Fall 2007
October 26
Speaker: Fred Cohen, PhD (MSIS '81)
CEO, Fred Cohen & Associates
Research Professor, University of New Haven
Adjunct Professor, University of San Francisco
Title
"Making better information security decisions by identifying and reducing cognitive errors and providing expert guidance"
Abstract:
Dr. Cohen will overview decision support systems, cognitive error mechanisms, and related work that has led to more recent work in understanding how human cognitive errors lead to poor security-related decisions and how those errors might be reduced to lead to better security decisions. Through the use of a magic trick, he will demonstrate how cognitive error mechanisms lead people to make poor assumptions, draw wrong conclusions, and ultimately make poor decisions. The basics of cognitive error mechanisms will be explored, along with an overview of classes of decision support systems, and the identification of specific classes of decision support systems used in information security. He will talk about simple security decisions with examples from each class and a few experimental demonstrations using the attendees as test subjects which show the results of these experiments next to the results of previous, more well controlled studies. Finally, some higher-end decision support systems used in high valued information security consulting and security engineering will be shown and discussed. Comments and questions will be welcome.
Biography
Dr. Cohen is best known as the seminal researcher in the field of computer viruses and virus defense techniques and the use of deception and cognitive methods for information protection. He is a top flight information protection consultant, industry analyst, and the principal investigator whose team defined the information assurance problem as it relates to critical infrastructure protection.
He graduated from the University of Pittsburgh with an MS in Information Science in 1981 before earning his Ph.D. from the University of Southern California in 1986. He has published more than 200 professional articles, books, and book chapters and is a frequent invited speaker at conferences. He teaches graduate courses in digital forensics, information protection, and related fields as a research professor at the University of New Haven, an adjunct professor at the University of San Francisco, and is CEO of Fred Cohen & Associates.
More Information:
November 2
Speaker: Jason I. Hong, PhD
Asst. Professor, School of Computer Science,
Human Computer Interaction Institute, Carnegie Mellon University
Title
"User Interfaces and Algorithms for Anti-Phishing"
Abstract:
Phishing is a growing plague on the Internet, costing customers and businesses anywhere between $1-2.8 billion dollars a year. In this talk, Dr. Hong will present an overview of his work in the Supporting Trust Decisions project.
The work focuses on developing better user interfaces to help people make better trust decisions, developing training mechanisms to teach people not to fall for phish, and better algorithms that can automatically detect phishing attacks.
Biography
Jason Hong joined the School of Computer Science at Carnegie Mellon University in 2004 as an assistant professor in the Human Computer Interaction Institute. He works in the areas of ubiquitous computing and usable privacy and security, focusing on location-based services, anti-phishing, mobile social computing, and end-user programming. He is also an author of the book "The Design of Sites," a pattern-based approach to designing customer-centered web sites. He received his PhD from Berkeley and his undergraduate degrees from Georgia Institute of Technology.
More Information:
November 9
Speaker: Ana (Annie) I. Anton, PhD
Associate Professor of Software Engineering
Computer Science-Engineering
North Carolina State University
November 16
Speaker: Steve Scherer
Principal Staff Software Engineer
Mobile Device Business
Motorola, Inc.
Title
Mobile Device Embedded Security - History and Current Challenges
Abstract:
Security should not be viewed as a liability or expense of business, but rather as an opportunity. Good security could be a distinguishing asset and competitive advantage. The discussion focuses on history of security on mobile devices, security policies and how they are relevant to the financial success to companies like Motorola. Specific focus on lessons Motorola has learned over the years and where the embedded industry is headed.
Biography
Steven Scherer is a Principal Staff Software Engineer within the Mobile Device Business of Motorola. He is Co-Chair of the Security governance body of Mobile devices, which has responsibility for security roadmap creation, security incident handling, as well as product compliance to security roadmap. Steve led the effort to put a process in place within Mobile Devices to help teams institutionalize security concepts into their day-to-day jobs, and into each phase of the product development lifecycle. He has several years of experience developing and rolling out trusted boot across many of Motorola's handset. He has a MS in Telecommunication from DePaul University and a BS in Electrical Engineering from the University of Wisconsin--Madison. He has been with Motorola for 10 years.