************************************************************************************

NISlecture 2013/01 (25.01.2013)

Title : Computer Network Defence in the Norwegian Armed Forces

Speaker : Major Geir Olav Dyrkolbotn, Head of Computer Network Defence

Published material:  Slides Video (the talk start approximately 4 minutes into the recording)

Abstract :

In his talk Geir Olav gives an introduction to computer network defence, cyberspace, defendable infrastructure, and incident handling from a military point of view. He describes how our cyber warriors act on patrol in their domain and how they are expected to react when encountering the adversary.

About the Speaker :

Major Geir Olav Dyrkolbotn is head of Computer Network Defence in the Norwegian Army. Geir Olav holds a PhD in information security from HiG and an MSc in computer science from the Norwegian University of Science and Technology. He has been working in the Norwegian Army since 1988, where he among other things has been a lecturer at the Norwegian Defence Signals Academy.

************************************************************************************

NISlecture 2013/02 in conjunction with NBLAW 2013 (22.02.2013)

Title : Preliminary Analysis and Vision of Fingerprints Collection Using Smartphone Cameras

Speaker : Postdoc Bian Yang, Høgskolen i Gjøvik

Abstract:

As a general-purposed device, smartphones are promising to complement existing professional biometric sensors with advantages in convenience, privacy, and portability. This talk discloses GUC’s preliminary analysis over the accuracy performance and sample quality control effectiveness using smartphone cameras for fingerprint collection.

Title : Face Recognition Using Light Field Camera: A Preliminary Study

Speaker : Postdoc Raghavendra Ramachandra, Høgskolen i Gjøvik

Abstract :

The problem of face recognition is well addressed by the research community from past two decades. However, there still exists a wide spectrum of that hinders the performance of the face recognition system when used in real time scenarios. This talk explores the strength of plenoptic (or near-field) cameras to address the most common problem in the face recognition i.e. focus. We present and discuss preliminary results indicating both qualitative and quantitative performance of the plenoptic cameras over conventional cameras for accurate face recognition.

Published material:  Video (NBLAW2013 starts approx. 2 min into the recording, NISlecture 2013/02 starts 2:22:20 into the recording)

About the Speakers:

Bian Yang is a researcher in NISlab since 2008. He got his B.S., M.S., and Ph.D. degree from Harbin Institute of Technology by 2005. He worked with Fraunhofer IGD Darmstadt as a visiting scientist during 2003-2005, as a lecturer to Harbin Institute of Technology during 2005-2007, and worked with Thomson Corporate Research (Beijing) 2007-2008.

Raghavendra Ramachandra is working as a researcher at NISlab with a research focus on computer vision and pattern recognition applications for the biometrics. Previously, he was a researcher at the facility of computer imaging, Italian Institute of Technology (IIT) in Genoa, Italy. Before that, he received his PhD from University of Mysore, India and Telecom Sudparis, Paris, France in 2010.

************************************************************************************

NISlecture 2013/03 (22.03.2013)

Titel : Attacking the iOS Kernel: A Look at 'evasi0n'

Speaker : Senior Security Researcher Tarjei Mandt, Azimuth Security

Published material:  Slides Video (the talk start approximately 11 minutes into the recording)

Abstract :

In iOS 6, Apple introduced several new security features specifically designed to thwart prevalent exploitation techniques. Although malicious code in public is a rare commodity on the iOS platform (partly due to its strict code signing enforcement), the recent 'evasi0n' jailbreak demonstrates that practical attacks are highly feasible. In this talk, we review the security improvements put into iOS 6 such as kernel address space layout randomization (KASLR) and kernel address space protection. We then show how these layers were subverted in the 'evasi0n' jailbreak.

About the Speaker :

Tarjei Mandt is a senior security researcher at Azimuth Security, an independent security consultancy focused on application security and cutting edge security research. He holds a Master's degree in Information Security from HiG and has previously spoken at security conferences such as Black Hat USA, REcon, Hack in the Box, and SyScan.

************************************************************************************

NISlecture 2013/04 (26.04.2013)

Title : The Effects of Consumerization and the Cloud on Business Information Security Threats

Speaker : Business Development Manager Anders Føyen, Microsoft

Published material:  Slides Video (the talk start approximately 10 minutes into the recording)

Abstract :

What is the current threat picture from consumerization and cloud services and how can organizations address these issues? The talk will address trends in the marked and show examples of control strategies applied by Microsoft’s Cyber Security Group and IT department. Should Chief Information Security Officers choose the Dilbert way as their strategy?

About the Speaker :

Anders Føyen is Business Development Manager in Microsoft Norway. He has more than 20 years experience in business development based on emerging technologies within the health, bank and finance, and oil and gas sectors. His interest and expertise lies within value creation from IT-investments, IT-strategy, enterprise architecture and industrialization of software.

************************************************************************************

NISlecture 2013/05 (31.05.2013)

Title : The Economic Threat Landscape from Cyber Criminals

Speaker : Chief Information Security Officer Sofie Nystrøm, DNB Bank

Published material:  Slides Video (the talk start approximately 10 minutes into the recording)

Abstract :

The global challenges the banks and other organizations with critical national infrastructure or services face from well-organized cyber criminals are paramount. Today, the threat landscape has changed from the standalone hackers to efficient and well-organized transnational groups.  The banks experience fraudsters that are innovative, highly proficient and in their business for the long run. The authorities report that cyber espionage is prevalent towards Norwegian organizations. What are the real challenges in this game? The way we work, from the analysis of the malicious code to the way we collaborate and communicate, nationally and internationally has a long way to go. Risks are more about the devices and the data stored than identifying that everybody is a risk in the organization. New partnerships are required to deal with cyber threats, it is no longer only a technical issue. Cyber security is today a multidisciplinary field that should be a boardroom topic. As complex attacks evolve, how are key organizations reacting to our collective vulnerability? As we all want both the Internet freedom and the appropriate level of governance to rely on cyberspace, the governments have to initiate, support and fund new ways of collaborating – with speed and efficiency. In this guest lecture Nystrøm will give a view from the real fight against cyber criminals and some of the battles that has been won, a few lost, and a couple of challenges for the future.  

