7th Annual IT Security Automation Conference and Expo Presentations
Below is a list of presentations from the 7th Annual IT Security Automation Conference and Expo.
Please click here to download all the presentations as of 12/01/11.
Day 1 (10/31/2011)
- General Session Presentations
- Continuous Monitoring
- Software Assurance
Day 2 (11/01/2011)
- General
- Continuous Monitoring
- Automation Specifications
- Network Automation
- IT Security Threats
- Vendor Product Highlights
Day 3 (11/02/2011)
- General
- Continuous Monitoring
- Automation Specifications
- Network Automation
- Future of Global Vulnerability Reporting
Day 1 (10/31/2011)
Presenter(s) | Presentation |
---|---|
Donna Dodson, Chief, Computer Security Division/Deputy Cyber Security Advisor (NIST) | Opening Remarks |
Dr. Patrick Gallagher, Deputy Undersecretary for Standards and Technology, and Director of NIST (NIST) | Welcome Address |
Tony Sager, Information Assurance Chief Operating Officer (NSA) | Keynote Address |
Steve Orrin (Intel), David O'Berry (McAfee) | Plenary Session: Building Security Beneath the OS |
Presenter(s) | Presentation |
---|---|
George Moore (State), Kim Watson (NSA), Joe Wolfkiel (DISA), Tim McBride (DHS), Kelley Dempsey (NIST), Nadya Bartol (Booz Allen Hamilton) | Panel: Paradigm Change - What do we need to do differently to succeed? |
Nadya Bartol (Booz Allen Hamilton), Jamie Miller (Booz Allen Hamilton) | Maximizing ROI for Continuous Monitoring |
Tim Keanini (nCircle) | Boyd's OODA Loop and Continuous Monitoring |
Earnest Neal (ASG), Steve Johnston (Tripwire) | Continuous Monitoring for Federal Information Systems |
Keren W. Cummins (nCircle) | Continuous Monitoring 2.0: Creating a Federal Benchmark Community in the Cloud |
Matt Coose (DHS), Peter Mell (NIST), Michele Iverson (Education), Michael Jones (US Army), Rick Hill (Booz Allen Hamilton) | Panel: Strategic View of Continuous Monitoring - The Vision and How to Get There |
Presenter(s) | Presentation |
---|---|
Joe Jarzombek (DHS), Tom Millar (DHS), John Banghart (NIST) | Mitigating the Risk of Zero-Day Attacks with Software Security Automation |
Sean Barnum (MITRE) | Measure Software Security |
Richard Struse (DHS), Sean Barnum (MITRE) | Cyber Observables eXpression (CybOX) - Use Cases |
Richard Struse (DHS), Steve Christey (MITRE) | Workshop: Risk Analysis and Measurement with CWRAF |
Penny Case (MITRE), Ivan Kirillov (MITRE) | Malware Attribute Enumeration and Characterization (MAEC) |
Richard Struse (DHS) | Toward CWE Compatibility Effectiveness and CWE Coverage Claims Representation (CCR) |
Paul E. Black (NIST) | Toward CWE Compatibility Effectiveness |
Day 2 (11/01/2011)
Presenter(s) | Presentation |
---|---|
Welcome Address | |
Holly Ridgeway (DoJ) | Plenary Session: Building a Continuous Monitoring Program at the Department of Justice with Security Automation (Unavailable) |
Joseph Drissel (Cyber ESI) | Plenary Session: Intrusions and Incident Handling: The Big Problem (Unavailable) |
Presenter(s) | Presentation |
---|---|
Joe Wolfkiel (DISA) | Gaps in Automated Situational Awareness |
Brandon Wood (IBM) | Implementing Situational Awareness with Continuous Compliance in Federal Agencies |
Peter Mell (NIST) | Continuous Monitoring Technical Reference Model Overview |
Peter Mell (NIST), Kent Landfield (McAfee), Tim Keanini (nCircle), Kathleen Moriarty (EMC), Adam Montville (Tripwire) | Panel: Continuous Monitoring Technical Reference Model |
Paul Suh (Booz Allen Hamilton) | Emerging Trends in Automated Continuous Monitoring Operations Research |
Kevin Stine (NIST), Kelley Dempsey (NIST) | 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations |
Presenter(s) | Presentation |
---|---|
David Waltermire (NIST), Karen Scarfone (Scarfone Cybersecurity) | SCAP 1.2 Overview |
David Waltermire (NIST), Jon Baker (MITRE), Harold Booth (NIST), Adam Halbardier (Booz Allen Hamilton), Charles Schmidt (MITRE) | Panel: SCAP 1.2 |
Chris McCormick (Booz Allen Hamilton) | NVD CPE Dictionary Management Practices |
Jon Baker (MITRE) | OVAL 5.10 Update |
Charles Schmidt (MITRE) | XCCDF 1.2 Update |
