The Institute for Information Assurance at IUP, in collaboration with the IT Support Center and the Computer Science Department, will host the seventh annual Information Assurance Day on Thursday, October 30, 2014, from 8:45 a.m. to 4:30 p.m. in the Ohio Room at the HUB.

View photos from the 2014 Information Assurance Day.

Schedule of Speakers

  • 8:45-9:00 a.m. Welcome Message
    Dr. Waleed Farag
    , Director, Institute for Information Assurance at IUP
  • 9:00-9:55 a.m. "Application-Centric Access Control Analysis "
    Dr. Adam Lee
    , Associate Professor of Computer Science at the University of Pittsburgh
  • 9:55-10:00 a.m. break
  • 10:00-10:55 a.m. " We are Under Siege "
    Mr. Dane Boyd
    ,Security Awareness Training Consultant, Office of the CISO at Dell SecureWorks
  • 10:55-11:00 a.m. break
  • 11:00-11:55 "Social Engineering: Hacking the Human"
    Mr. Jonathan Roumfort
    ,Senior Security Analyst - IT Services at IUP
  • 12:00-1:00 p.m. Lunch break
  • 1:00-1:20 p.m. Provost's Remarks
    Dr. Tim Moerland
    , IUP's Provost and Vice President for Academic Affairs
  • 1:20-2:40 p.m. " Active Cyber Defense "
    Mr. Craig Harber and Mr. Wayne Smith
    , National Security Agency
  • 2:40-3:00 p.m. Afternoon break
  • 3:00-4:05 p.m. "A Basic Introduction to Computer Forensics"
    Cpl. Gerhard Goodyear
    , Bureau of Criminal Investigation, Computer Crime Unit - PA State Police
  • 4:05-4:20 p.m. Conclusion

Biographical Information

Dr. Adam Lee

Dr. Adam J. Lee is currently an associate professor of Computer Science at the University of Pittsburgh, where he previously held the position of assistant professor (2008-14). Prior to joining the University of Pittsburgh, he received the MS and PhD degrees in Computer Science from the University of Illinois at Urbana-Champaign in 2005 and 2008, respectively. Prior to that, he received his BS in Computer Science from Cornell University (2003). His research interests lie at the intersection of the computer security, privacy, and distributed systems fields. Dr. Lee's research has been supported by the NSF and DARPA, and he is an NSF CAREER award winner (2012).

Dr.Patrick McDaniel

Patrick McDaniel is a professor in the Computer Science and Engineering Department at the Pennsylvania State University and co-director of the Systems and Internet Infrastructure Security Laboratory. Dr. McDaniel is also the program manager and lead scientist for the newly created Cyber Security Collaborative Research Alliance (CSec CRA) and chair of the IEEE Technical Committee on Security and Privacy. Patrick's research efforts centrally focus on network, telecommunications, systems, and language-based security as well as technical public policy. Patrick was the editor-in-chief of the ACM journal Transactions on Internet Technology (TOIT), and served as associate editor of the journals ACM Transactions on Information and System Security, IEEE Transactions on Computers, and IEEE Transactions on Software Engineering. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security, including, among others, the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his PhD in 1996 at the University of Michigan, Patrick was a software architect and project manager in the telecommunications industry.

Mr.Dane Boyd

Dane Boyd, a Georgia State University graduate, has been a member of Dell SecureWorks for over five years. Dane has combined his passion for cyber-security and training to deliver engaging security awareness training.

Mr.Jonathan Roumfort

Jonathan Roumfort is a senior security analyst in IT Services at Indiana University of Pennsylvania (IUP). Jonathan has been employed at IUP for over 15 years, where he has implemented and supported IT security, enterprise systems and networking, and web and Internet solutions. He has served IUP as a senior security analyst for the past 11 years and has been an ISC2 CISSP (Certified Information Systems Security Professional) since 2010.

Mr. Craig T. Harber

Mr. Craig Harber is a graduate of the University of Pennsylvania with a BSEE. He has over 25 years experience working for the National Security Agency and is currently working as the senior technical lead for active cyber defense (ACD) research, development, and implementation. As such, he has been instrumental in developing baseline security architectures for the extension of cyber defense for the Department of Defense's information environment. Mr. Harber is currently leading the development strategies for the protection of our national security systems and national critical infrastructure and key resources.

Mr.Wayne J. Smith

Mr. Wayne J. Smith currently holds the position of Office Chief for the Core Solutions Office within the Information Assurance Directorate (IAD) at the National Security Agency (NSA). His office provides a full range of system security engineering support to include: information systems security design, test and engineering, product certification and accreditation, program evaluation, product policy and doctrine guidance, and system security engineering for space, senior leadership communications, and intelligence, surveillance, and reconnaissance programs.

