Understanding “industry best practices” involves a simple process of distilling expectations for both cybersecurity and privacy requirements. This process is all part of identifying reasonable expectations that are “right-sized” for an organization, since every organization has unique requirements. It can be best to visualize “best practices” as a buffet of cybersecurity and privacy controls, where you select what is applicable to your organization, based on statutory, regulatory and contractual obligations.
Congratulations Dhruv Pandya, an alum of the MSCS program at CI, for a new position as an Information Security Specialist at J.D. Power.
On the evening of April 20, 2018 Assemblymember Jacqui Irwin and CSU Channel Islands president Erica D. Beck co-hosted a Cybersecurity event in Sierra Hall, promoting regional industry partnerships. At this event we had the opportunity to showcase our work – three masters students and one senior student presented research under my supervision:
Zane Gittins spoke about his network penetration testing at HAAS: this work started as a Hank Lacayo Internship at HAAS in the fall of 2017, but since then Zane has been hired by HAAS to continue his work.
Eric Gentry spoke about the SEAKER project, a digital forensic tool that was developed with and for the High Technology Task Force (HTTF) at the Ventura forensic lab. We presented this tool at an event on August 7, 2017.
Geetanjali Agarwal spoke about the Image Recognition project, also inspired by the work done at the HTTF at the Ventura lab, where we aim to identify images from partially recovered files and compare them to a bank of images using the difference hash technique.
Here are the presentation slides.
I introduced the students making some remarks elaborating on president Beck’s statement about partnerships between CI and the Ventura industry. As a CI faculty, I find interdependence in the triad of Scholarship, Teaching and Industry relations. Many of our projects start by addressing a Research & Development need of the community, such as the SEAKER tool for HTTF. We use it to teach our students a hands-on approach to problem solving in Computer Science; we aim to produce quality work that advances knowledge and is publishable.
Scholarship, the first component of the triad, is really composed of three simultaneous activities: the research itself, which is laborious, time consuming, consisting of literature review and the cycle of hypothesis, testing and proving.
The funding component: labs, equipment, salaries, conferences, all these require funds, which can be secured through grants, philanthropic gifts or state support.
And finally dissemination, which is crucial as without it no one is aware of our work, and which takes place through publishing, conference presentations, blog writing, and events such as the one described in this blog. At CI we are lucky in that Advancement facilitates both fundraising and dissemination.
Thanks to Assemblymember Jaqui Irwin @JacquiIrwin, as well as Professor Michael Soltys @MichaelMSoltys and his Computer Science students for their efforts in addressing Cybersecurity #csuci #camarillo #computerscience #cybersecurity pic.twitter.com/Rhrz85klfj
— Erika D. Beck (@CIPresBeck) April 21, 2018
Detective Kimo Hildreth and I will be giving a talk at a breakfast event on Cybersecurity for Small Businesses on Friday December 8, 2017, at 8:30am. To RSVP and view more event details click here. The event is organized by Assemblymember Jacqui Irwin, and it will take place at 2100 Thousand Oaks Blvd, in the “Oak and Park Room”.msoltys-talk-dec8-2017
On August 7, 2017, the CI Computer Science students presented a prototype of a digital forensic tool, which we named SEAKER (Storage Evaluator and Knowledge Extraction Reader), as part of their Masters COMP 524 Cybersecurity course. This project was a collaboration between the Ventura County District Attorney (VCDA) Digital Forensics Lab and CI Computer Science, under the umbrella of the SoCal High Technology Task Force (HTTF).
The students presented a live demo with devices supplied by the Ventura County DA. The SEAKER prototype was able to compile search results in less than a minute depending on the size of the device. According to VCDA officials at the presentation this is a remarkable increase in efficiency and will be a useful tool in the field: while imaging of a hd can take up to 4 hours, SEAKER performs a triage search in minutes.
Digital Forensics (DF) deals with the recovery and investigation of clues from digital devices (computers, handhelds, iPads, routers, modems, DVRs, etc.). The goal of this effort is to support or refute a hypothesis in court. DF is a complex and technical field: it can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources, or authenticate documents.
