Track: Security

Securing data in the cloud
Description TBD. Topics covered: • What does a BAA cover? • What is my cloud vendor responsible for and what do I have to worry about? • What are some best practices for application development? What features should I look for in a cloud vendor? • What does it mean to secure data in transit?
Monday, 09:15 AM | Kristin Chu | San Francisco | College 8, Room 240

Integrating Web Applications with Shibboleth
Suggested based on the session interests listed on the UCCSC planning page and brief conversation with Lisa Bono. Need to determine the extent to which the interest is technical in nature vs. asking for an overview, but I can accommodate either mode. Would be happy to include other presenters (panel) as well.
Monday, 10:15 AM | Eric Goodman | UC Office of the President | College 8, Room 240

Toss Attackers into a Black Hole with Open Source Software
UC Santa Cruz implemented an automated, incoming remotely triggered black hole (RTBH) routing solution using open source software (except for the border router itself). We used Bro for detection, Justin Azoff's BHR for the queue and API endpoint, Quagga for the trigger router, and a little Python to glue it together. Come see and hear how you can do it too.
Monday, 11:15 AM | Forest Monsen | Santa Cruz | College 8, Room 240

PCI Compliance in the Cloud: A working example
The Giving website ( processes all online gifts for UC Davis and the UC Davis Medical Center, is runs on Azure, and passed PCI DSS 3.0. We'll show you how we did it.
Monday, 03:00 PM | Adam Getchell | Davis | College 8, Room 252

Malware 101: Introduction to ransomware and how to protect your organization against these emerging threats
Ransomware infections have been on the rise over the last year, and many organizations, including major hospitals, have succumbed to such threats. Hackers, on the other hand, are making millions of dollars per year in ransomware payments from organizations like yours. In this session, we will learn what these threats are, how they infiltrate your organization’s security measures, and the security controls you can implement to defend against such threats. In addition, we will learn about the potential havoc these threats can inflict on an organization, and why it is important to be proactive in protecting your assets before it is too late.
Monday, 04:00 PM | David Lam | Davis Medical Center | College 8, Room 240

Enterprise password management for Ops at UCSC
The Applications and Project Management group at UCSC has struggled with password management for years. This is the story of the problems that we faced, the decision to purchase and roll out LastPass Enterprise, and the implementation and security challenges that the new tool is presenting to us.
Tuesday, 09:15 AM | Glenn Blackler | Santa Cruz | Porter, Room D144

UC EABok - Security Principles and Standards Review
The UC EABok security framework uses a hierarchy of principles, standards, and guidelines informed by national and international standards and best practices to address UC needs for security engineering across a broad spectrum of development, integration, and COTS projects. Example EABok docs: • EAA-045 Security compliance with Industry standards and best practices • EAA-xxx Data Classification Framework • EAA-039 PGP Encryption for files • EAA-060 SHA-1 usage is disallowed
Tuesday, 10:15 AM | Bo Pitsker | UC Office of the President | Porter, Room D249