6th Annual IT Security Automation Conference and Expo Presentations
Day 1 (09/27/2010)
- General
- Automation Specifications
- FDCC/USGCB
- Software Assurance
- SCAP 101 Tutorial
- Automation Content Tutorial
Day 2 (09/28/2010)
- General
- Automation Specifications
- Network Automation
- Innovative Uses of SCAP
- Security Management and Compliance Automation
- Security Automation for Cloud Computing
Day 3 (09/29/2010)
- General
- SCAP Workshop
- EMAP Workshop
- Remediation Workshop
- SCAP Product Validation Workshop
- Continuous Monitoring Workshop
Day 1 (09/27/2010)
Presenter(s) | Presentation |
---|---|
Welcome Address | |
Honorable Howard A. Schmidt, White House Cybersecurity Coordinator | Keynote Address |
Phil Reitinger, Deputy Undersecretary (DHS) | Keynote Address |
Track Lead Address |
Presenter(s) | Presentation |
---|---|
Paul Cichonski (BAH) | Automation Specifications Overview |
Chris Johnson (NIST) | Enterprise Remediation Automation |
William Heinbockel (MITRE) | CEE |
George Saylor (G2) | The Use of Rules in EMAP |
John Wunder (MITRE), Adam Halbardier (BAH) | ARF |
Tim Keanini (moderator) (nCircle), Luis Nunez (Cisco), Kent Landfield (McAfee), John Bordwine (Symantec), Jeff Spitulnik (IBM), Todd Dolinsky (HP) | Vendor Interoperability Panel |
Presenter(s) | Presentation |
---|---|
William Corrington (Dept. of the Interior) | Evolution of the USGCB |
Kurt Dillard (G2) | Overcoming Technical Challenges in the Windows Baselines |
Shelly Bird (Microsoft) | Lessons Learned from Our FDCC Customers: Unmanaged to Managed |
Kent Landfield (McAfee) | Moving Baselines Forward |
Scott Armstrong (Symantec), Tony Uceda-Velez (Symantec) | Lessons Learned Using SCAP Tools |
Steve Grubb (Red Hat) | Understanding the Red Hat Enterprise Linux Baseline Settings |
Presenter(s) | Presentation |
---|---|
Joe Jarzombek (DHS), Don Davidson (DoD), Dan Schmidt (NSA), Tim Grance (NIST), Bob Martin (MITRE) | |
Bob Martin (MITRE) | Knowing Your Weaknesses: CWE� |
Steve Christey (MITRE) | Ranking Your Weaknesses: CWSS� |
Sean Barnum (MITRE) | Understanding How They Attack Your Weaknesses: CAPEC� |
Penny Chase (MITRE) | Sharing Understanding of Malware: MAEC� |
Steve Quinn (NIST), Joe Jarzombek (DHS), Dan Schmidt (NSA) | CwA Panel on a Software Assurance Automation Protocol (SwAAP) |
Presenter(s) | Presentation |
---|---|
Karen Scarfone (G2) | SCAP Overview (NIST 800-126 & 800-117) |
Bryan Worrell (MITRE) | XCCDF Tutorial |
Matt Hansbury (MITRE) | OVAL� Tutorial |
Dave Mann (MITRE) | Standards Development Toolkit |
Dave Mann (MITRE) | |
Steve Christey (MITRE) | CVE� & CVSS |
Presenter(s) | Presentation |
---|---|
Kent Landfield (McAfee) | Innovating SCAP |
Tina Ackerman (NSA) | Easily Create SCAP Content Using the MACE Wizard |
Harold Booth (NIST) | SCAP Content Validation Tool |
Bryan Worrell (MITRE) | Recommendation Tracker |
Peter Parker (G2) | SCAP Content Creation Solutions Using the eSCAPe Editor and Libraries |
Jim Shelton (NSA), Mike Kinney (NSA), Dave Hoon (DISA) |
Day 2 (09/28/2010)
Presenter(s) | Presentation |
---|---|
Stephen Pawlowski, Senior Fellow and CTO for the Intel Architecture Group (Intel Corporation) | Keynote Address - Bringing the Trust Back into Cyber Space |
Tony Sager, Chief of the Vulnerability Analysis and Operations Group (NSA) | NSA Address - Security Automation: The Trail Ahead |
Tim Grance, Program Manager, Cyber & Network Security Program (NIST) | NIST Address - NIST Security Automation |
Presenter(s) | Presentation |
---|---|
Charles Schmidt (MITRE) | XCCDF |
Brant Cheikes (MITRE) | CPE� |
Jon Baker (MITRE) | OVAL� |
Maria Casipe (MITRE) | OCIL |
Charles Wergin (BAH), Harold Owen (G2) | National Checklist Program Submission Interface |
Presenter(s) | Presentation |
---|---|