A DF investigation commonly consists of 3 stages: acquisition or imaging of exhibits, analysis and reporting. The SEAKER tool helps with the acquisition of data from digital devices in a way that prevents tampering.
The SEAKER project was a fantastic learning experience for our students, as its design and prototyping combined many different skills: The C programming language, BASH shell scripting, the Linux Operating Systems and command line, the Raspberry Pi hardware, Gliffy diagrams, Dropbox Paper (which we used as a Wiki); Slack collaborative discussion / brainstorming tool, the GitHub software repository which was used as a collaborative tool in the design of the software that animated the Raspberry Pi, WordPress blogging, AWS S3 which served as a repository of the final product, Grep (regular expressions and pattern matching), working with different file systems, and of course strict performance (speed, read only). All of this had to be combined by a group of 18 students, with different backgrounds and skill sets to produce something that could be used by DF examiners.
One of the CI pillars is Community Engagement and Service Learning. This approach identifies needs in the community, and builds a curriculum around research and development to address those needs. The SEAKER project is a great example of such a symbiotic relation between CI and the community. Also, it is an example of the strength of a pedagogical approach that combines both theory and practice. Without theory a field becomes a collection of ad hoc procedures. But without practice theory becomes an abstract exercise in intellectual virtuosity. We plan to build on the approach that combines the Service Learning and Theory & Practice paradigms as we go forward with our Computer Science program in Security Systems Engineering and our Masters level offering in Cybersecurity.
Some photos from the event:
“Storage Evaluator And Knowledge Extraction Reader”
On Monday August 7, at 6pm, in DEL NORTE 1530, the COMP 524 (Cybersecurity) students will present their final project, a technical solution for the SoCal High Technology Task Force in Ventura. This project implements a digital forensic tool with strict performance requirements.
You are cordially invited to attend; the presentation will take about two hours, and there will be snacks (Short link to this post: https://wp.me/p7D4ee-FJ).
Michael Soltys OLLI talk on Cybersecurity
June 8, 10:00am-12:00pm.
In Broome Library 2325
Title: Best practices for staying safe on the Internet
Abstract: The Internet enables us to do wonderful things: stay connected with family and friends (e.g., Skype), shop from the comfort of our home (e.g., Amazon), watch movies at the time of our choosing and without commercials (e.g., Netflix), and check news headlines personalized to our interests and tastes (e.g., Twitter). But all this comes with a slew of threats and dangers: like the highwaymen of old, hackers prey on vulnerable victims, without having to leave their house, and covered by a blanket of anonymity. This talk will present best practices to stay safe on the Internet, enjoy its benefits, and reduce its risks.
CSUCI Cyber-security expert to speak at on-campus engineering convention.
CSU Channel Islands (CSUCI) Computer Science Chair and Professor Michael Soltys, Ph.D., will share his cybersecurity expertise to an audience of professional engineers from 11 a.m. to 2 p.m. on March 23 in the Grand Salon.
“Our society is under constant cyber-threat, as our infrastructure, our economy, and our privacy, depend on secure IT systems,” Soltys said. “My talk will consider the major threats, and present examples of how hackers attack our systems.”
Sponsored by the nonprofit Oxnard Ventura Post of the Society of American Military Engineers, the presentation is geared toward an audience with a high degree of computer expertise, so Soltys plans to share cybersecurity best practices.
“I plan to give more of a technical talk from the engineering point of view,” Soltys said. “How to write code that is more defended. I plan to show techniques hackers use to get into systems.”
One of the principal causes of cyber-vulnerability is faulty software, a problem Soltys addresses in a textbook on algorithms he wrote for software engineers.
Aside from his teaching at CSUCI, Soltys also acts as Director of IT Security for Executek International where he specializes in forensic work.
The public is welcome at the presentation, which is on campus at One University Drive in Camarillo. Cost is $30 a person for lunch.
Follow the directional signage to Parking Lots A-4 and A-11, then follow “walk this way” signage to the Grand Salon.
To register for the presentation, click on: