The topic summary according to the HTCIA Ottawa website:

In order to foster innovation, the culture of a university environment must support the principles of academic freedom and the sharing of information. The traditional principles of IT security (e.g. control of information assets) are often directly opposed to this concept. This presentation will examine the unique issues and challenges associated with managing? IT security in the University environment, and will also discuss the non-traidtional approaches that must be employed to improve IT security in a University.

The speaker will be Jamie Campbell, CISSP, Manager of Information Security and Operating Platforms at Carleton University. We’re very much looking forward to having Jamie speak.

Even if you are unable to come to see Jamie speak on March 2, 2010 please drop by the new HTCIA Ottawa website to check out the new look and feel. I think you’ll agree that the design and implementation team did a great job!

This blog does not deal with the Internet security side of the equation very often, but I saw a post on the Hyperion Digital Identity Forum that I thought was interesting.

According to that post eBay in the United Kingdom may now be implementing a location based authentication scheme which aims to protect its users from being hacked. This is an interesting step towards account protection, provided of course that you never access your eBay account on business trips or vacations.

Perhaps the best way to implement this would be on an opt-in basis?

I just finished reading a fascinating article on the Cyb3rcrime3 blog on a case that was recently heard in Ohio. Ms. Brenner describes how the threat of posting someone’s personal information on-line for some form of compensation could be considered a form of extortion.

Ms. Brenner also described a US Statute where by it is an offence to use information obtained from a computer to extort someone. I have only read the post on Ms. Brenner’s blog so I may be missing something here but in the case of State v. Soboroff it does not appear that the defendant obtained information from the victim’s computer, but rather that he was going to use the Internet (a network of computers) to post information that was potentially harmful. In other words the post did not stipulate whether or not the personal information was obtained from the victim’s computer or whether or not it was obtained through other means such as personal contact with the victim. I’m not sure if all of the elements of 18 US Code 1030(a)(7) offence were met.

What I think is the most interesting part of the article is that the Court of Appeals of Ohio found that the potential fallout of someone posting personal information on line for the purposes of obtaining compensation from them is close enough to the threat of physical harm to be considered extortion. It adds an interesting dimension to the value of personal information and privacy.

A quick note on the upcoming speaker for the HTCIA Ottawa Chapter. Bruce Cowper of Microsoft Canada will be speaking on the Top Security Threats for 2010. The date for the presentation is February 9, 2010 and it is at Russell’s Lounge at the Ottawa Police Association.

Bruce is an excellent speaker and I would encourage anyone in the Ottawa area who is interested in technology security and investigations to join us at the event.