Harold Booth (NIST) | A Trust Model for Security Automation Data |
Presenter(s) | Presentation |
---|---|
Paul Bartock (NSA), Steve Hanna (Juniper) | Getting the Network Security Basics Right |
Doug Dexter (Cisco) | Automating Network Security Assessment |
Paul Bartock (NSA), Steve Hanna (Juniper), Doug Dexter (Cisco), Kent Landfield (McAfee), Matt Webster (Lumeta) | Panel: Future of Security Compliance and Automation |
Presenter(s) | Presentation |
---|---|
David O'Berry (McAfee) | The Future Landscape of IT Security Threats |
Marc Maiffret (eEye Digital Security) | IT Security Insights: On the Frontline of the Threat Landscape |
Pat Cain (APWG) | Anti-Phishing Working Group Adventures in Information Sharing: Now and for the Future |
Wes Young (REN-ISAC) | The Evolution of Collective Intelligence |
Kathleen Moriarty (EMC) | IETF MILE, Improving Incident and Information Sharing Standards |
Marcos Osorno (JHU-APL) | Enabling Coordinated Incident Handling and Information Sharing |
Tom Millar (US-CERT) | Enabling Distributed Incident Management |
Paul Cichonski (NIST) | Enabling Distributed Incident Management: Identifying, Responding, Reporting and Coordinating at Scale and Speed |
Presenter(s) | Presentation |
---|---|
A. N. Ananth (Prism Microsystems) | Cutting Through the SIEM/Log Management Vendor Marketing |
Douglas Wilson (Mandiant) | Identifying & Sharing Threat Information with OpenIOC |
Michael Tan (Microsoft) | PowerShell Support in SCAP 1.2 |
Vlad Pigin (Microsoft) | Security Configuration Simplified with the Microsoft Security Compliance Manager (SCM) |
Brian Marshall (Vanguard Integrity Professionals) | Using Vanguard Configuration Manager for Continuous Manager for Continuous Monitoring of NIST Security Controls on the IBM z/OS Operating System Environment |
Marlon Gaspar (Modulo) | Using OVAL for Information Security Application Integration |
Day 3 (11/02/2011)
Presenter(s) | Presentation |
---|---|
Welcome Address | |
John Paul Chalpin (Exeter Government Services), Matthew Smith (G2), Gunnar Engelbach (ThreatGuard) | Plenary Presentation: Using OCIL to Improve Health Information Security |
Dr. Antonio Mauro | Plenary Presentation: Cloud Computing Security for DoD/Governments (U.S.) |
Presenter(s) | Presentation |
---|---|
Dr. George Moore (Dept. of State) | Effective Measures for Continuous Monitoring |
Matt Alderman (Qualys) | New Requirements For Continuous Monitoring In The Cloud |
Greg Decker (Booz Allen Hamilton) | NexGen Vulnerability Management |
Eric Winterton (Booz Allen Hamilton) | SP 800-53: The Common Link Between SCAP and Common Criteria |
Almaz Tekle (Deloitte & Touche), Christian Neeley (Deloitte & Touche) | Operational Aspects of Continuous Monitoring |
James Park (NSA) | Providing Risk Metrics Using Security Automation, Protocols, and Standards |
Presenter(s) | Presentation |
---|---|
Karen Scarfone (Scarfone Cybersecurity) | Common Configuration Scoring System (CCSS) |
Adam Halbardier (Booz Allen Hamilton) | ARF 1.1 and Asset Identification 1.1 |
Adam Halbardier (Booz Allen Hamilton) | SCAP 1.2 Datastream Formats |
Mark Davidson (MITRE) | Asset-Based Summary Results Reporting |
Adam Halbardier (Booz Allen Hamilton) | Tasking and Targeting of Assessments |
George Saylor (G2) | Standardizing Event and Log Management with CEE and EMAP |
William Heinbockel (MITRE) | CEE |
Presenter(s) | Presentation |
---|---|
Randy Lee (Fortinet) | From Mobile Workers to IPv6 - How to Secure Today's Networks |
Matt Webster (Lumeta) | Security Coordination with IF-MAP |
Stephen Hanna (Juniper) | Security: A Coordinated Approach |
Luis Nunez (C3i Security) | SCAP for Inter-networking Devices |
Kent Landfield (McAfee), Aharon Chernin (SCAP.com), Chandrashekhar Basavanna (Secpod) | Content Repositories: Operational Approaches and Commercial Directions |
Aharon Chernin (SCAP.com) | SCAP.com Introduction |
Chandrashekhar Basavanna (Secpod) | SCAP Content Repository Preview |
Steve Tomasko (Booz Allen Hamilton) | Compliance Management for Mobile Devices |
Presenter(s) | Presentation |
---|---|
Tom Millar (US-CERT), Richard Struse (DHS), