorship Levels Lots of Follow-up Required Timing of Financial Sponsor Sessions

Local Networking Opportunities During the Conference Computing Lab Setup Review Post-Conference Evaluations for Suggestions

17

2004 IT Security Conference, NDSU, Fargo“A Call to Action”

Conference Demographics Dual Population Base

Provide and information and networking resources for Colleges and Universities in a tri-state area Rural area schools, K-12 in a tri-state area

Dual Audience and Purpose Provide information and training to:

Technical staff Administrative staff

Conference hosted off campus Presenters fees were “no charge” or local expertise

18

2004 IT Security Conference, NDSU, FargoConference Planning Committee

2004 NDSU IT Security Officer,

Co-Chairperson EduTech Director, Co-

Chairperson ND University System IT

Security Officer NDSU ITS Management:

Director, Policy Management

Communications Specialist

HR Specialist

2005 All of those for 2004 plus: EduTech:

EduTech Help Desk Manager

EduTech Coordinator of Network Services

19

2005 IT Security Conference, NDSU, FargoFormal Objectives

Increase awareness of IT security issues and solutions Discuss best practices in the areas of policy, technology

& operations Increase networking opportunities with peers Provide workable solutions for those institutions on a

“shoe-string” / non-existent IT security budget Serve a broad technical/administrative audience Minimal Conference Fee – Many K-12 lack funding Location – Learning Labs?

20

IT Security Conference, NDSU, FargoConference Format - 2004

Keynote SpeakerIS Risk Management – Challenges and Strategies

Two panel discussionsNetwork Authentication

Patch Management

Three general sessionsForensics, Wireless, MSUM solutions

Luncheon speaker Windows XP Service Pack 2 in the Educational Community

No Vendor booths

Keynote and last general session - vendors, no product promotion

Used a mix of outside and institutional expertise

21

IT Security Conference, NDSU, FargoConference Format - 2005

Single Keynote Speaker

Breakout session – two tracks – six sessions

Administrative

Technical

One panel discussion

Two general sessions

Vendor booths set up from 10 AM to 2 PM

Networking opportunity – BF/luncheon

Registration fee ($75.00)

22

2005 IT Security ConferenceProject Schedule - NDSU

Task Date Completed Committee Member

Set date 2/8/2005 All

Set budget 2/8/2005 Theresa

Reserve conference location, catering contract, 3/8/2005 Theresa

Send email with new date to past attendees 3/7/2005 Theresa

Review and send sponsor letter, log info and follow up

Tabled till next meeting Wayne, Cathy, Dick

Develop Marketing PlanTabled till next

meeting Theresa, Cathy

Build website Started Mary, Cathy, Theresa

Secure speakers Started Theresa, Jody

23

2005 IT Security ConferenceCommunication Plan - NDSU

Key Messages for Target Audiences

Web Site (http://its.ndsu.nodak.edu/security/conference-05/) Information, Announcements Registration Form

Publications – Organizational and Institutional

Signage

Forms – participant, sponsor, vendor, presenter

Acknowledgements

24

2005 IT Security Conference Sponsors - NDSU

Vendor Sponsorships 2005 Conference

$500

2004 Conference Symantec $500 DakTec $500 Cisco $1000

25

2005 IT Security Professionals Conference Schedule (tentative AM)

Time Session7:30 Registration

8:00 Welcome

8:30 Keynote Address – Dr. Kevin Streff, SDSU, Information Assurance

9:30 General Session – Jack Suess, Spam, Initiatives & Research

10:50 Panel Discussion – Secure Management of Wireless Networks

11:45 Luncheon & Vendor Visitation

26

2005 IT Security Professionals Conference Schedule (tentative PM)

Breakout SessionsTrack A Track T1:00 First Response for Incidents Dr. Steven Gribble –

“Security on the Move”

2:00 Dr. Huirong Fu – Cisco – Wireless War drivingInformation Assurance

3:00 John Weaver – ISO 17799 Dr. Steven Gribble – Measuring Spyware at the

UWGeneral Session4:00 STAGEnet, Dan Sipes, ITD, State of North Dakota

27

2005 IT Security Conference, NDSU, FargoProjected Budget

Expenses

Speakers (Travel & Lodging Expense) $3,000.00

Catering $3,000.00

Advertising $50.00

Registration & Miscellaneous $200.00

Conference Packets $300.00

Token of Appreciation $150.00

Hotel Internet Access Charge $50.00

Projected Expenses $6,750.00

Income

Registration based on 65 participants at $75 ea. $4,875.00

Vendor Sponsorships at $500 each (5) $2,500.00

Projected Revenue $7,375.00

Balance $625.00

28

Information Security Training Conferences - NDSU

Committee Morale Taking Ownership Marketing the conference

Conference Evaluations – Important Planning for the next time Annual/Bi-Annual?

Solid working relationship with conference location representative

Participants valued: wireless Internet access & the food!

29

Questions?

30

31