Schedule

According to a recent survey conducted by a leading security firm, 76% of respondents experienced phishing attacks.  The threat from phishing attacks is real and causes data breaches, financial loss, and system compromises like ransomware.  This presentation will cover real-life phishing attacks observed at UC and the various motives of the phishers.  Attendees will see first-hand the methods used by attackers to lure potential victims into clicking links or responding with information that ultimately benefits the attackers. —

Do you approach change by hitting your users over the head with the same communications strategy or do you hit the nail on the head with targeted communication and outreach efforts? Let’s face it change is painful and inconvenient, especially when you’re competing with the distractions of a busy community. Beginning spring 2018 IT Security rolled out a set of initiatives to improve data, network, and system protection. We knew from experience that internal change was often—

At the request of the presenter, this session was not recorded. - UCTech 2019 Planning Committee

We'll share our experience with a top-right quadrant SIEM, including benefits, pitfalls, operation and support.

• How to learn to use the SIEM
• Best use of vendor resources
• What we expected & what we got
• Leveraging for a small team
• Metrics vs Measurements/Actionable Numbers
• Runbook-style procedures
• Extending to the cloud
• Useful dashboards/reports
• What we would do differently

When UCLA HumTech converted a homegrown application to a serverless app, we had to rethink how we approached data security. While UCLA has a number of solutions to protect student data, most of these solutions assume that there's a server to run on. A serverless app requires rethinking how we accessed Shibboleth, queried the student record system, and protected resources.

This talk will present our experience securing a serverless application. It is for developers, system administrators, and—

This workshop will demonstrate how to use free open-source tools to set up a safe environment to explore a deliberately insecure web application to train yourself or other web-application developers on web-application security.

Do you or your team enter into agreements for IT services, software, hardware or professional services? Does your Unit use Cloud solutions to solve your business problems?  If the answer is yes to any of those questions, then this panel session is for you.

Earlier in this year, a systemwide workgroup rebuilt Appendix DS in order to make it simpler and easier to use, and to be Supplier friendly.

In this session, our panel will discuss when—

Concealing database credentials and rotating passwords is usually an exhaustive activity - for system administrators, database administrators, application developers, and security auditors.  Discover how your organization can save time by using AWS Secrets Manager.

See how the AJS developers at UCOP created an AWS CloudFormation template to add a secret to the AWS Secrets Manager to both encrypt the credentials as well as rotating the password as often as required.  Watch and learn how we modified our Java—

Do you or your team members feel like IS-3 is too complex? Don’t know where to start? Does it seem hard to figure out the first step? Do you hesitate to develop a plan? Do you wish other options were allowed? These questions can limit compliance and hinder implementation – ultimately leading to increased cyber risk.

In this session, we will discuss these questions and pain points in the implementation process and help learn how to overcome—

Like many universities, in 2017 UC <redacted>'s Internet border was largely open. The end-of-life intrusion prevention system (IPS), our only protection beyond a few router access control lists, was removed when it failed. There was very little to distinguish our campus network from the Internet. We had limited ability to implement east-west controls between campus departments, mostly through router ACLs and distributed firewalls.

This presentation will trace the path that we took from this beginning to functional—

Title

Securing International Student & Scholar Success

Summary

The team at UC-Irvine has created different applications for UCI International Center. These applications have not only created a user-friendly experience for international students and eased their transitions into UCI but also made the International center processes related to SEVIS compliance paperless, efficient and cost effective. In addition, UCI has gone a step beyond and successfully implemented multiple measures such as 2-factor authentication and transparent encryption to better—