Mr. Smith began his career with NSA in 1983 after graduating from the University of Pittsburgh with a BS degree in electrical engineering and subsequently earned a Masters in Strategic Studies from the U.S. Army War College, Carlisle, PA. He started his career in research and development as a design engineer and worked his way up through program manager, system acquisition manager, branch and division chief, to office chief. During his career, he has held positions on the IAD staff, completed two field assignments to include IAD Liaison to the United States Air Forces Europe, Germany, and volunteered for two deployments--Iraq in support of the Multinational Forces-Iraq/Operation Iraqi Freedom and Afghanistan as the NSA Chief of Staff in support of Operation Enduring Freedom

Cpl. Gerhard Goodyear

Cpl. Goodyear previously served as part of an Intelligence Company in the U.S. Marine Corps. He has a bachelor's degree in Criminal Justice and has been employed with the State Police for the past 20 years. During that time, he has served as a patrol officer, a patrol supervisor, and a criminal investigator. Cpl. Goodyear is currently assigned to the Bureau of Criminal Investigation, Computer Crime Unit and conducts undercover investigations involving the use of computers of other electronic devices. He has been deputized by the U.S. Marshals and is a member of both the state and federal Internet Crimes Against Children task forces.

Titles and Abstracts

Dr. Adam Lee - University of Pittsburgh

  • Title: Application-Centric Access Control Analysis
    • Abstract: To date, most work regarding the formal analysis of access control schemes has focused on quantifying and comparing the expressive power of a set of schemes. Although expressive power is important, it is a property that exists in an absolute sense, detached from the application-specific context within which an access control scheme will ultimately be deployed. In this talk, by contrast, we formalize the access control suitability analysis problem, which seeks to evaluate the degree to which a set of candidate access control schemes can meet the needs of a specific application or environment. This process involves both reductions to assess whether a scheme is capable of securely implementing a workload, as well as cost analysis using ordered measures to quantify the overheads of using each candidate scheme to service the workload. We will broadly overview the theory behind this research, as well as discuss software tools that our group has developed to explore instances of this problem. .

Dr.Patrick McDaniel -Pennsylvania State University

  • Title: Towards a New Science of Cyber-Security
    • Abstract: In September of 2013, the U.S. Army launched a broad collaborative initiative in the area of Cyber Security with a consortium of University, Government, and Industrial partners. This 10-year, $50M dollar project focuses on the development of a new fundamental science for cyber-security. The Models for Enabling Continuous Reconfigurability of Secure Missions (MACRO) Cyber-Security Collaborative Research Alliance (CRA) program is works to understand and model the risks, human behaviors motivations, and attacks within Army cyber-maneuvers. Development models will lead to an asymmetric advantage in cyber domains against known and unknown attackers both in the ability to detect and thwart attacks as well as allow mission progress in the face of ongoing and evolving threats. This talk provides an overview of this program and highlights preliminary findings of the consortium.
    • Note: Dr. McDaniel talk "Towards a New Science of Cyber-Security" originally scheduled at 10:00 AM was cancelled.

Mr. Dane Boyd, Dell SecureWorks

  • Title: We are Under Siege
    • Abstract: Hackers' ability to pry into our personal and corporate information has evolved as fast as technology itself. The tools available to novice hackers put our privacy at risk - but there is hope. By following security best-practices we can greatly reduce the risk of our personal lives being hacked. Vigilance in how we manage our passwords, web browsing, emails and more is crucial for peace of mind.

Mr.Jonathan Roumfort,CISSP - IUP's IT Service

  • Title: Social Engineering: Hacking the Human
    • Abstract: As technology has evolved over the years, so have IT security measures. Better coding and patching practices, more secure networking, and various other security controls have given attackers an increasing amount of headaches and road blocks in the never ending security cat-and-mouse game. With traditional computer vulnerabilities becoming more short-lived and less effective to exploit, the human has become the easy low hanging fruit and weakest link in IT security. Attackers and miscreants are, now more than ever, leveraging vulnerabilities in human behavior through social engineering as an alternative to more complicated and short-lived attacks on technology itself. This presentation will examine several types of social engineering, present some examples, and go over ways to help prevent it.

Mr. Craig Harber andMr. Wayne Smith - GS-15 - National Security Agency

  • Title: Active Cyber Defense
    • Abstract: Integrated Adaptive Cyber Defense (IACD) is a determine that DHS uses to describe their Active Cyber Defense (ACD) program and this presentation will discuss ongoing efforts in both the DoD and DHS. The presentation will include the following brief description: Active Cyber Defense is the automation, synchronization, coordination of cyber response actions required to counter continuously morphing threat.

Cpl. Gerhard Goodyear - Pennsylvania State Police

  • Topic: A Basic Introduction to Computer Forensics
    • Abstract: This presentation will cover what is Computer Forensics and how the State Police may conduct undercover computer investigations.

For more information about Information Assurance Day, please contact Waleed Farag, director, Institute for Information Assurance, at farag@iup.edu, 724-357-7995.

Directions to IA Day venue