EECE 412: Guest Lectures and Case Studies

September 17, 15:30-16:50

Speaker: Cary Meltzer (a.k.a. H. X. Mel)

Title: Introduction to Cryptography

Abstract: The presentation provides a gentle introduction to cryptography.

Speaker Biography: Cary Meltzer (a.k.a. H. X. Mel) has taught custom-designed technology courses for employees of Lucent, Xerox, Motorola, Goldman Sachs, and IBM and recently managed design, development and implementation of a smart card cryptographic systems and text search system. He has a M.S. in computer engineering from MIT, was a fellow in the Advanced Engineering Studies at MIT, a MS in econometrics, was a certified actuary and served as a Graduate Professor in Java Cryptography and Smart cards at Carnegie-Mellon University and currently works for the US Federal Government.

His book "Cryptography Decrypted" is now available online.

October 20, 16:00-16:50

Speaker: Robert Slade

Title: Security risks in social networking/social media/Web 2.0

Speaker Biography: Rob Slade is a security specialist, malware researcher, author, and initially physics major. Published "Robert Slade's Guide to Computer Viruses," co- authored "Viruses Revealed." Prepared the world's first course on forensic programming and wrote "Software Forensics." Maintained a glossary of security terms, now published as "Dictionary of Information Security."

October 27 , 16:00-16:50

Speaker: Eva Kuiper, HP

Title: A standards-based approach to IT security policy development

Abstract: There are many approaches for development of policies and standards for IT security governance. However, the ISO 27000 standards define an approach that is applicable to most environments. It is quite common for today's RFPs and contracts to require compliance or alignment with ISO/IEC 27001 and ISO/IEC 27002. Since ISO/IEC 27002 is the most widely used security framework in most industries today, a risk-based approach aligned with the 27000 family of standards will satisfy many regulatory and contractual requirements and can be expanded easily to satisfy additional requirements. This presentation will introduce the steps towards development of set of policies tailored to an organization's risk tolerance, based on the principles in ISO/IEC 27001.

Speaker Biography: Eva Kuiper is a member of the Compliance and Consulting team in Hewlett-Packard's Global IT Security group. Since 1985, she has worked in various aspects of information systems security at Hewlett-Packard, including Service Manager for HP's Global Security Practice, Security Solutions Architect in HP's North America Security Practice, and Consulting Team Lead for IT Security. She has been a member of the IT Security Policy team since 2002 and is responsible for security policies in the areas of password security, email security, malware protection, user account management security, and voice networking security. She has also been involved in numerous standards activities and currently represents HP on the INCITS CS1 committee. She was co-editor of ISO/IEC 27001 and received the 2005 KPMG ISMS Excellence award for her work on that project. She was also on the drafting committee for ISO/IEC 27006 and co-editor of the recently completed ISO/IEC 27004. She is President of the Vancouver ISSA Chapter, Canadian region ISSA Chapter Presidents' representative and also participates in ISACA and the OpenGroup Security Forum. When she isn't thinking about security she enjoys gourmet cooking and gardening in New Westminster, BC.

November 5, 16:00-16:50

Speaker: Rui Pereira, WaveFront Consulting Group

Title: Blind SQL Injection

Abstract: The talk will compare Verbose and Blind SQL Injection, show how Blind SQL Injection can be used to extract information and much more, and how to protect against this issue.

Speaker Biography:

Rui Pereira,B.Sc.(Hons),CISSP,CISA,CIPS ISP,CWNA,CPTS/CPTE
Principal Consultant
WaveFront Consulting Group

"Roy" Pereira has over 25 years of experience in Information Technology, and has specialized in Information Security and Audit for the last 13. He works as a computer security consultant specializing on vulnerability assessments, penetration testing, wireless and application security, security awareness, risk and privacy assessments, and training.

Rui has been directly involved in the Information Security community in Vancouver for several years, and has been a committee member of both the CIPS Security SIG and WestCoast Security Forum. He was the Chair of the WestCoast Security Forum for 2003 - this is an annual 2-day security seminar held in Vancouver, which attracted over 500 delegates (www.wcsf.com). Rui lectures on security topics and has presented papers before several local organizations. Rui is also a member of PolCyb, the Society for Policing Cyberspace, primarily for law enforcement and investigators.

November 10 & 12 , 15:30-16:50

Speaker: Dr. Kirstie Hawkey, UBC

Title: Usable Security

Abstract: While a system may be theoretically secure, the level of security achieved in practice is often reduced due to various factors. Usable security addresses one factor that may reduce security - ease of use of the system. We will present and discuss several Human-Computer Interaction usability principles that can be applied to help improve the usability of security systems.

Speaker Biography: Kirstie Hawkey received her Ph.D from the department of Computer Science at Dalhousie University in 2007. She is currently working as a Post-doctoral Fellow in the departments of ECE and CS at UBC. Her research interests include Human-Computer Interaction, Privacy, and Computer Supported Collaborative Work.

November 19, 15:30-16:10

Speaker: Stephen Pedersen, Telus

Title: Case Study on Security Development at Telus

Abstract: TBD.

Speaker Biography: TBD.

November 19, 16:10-16:50

Speaker: Brian Martin, CISSP, ABCP, P. Eng., Manager Security & Business Continuity, BC Transmission Corporation

Title: BCTC’s Security Planning for the 2010 Games

Abstract: TBD.

Speaker Biography: Brian Martin is currently the Manager of the Security and Business Continuity group for BC Transmission Corporation. BCTC is the crown corporation responsible for planning, maintaining and operating BC’s bulk electric system. Brian’s day to day responsibilities include oversight of physical security, IT security, emergency response planning and business continuity for the corporation and BC’s critical electrical assets.

Brian has a degree in Electrical Engineering from the University of Alberta and is undertaking is Masters Degree in Business Administration from Queen’s School of Business. Prior to working at BCTC, Brian lived in Manhattan where in managed the New York regional office for Matrikon, an industrial consulting firm. The major clients serviced included Entergy Nuclear and Con Edison.

As a professional, Brian is a frequent speaker at conferences around North America on NERC Compliance, program development and management through frameworks, IT and physical security convergence, and metal theft.