Session T1: “An embarrassment of riches” - a review of infosec threat for the past year

The past year has produced a bit of a “perfect storm” for information security. The combination of the economic downturn, a less than congenial political landscape, and the advent of new platforms and attacks targeting them has resulted in an abundance of security problems for those with a stake in online activity. In this session we'll take a look at these and also explore various ways of lending some coherence to the discussion of the problems and possible solutions.

Session TH2: “Changing the game” - looking at the collision of the commercial world and IT security

One of the compelling questions faced by those who study security, especially those who are of a less academic bent, is how one might expect to make a living in the commercial security world. In this session, we'll discuss how the commercial side of security has evolved, and how the profound market shifts in security in particular and IT in general will likely affect this aspect of the world. We'll discuss both large corporate trends as well as the effect of major movements (cloud computing, economic downturns, etc.) on the professional outlook for security experts.

Session W2 & TH3
Personal Power to Organizational Power: Building Relationships That Take Us to the Next Level

In the competitive environment of academia, you barely have time for yourself, let alone, time to build sustainable relationships. However, research tells us that relationship-building is one of the key factors to our success.

Still, we often encounter challenges in what seems like, should be a pretty straight-forward process. Building influential relationships that take us to the next level is anything but straight-forward. This dynamic process actually requires intentionality, focus and planning. How we are viewed by our colleagues many times, can make or break us. And, if we believe “our behavior teaches others how to treat us,” then we want to ensure that we’re sending the right messages.

This workshop will be delivered in two parts:

Day One: We will examine some key relationship-building strategies that can help take us to the next level in our career advancement.

Coleman WISE 2010 Talk 1

Day Two: We will take it a step further by learning some simple tools and skills that you can leverage across these critical relationships, that will help to ensure you achieve your desired results.

Coleman WISE 2010 Talk 2

Session M1: End User Privacy

When developing and analyzing new security technologies, it is important to consider the perceptions of end users. If we develop a new technology, but end users are concerned about its implications to individual privacy, then they will be reluctant to accept the new technology. When this happens we have made minimal progress. Over the past several years, we have seen many privacy-related events, including changes in online usage, the creation of laws, and newsworthy events of privacy invasions. These events undoubtedly affect Internet users’ online actions and privacy concerns. In this talk, I will discuss the results of our most recent studies that capture end user perceptions of information security and privacy. The results are impacting the design of current and future systems, as well as organizational and U.S. policy.

Earp WISE 2010 Talk 1

Session T4: Privacy Policy: Implications for Developers

U.S. legislation at both the federal and state levels mandates certain organizations to inform customers about information uses through appropriate disclosures. Such disclosures are typically accomplished through privacy policies. Unfortunately, the policies are not easy to comprehend, and consumers do not typically read the policies provided by these organizations. Furthermore, the policies do not always accurately represent the true practices of the organization. Organizations need to ensure that the commitments about information practices, which they express in their policy policies, reflect their actual business practices. Therefore, the system developers need to understand the policy documents to know the privacy practices with which the software must comply. In this talk, I will describe our research that addresses the intersection of consumers, privacy policy, developers and legislation.

Earp WISE 2010 Talk 2

Session W4: What Happens to Women in Academia?

Several universities are actively seeking to increase women in the professoriate and create a climate that promotes the success of all faculty, including women. Additionally, the NSF has been funding universities interested in developing systemic approaches to increasing the advancement of women in STEM careers. In this session, we will talk about some of the problems and potential solutions of the challenges faced by women on the tenure-track. We will discuss the topic from an individual perspective, as well as the university perspective.

Earp WISE 2010 Talk 3

Session M4: Privacy Breach Response: What Happens When Personal Information Leaks Out?

Privacy breaches - improper disclosures of personal information without the consent of the person who is the subject of the personal information - happen. Despite expensive technical and legal strategies for privacy breach avoidance, privacy breaches occur. What happens next? In the US, legal liabilities often accompany privacy breaches. Statutes require notice to those whose personal information has been lost or compromised. Monetary damages may also be imposed for privacy breaches; and there is often longstanding damage to a data-leaker’s reputation. US privacy breach notification and liability laws are not always the norm in other nations. For example, in the UK, under legislation carrying out the European Union’s Data Protection Directive, and the newer ePrivacy Directive, resolution of privacy breaches is normally the responsibility of a member state’s Information Commissioner, rather than initiated by an individual privacy breach victim. Other nations, such as Japan, have neither privacy breach notification laws nor a centralized privacy enforcement agency. But they are nevertheless concerned about privacy breaches. In Japan, although apology payments are expected in privacy breach situations, privacy breaches are not so much considered legal liability problems, but rather shameful deficiencies in individual or corporate social responsibility.