About the Speaker :

Sofie Nystrømholds a masters degree from Purdue University in Computer Sciences and Information Security. She researched information security for Prof. Gene Spafford at Center for Education and Research in Assurance and Security (CERIAS). For the past five years she was the Chief Information Security Officer at DNB Bank responsible for enterprise wide information security, in addition to being the executive vice president for compliance and risk management. Nystrøm founded the now well-known NorCERT (Computer Emergency Response Team) at the Norwegian National Security Agency. She has also worked for Symantec, SINTEF with Center for Information Security (now NorSIS) and in Silicon Valley for Sun Microsystems Laboratories (now Oracle).

************************************************************************************

NISlecture 2013/06

Title : Security in the Networked Society

Speaker : Director Security Eva Fogelström, Ericsson Research

Abstract

Information and Communications Technology (ICT) is a recognized enabler for new ways of innovating, collaborating and socializing. The general availability of mobile broadband connectivity, smarter devices, cloud technology and more are vital components in the continued digitization of our society. Eventually, everything that can benefit from a connection will be connected. This all leads to a Networked Society.

The Networked Society is critically dependent on that devices, networks and services can be trusted. The wide range of devices and network technologies, the scale, and the amount of sensitive data generated and handled in the Networked Society all impact the complexity and the potential attack surface. Critical applications such as smart grid and eHealth must be able to securely co-exist with other services using – at least partly – the same infrastructure. This talk will present what we see as security challenges in the Networked Society and discuss some approaches to handle them.

About the Speaker :

Eva Fogelströmreceived an MSc degree in Electrical Engineering from KTH in 1992, and a PhD degree in telecommunications from KTH in 1997. Since 1997 she has been working for Ericsson Research, currently in Stockholm. During 1999-2002 she was located at Ericsson Research in Berkeley, California. Eva’s main research focus has been on communication security, mobility and multi-access. She has also been coordinator for Ericsson IETF standardization. Currently, she is head of the security department at Ericsson Research.

************************************************************************************

NISlecture 2013/07 

Title : Gray hairs and success stories of an incident response team

Speaker : Team leader UiO-CERT and deputy CSO at UiO Margrete Raaum

Published material:  Slides Video (the talk start approximately 10 minutes into the recording)

Abstract :

All organisations should think through their security incident response, and build awareness around the incident response team. An IRT will increase the ability to see flaws in your internal security, and every single post mortem result in changes, from small policy changes to larger organizational changes. We will look at mistakes and successes.

We will also take a closer look at the international security community: at examples of why building a network is so important, and how you as a more mature team can start giving back to the community.

About the Speaker :

Margrete Raaum has experience with information security since 1998. She has worked for the academic sector, the ISP community as well as for the Norwegian Security Authority and National CERT, NSM/NorCERT. Margrete Raaum is currently team leader of UiO-CERT, deputy CSO at the University of Oslo and is also elected member of the steering committee and board of directors of FIRST (Forum of Incident Response and Security Teams). She holds a Master of Information security from Gjøvik University College, specializing in information security trust networks.

************************************************************************************

NISlecture 2013/08

Title : Threat Perception

Speaker : Senior Cyber Security Specialist Frode Hommedal National Security Authority (NSM)

Published material: Slides Video (the talk start approximately 4 minutes into the recording)

Abstract :

A robust risk perception is at the center of an appropriate approach to information security governance and risk management. Although surprisingly many have difficulties in carrying out asset valuation and vulnerability identification, shortcomings in threat perception might well be the most eminent challenge when organizations assess security risks in their networks and systems.

About the Speaker :

Frode Hommedal has experience from software and hardware development. For the past six years he has been working at the National Security Authority with the Norwegian Computer Emergency Response Team (NorCERT) mainly analyzing and responding to severe ICT-security incidents.

************************************************************************************

NISlecture 2013/09

Title : How to Make Cyber Security Part of a Company's DNA?

Speaker : Cyber Security Officer (CSO) Ulf Feger, Huawei Technologies Deutschland GmbH

Published material: Video (the talk start approximately 10 minutes into the recording)

Abstract :

Huawei released in October 2013 a Cyber Security White Paper designed to inform ongoing discussions on how the global industry can address cyber security challenges. The white paper discusses how to make cyber security a part of a company’s DNA and calls for common international cyber security standards to be agreed upon and implemented globally. The white paper provides details into Huaweis end-to-end cyber security approach, including a more practical overview of the approach to the design, build and deployment of technology that involves cyber security considerations, including overarching strategy and governance structure, its day-to-day processes and standards, staff management, R&D, security verification, third-party supplier management, manufacturing, delivery and traceability.

About the Speaker:

Ulf Feger started his career as IT-consultant at CSC – Computer Science Corporation. After his change to Sun Microsystems he focused on security technologies and processes for various security domains. After several years he joined IBM Security Systems Division and worked in multiple roles, e.g. as security architect in a pan-European team to position IT-GRC and security topics, as a team leader for cloud and cloud security to drive security awareness for this complex service paradigm. After a short stopover at VMware, he was offered the Cyber Security Officer (CSO) position at Huawei with its multifaceted and interesting duties and tasks. Feger is a member of the international team around the Global Cyber Security Officer John Suffolk, and in charge of implementing Huawei’s cyber security strategy in Germany, but also covers a few other countries as well, including Norway.

************************************************************************************