EVENT: Security SIG lunch on July 15

Please join us for free lunch and a talk on lessons learned from some of the biggest breaches in the healthcare industry.

Lessons Learned from the top Healthcare Information Security Breaches
Speaker: Roy Wattanasin, MITM (MIT Medical)

 The FBI has warned that hackers are or will be targeting your organization. 2014 was a rough year for data security, especially in the healthcare industry. About 43 percent of breaches came from healthcare per the Ponemon Institute. 2015 has been a trickier year with one of the largest healthcare information breaches reported to date. 

This talk highlights and walks through the top 2015 healthcare information security breaches (using public information). It gives an overview of the healthcare information landscape, covers the laws/regulations and offers recommendations to prevent these kinds of breaches whether you are in healthcare or another industry.

Where: W20-407
When: Wednesday, July 15, 2015, 12:00 – 1:30 pm, includes free lunch
How to sign up: Please email security_sig_events@mit.edu.

We hope to see you there!

If you haven’t yet joined the IT Security Special Interest Group mailing list, please subscribe here.

EVENT: Security SIG Lunch on February 18, 2015

The next Security SIG has been scheduled. To go a bit further on the topic of hardening, we asked Anthony Grutta to give a presentation on securing web applications. 

Topic: Web Application Security Best Practices
Speaker: Anthony Grutta, Senior Application Administrator in IS&T
Where: 37-252 (Marlar Lounge)
When: Wednesday, February 18, 2015, 12:00 – 1:30 pm

Lunch will be provided upon arrival and the presentation will begin around 12:15. There will be time for questions after the presentation. Please RSVP if you plan on having lunch with us.

EVENT: Security SIG Lunch on Dec. 18th

There’s still time to sign up for this week’s Security SIG Lunch. The topic is “OS Hardening Best Practices” and for this talk we’ll be hearing from several people at MIT regarding their experiences.

Where: W92-Back Bay

When: Thursday, December 18, 12:00 – 1:30

Please RSVP at security_sig_events@mit.edu by Wednesday Dec. 17 at noon, if you plan on eating lunch with us.

The Next Security SIG Lunch: December 18, 12:00 – 1:30 pm

The next Security SIG lunch has been scheduled and we invite you all to join us. What is Security SIG?

Topic: OS Hardening Best Practices
When: Thursday, December 18, 12:00 – 1:30 pm
Where: Room W92-Back Bay

Food will be served. Please RSVP at security_sig_events@mit.edu so we can get a head count for food.

Hardening of a system often means configuration and fortification of a system. It is the process of securing a system by reducing its surface of vulnerability; the more functions a system fulfills, the larger its vulnerability. Hardening can also be the tightening of security during the design phase and construction of a system. The area of hardening can be vast, and includes ideas such as: least privilege, mandatory access control, role-based access control, a read-only file system, intrusion prevention and detection, firewalls, logging, and more.

You can shape the dialog of this lunch-time meeting by letting us know what you’re most interested in hearing about. Please take this quick 3-question survey (links to www.surveymonkey.com) so we can make sure the content of the talk addresses your interests on the topic of OS hardening best practices. Thank you.

Patch Issued for Drupal Vulnerable to SQL Injection

I am passing along this security alert coming from Security SIG:

A nasty SQL injection vulnerability has been disclosed in Drupal that allows an anonymous user to execute code and manipulate and/or delete stored data. Exploits are currently being used and posted.

This affects all versions of Drupal 7 prior to 7.32. It is strongly recommended that all those running Drupal 7 upgrade to core 7.32.

More information can be found here https://www.drupal.org/SA-CORE-2014-005 and here https://www.drupal.org/node/2357241.

The IS&T-managed Drupal Cloud service was patched last week.

If you know other system admins and/or departments that are responsible for running Drupal, we kindly ask that you pass this message along to them.

Read the story online.

Security SIG’s First Lunch Meeting, July 16th

Security SIG is holding its first luncheon on Wednesday, July 16th, 12:00 – 1:00 pm. If you haven’t yet signed up for Security SIG, please do so.

Main topic: “The Biggest Threats to Security Today.” If you have any suggestions on what to cover for this topic, please let us know.
Lunch will be provided.
Location to be determined.

We got a great response rate (30% of the list) for the poll, so thanks to those who replied. Some of you also offered additional topics you¹re interested in, which is great to know for future events.

We need to still book a room, so stay tuned. Because we are serving lunch we will need you to RSVP. Please send your attendance confirmation to me, at myeaton@mit.edu.


Update: The event is taking place in Room 68-181. You must RSVP to attend.

Have you signed up for Security SIG yet?

Security SIG is a voluntary group of MIT faculty, staff and students dedicated to the free exchange of IT Security information, resources, ideas and tools via on-going discussions through email.

Find out how to join here.