The ETSU College of Business and Technology held an Executive Briefing Friday in Millennium Centre Ballroom 2 A and B to discuss “Information Security: Regulations and Risks.”
The briefing focused on how computers are not as safe from viruses as their users might think and how people in the community can take measures to prevent damage to their networks.
A large group of students, staff and faculty filled the seats of the ballroom as Linda Garceau, dean of the ETSU College of Business and Technology, opened by welcoming the speakers, faculty, staff and students.
“This is the first executive briefing put together by both the Department of Computer Science and the College of Business and Technology,” Garceau said.
Don Gotterbarn, director of the Software Engineering Research Ethics Institute and professor of computer and information science at ETSU, introduced the speakers. “It is important that we see the product of our students. Our goal is try to understand the development of computers and security issues,” he said.
Eugene Spafford who is a professor of computer sciences and electrical and computer engineering at Purdue University, was one of the featured speakers. He is also the Executive Director of CERIAS, which is the Center for Education and Research in Information Assurance and Security at Purdue. Spafford is also a member of the Information Technology Advisory Council, which provides the president, congress and federal agencies with expert advice on America’s advanced information technologies.
Spafford discussed the development of the Internet and computer networking. “Computer science is not a very old discipline; it did not start until 1962,” he said.
“The growth of Internet provides greater means of attack on systems. This is a global phenomenon, we lose many things by creating larger communication systems.
“Every country has access to the Internet. Not every person, but every country. Securing all that information is the challenge.”
In May 2000, the I Love U virus caused $10 million in damages to networks and systems.
Spafford said that current methods in technology are not keeping up. He also said that companies do a bad job of capturing security. “If you don’t specify what you’re building, you shouldn’t be surprised in what your getting,” he said.
Common users have limited skills and interests and are unaware of the big picture, he said. For instance, casinos in Las Vegas do not exist to give away their money, he said.
Spafford criticized universities for not using proper methods in the teaching of programs and processes.
“We have to get away from seeing faults as accidents. Students are not allowed to work together because that would be considered cheating,” he said.
Spafford also said that cyber crime will become a crisis in the coming years and that the government only spends $7 million on cyber crime prevention funding. “The intruders are doing a better job of keeping up the system than the actual users are,” he said.
Spafford ended in saying that good engineering and security principles continue to be ignored by most but valued by many.
“Those of you who have those skills should use them because you will be the ones who are in most demand,” he said.
Gary Haney, who is an ETSU graduate and now chief security officer at the University of Tennessee Medical Center, agreed with Spafford in saying that because of the rapid growth of the Internet, the increased threats have occurred. “Bots are going to be the number one threat,” he said.
Haney discussed measures that he and his staff took in providing protection for his company.
“There were 29,000 viruses detected and cleaned each month within UHS. We increased our virus protection and deployed anti-spam, which reduced threats monthly,” he said.
Mary Manes, also an ETSU graduate and now president and CEO of Itillious Inc., a security company that helps companies mostly healthcare facilities access the vulnerabilities and risks of their computer systems.
Manes discussed the challenge that health care facilities have in providing access to employees for records and at the same time providing patients with privacy. Funding is a big issue. “The biggest concern risk of management is spending the right amount money for the right protection,” Manes said.
Phillip Shupe, manager of Systems Integrity Systems, discussed cyber security used at Eastman Chemical Co. a global company located in Kingsport, Tenn.
Eastman prevents virus problems with use of passwords; software and hardware standards; and polices for internet usage, patch management and virus blocking.
“We use three-layer virus protection – software and hardware firewalls and intrusion detection software. We need to also ensure that people know and understand their responsibilities in the workplace,” Shupe said.
All of the speakers agreed in saying that the lack of education among employees and common users cause many of the problems with networking.

Author