Glancy WISE 2010 Talk 1

Session W5: Privacy Protection in Traffic Surveillance - Lessons from the United States, Japan and the United Kingdom

How to build privacy protection into traffic surveillance systems is a problem faced by transportation authorities all over the world. Indeed, privacy concerns have affected the architecture and design of some of the world’s most advanced traffic surveillance systems. The different approaches taken by transportation agencies in such countries as the US, Japan, and the UK to responding to privacy concerns about traffic surveillance offer perspectives about both privacy and traffic surveillance technologies. Especially interesting are the institutional, social, political, legal and technological influences that affect building privacy protection into advanced traffic surveillance in different parts of the world. A close look at the interactions between traffic surveillance technologies and privacy protection in different societies reveal fascinating and complex insights into how advanced technologies and privacy interests respond to each other.

Glancy WISE 2010 Talk 2

Session TH1: Hacking the Law for Researchers

Researchers can leverage the law to perform many interesting studies of information privacy and security practices. This presentation will focus upon several approaches to using the law in your research--state and federal freedom of information statutes can provide information about both government and business practices. Privacy laws often given individuals a right to access personal information about themselves, giving researchers opportunities to learn how data is being collected and used. Through TRUST, researchers at UC Berkeley have used these techniques to study how businesses decide to grant credit, how businesses share personal information, and the prevalence of identity theft among major businesses.

Hoofnagle WISE 2010 Talk

Session M2 & M3: Building Systems to Support Health Information Privacy
Regulations

The adoption of health information technology is proceeding at a frenetic pace. The quantity and detail of personal information stored in such systems is substantial and while it can improve primary care, it can also support numerous secondary endeavors with significant societal potential (e.g., biomedical research and comparative effectiveness studies). Certain regulations permit the sharing of such data without patient authorization provided that the data is sufficiently "de-identified", but not necessarily "anonymous". In this seminar, I will review what these regulations are and how to interpret them from a computational systems perspective. Then, I will review fundamental principles of data protection and why certain systems are not as protected as they appear to be. Finally, I will work through several examples of how data sharing has been achieved with formal computational guarantees to support research in the various application domains, such as clinical and genetic studies.

Malin WISE 2010 Talk in PDF

Session W1 & W3: Security and Privacy Issues in Remote Health Care System
Recent advances in wireless communication, networking, and information technology make it possible to monitor a patient's clinical status across diverse health care environments after acute hospital discharge, including rehabilitation facility, nursing facility, and home. Careful analysis of digitized clinical data generated by a patient with a chronic illness at high risk for episodic acute exacerbations presents an opportunity to detect adverse trends, prevent hospitalizations, and reduce costs. To translate this vision to reality, existing technologies on wireless communication, sensor platform, networking, and database must be fully integrated with the existing clinical enterprise to become part of the overall chronic disease management process.

This talk will present our research on supporting remote patient monitoring and management via an integration of sensor networking technology with the clinical enterprise system. Our solution integrates biosensor technology with a computerized decision support system, where sensor data is analyzed and translated into evidence-based recommendations for patient management. To ensure the generalizability of our approach, we use the Model-Integrated Computing approach, in which formal models of treatment protocols, security and privacy policies will be built to manage medical processes.

Xue WISE 2010 Talk

CPS WISE 2010 Talk

Movie WISE 2010 Talk

Session T2 & T3: Telemedicine in the ICU - technology changing lives

I will utilize the talk to provide some historical perspective and
insight into the use of Tele-ICU and how it has impacted clinical care
at the bedside. I will discuss the complexity of integrating systems and
workflow in this complex environment and lessons learned from this. The
talk will also focus on the unintended consequences of technology as it
impacts patient privacy and security. I will discuss mobile technology
and alerting systems to optimize timely clinical intervention. I will
complete the session by opening up the topic for discussion and comment.

Weavind WISE2010 Talk

WISE 2010 Patient Management Systems: Weavind, Albert, Mathe and Nadas

Dinner Keynote: Healthcare, Health IT, and Health Information Exchange, what do patients expect?

Today's HIT system vs. the major changes needed to build trustworthy systems. A survey of the current primitive HIT environment, what patients expect, the effects of key laws and regulations, the under-the-radar health data mining industries, and what ideal future HIT systems look like.

Peel WISE 2010 Talk