Cybersecurity and privacy are often linked in legislation and in practice, but what is the current relationship between the two?  Many privacy laws are put in place to drive better protection for private data, but are these laws really helpful for security?  For security, do better privacy practices help protect systems and data better?  In this session, I will discuss my personal experiences in security and privacy and discuss ways the two areas are aligned and at odds with each other.

Paul joined Owens Corning in 2002 as a security analyst and has previously held the role of security team leader as well. He was appointed to his current role in 2014. Prior to joining Owens Corning, he worked as a senior security architect for Nortel Networks leading penetration tests and network audits for Technology, Healthcare, Energy, Internet, and Manufacturing companies.

He has also served as a computer security officer at the Air Force Information Warfare Center where he performed vulnerability assessments, security product testing, and security architecture work.

Paul earned a bachelors degree in Computer Engineering from the University of Notre Dame, a
masters degree in Computer Science from St. Mary’s University, and a Graduate Certificate in
Analytics and Business Intelligence from Northwestern University.

As web technology gained widespread adoption, a small group of researchers began to look at the practical, rather than theoretical question, of how to protect the privacy of people using this technology. Looking at systems that were deployed “in the wild” by legitimate organizations using competent developers, the researchers found that design decisions had implications that surprised both the people using the systems and those who created them.

The result was a series of papers that looked at everything from the impact of the “What’s Related?” button on a web browser to web site traffic analytics, showing privacy and security failures, as well as articulating lessons to be learned to prevent creating an Orwellian infrastructure.

In this retrospective the primary investigator and author of the book documenting that work, Developing Trust: Online Privacy and Security (Apress, 2001), discusses some of the most common and critical findings, and looks at current technology to see what lessons have been learned, what has been ignored, and which of the predictions have come true. We’ll conclude with a discussion of the stakes and further guidance for organizations and individuals concerned with protection of their own personal safety, national security, and liberty in society.

Matthew Curtin is the founder of Interhack Corporation, a computer expert firm based in Columbus.  His practice helps attorneys and executives in high stakes situations to understand and to make use of computer technology and relevant data.  He has been engaged as a computer science expert in civil, criminal, military, and administrative adjudication. His opinion has been used to establish legal precedent in the application of federal wiretap statutes to Web technology In re Pharmatrak Privacy Litigation for the U.S. Court of Appeals for the First Circuit.  He was also one of the coordinators of the first public effort to crack a message encrypted with the sitting U.S. standard for data encryption, DES. He is the author of Brute Force: Cracking the Data Encryption Standard (Copernicus Books, 2005).

Cyber hygiene is comparable to personal hygiene. Much like an individual engages in certain personal hygiene practices to maintain good health and well-being, cyber hygiene practices can help keep your data safe and well-protected. In this session, we will learn about cyber hygiene protection 101.  Common everyday best practices that are logical and simple to apply in your day to day life.  Whether at work or home, building routine Basic Cyber Hygiene into your daily habit will be worth a pound of cure.

Proficient Information Technology and Services Manager with over 37 years of results-focused leadership in a global manufacturing company. Experienced in ERP Master Data, IT Service Management, IT Security, IT Strategy, and IT Infrastructure.  David, University of Findlay alumni, holds degrees in Computer Science, Business System Analysis, and an MBA.  More information may be found at:  https://www.linkedin.com/in/davidldrake/

Often, the term compliance is associated with a “check the box” mentality. The positive or negative impact may not be directly correlated to an effective cyber security posture. However, regulatory compliance and cyber security effectiveness are not mutually exclusive objectives. In fact, not being able to demonstrate cyber security effectiveness through a risk-based compliance framework may ultimately be more damaging, more costly, than the impact of a data breach alone! In this presentation we will discuss the relationship between compliance and effective cyber security practices. Provide an overview of major regulatory requirements for various industries. Why simply checking the box does not equal security.

A lifelong learner, Loren is an experienced information assurance executive with over 40 years of IT experience in a global manufacturing company. He is recognized for developing innovative IT solutions across a world-wide team environment. In addition, Loren has 20 years of course development and teaching experiences in information assurance, and he has demonstrated his passion and commitment to sharing through teaching and practice because learning and sharing form the essence of knowledge. More information may be found at: https://www.linkedin.com/in/lorenwwagner/