Robert Hollis (ThreatGuard), Chris Farrow (VMWare) | Extending SCAP into the VMWare Virtual Infrastructure |
Doug Dexter (Cisco) | Automated Network Security Assessment |
Steve Hanna (Juniper Networks) | TNC: Open Standards for Network Security Automation |
Matt Webster (Lumeta) | Security Coordination with IF-MAP |
Dr. Bruce Gabrielson (BAH) | Progress in Near-Real Time Attack Detection At the Platform Level |
Presenter(s) | Presentation |
---|---|
Michael Tan (Microsoft) | Security Compliance Manager |
Tom Grill (VeriSign), Paul Sand (Salare Security) | SCAP for VoIP |
Kim Watson (NSA), Dr. George Moore (Dept. of State) | Role of SCAP in an Emerging Strategy for Continuous Certification and Accreditation |
Peter Guerra (G2), Shane Shaffer (G2) | Automated Creation of SCAP Content |
Jack Vander Pol (SPAWAR), Kyle Stone (SPAWAR) | Developing a Government-Funded SCAP-Validated Application |
Jim Ivers (Triumfant) | Leveraging SCAP for TNC, Endpoint Sensor Grid and Automated Remediation |
Presenter(s) | Presentation |
---|---|
Mischel Kwon (RSA) | IT Security: Tying the Pieces Together |
Alfredo Rohweder | FISMA & Security_Automation |
Davd Houlding (Intel Health) | Client Technologies that Help Assist with Security and Privacy Regulation Compliance |
Peter Mell (moderator), COL Michael Jones (HQDA), John Streufert (Dept. of State), Tim McBride (DHS) | Continuous Monitoring Panel
Cyber Dashboard Overview CAESARS Reference Architecture |
Kelley Dempsey (NIST) | Security Configuration Management |
Earnest Neal (Atlantic Systems Group, Inc.), Dirk Barrineau (VA) | FISMA Automation in a Global Enterprise |
Presenter(s) | Presentation |
---|---|
Peter Mell (NIST), Dennis Moreau (RSA) | |
Neil Ziring (moderator) (NSA), Mischel Kwon (RSA), Steve Orrin (Intel), Jen Nowell (Symantec), Gregg Brown (Microsoft) | Security Automation in Private Clouds Panel |
Peter Mell (NIST), Christopher Hoff (Cisco), Kent Landfield (McAfee), Duncan Hays (IRS) | Continuous Monitoring for Cloud Panel |
Kent Landfield (McAfee) | Continuous Monitoring in a Cloud Environment |
Ron Knode (CSC) | CloudTrust 2.0 |
Steve Orrin (Intel) | Creating Trustworthy Cloud Systems |
Rob Roy (Fortify) | The Need for Software Security Assurance to Secure Mission Critical Applications in the Federal Cloud |
Lee Badger (NIST), Chris Johnson (NIST) | Standards to Acceleration to Jumpstart Adoption of Cloud Computing |
Day 3 (09/29/2010)
Presenter(s) | Presentation |
---|---|
General Session Panel/Discussion |
Presenter(s) | Presentation |
---|---|
Charles Schmidt (MITRE) | XCCDF |
Charles Schmidt (MITRE) | XCCDF Discussion Topics |
Harold Booth (NIST) | Vulnerability Data Model |
Jon Baker (MITRE) | OVAL� Future Considerations |
John Wunder (MITRE), Adam Halbardier (BAH) | ARF |
Presenter(s) | Presentation |
---|---|
EMAP Status Update | |
OEEL Engineering Session | |
CERE Engineering Session | |
Emerging Topics |
Presenter(s) | Presentation |
---|---|
Chris Johnson (moderator) (NIST) | Common Remediation Enumeration (CRE) and Extended Remedation Information (ERI) |
Matthew Wojcik (moderator) (MITRE) | Remedation Policy |
Matthew Wojcik (moderator) (MITRE) | Remedation Tasking |
Matt Kerr (moderator) (G2) | Remedation Language |
Karl MacMillan (Tresys Technology) | Secstate: Flexible Lockdown, Auditing, and Remediation |
Presenter(s) | Presentation |
---|---|
John Banghart | SCAP Validation |
Presenter(s) | Presentation |
---|---|
Peter Mell (NIST), Harold Booth (NIST), Dave Waltermire (NIST) | Technical Foundations for Continuous Security Monitoring |
Peter Mell (moderator) (NIST), Kim Watson (NSA), Ron Gula (Tenable), Duncan Hays (IRS), Randy Barr (Qualys) | CM Technical Design Panel |
David Waltermire (NIST), Matt Coose (DHS) | Identifying Continuous Monitoring Measures |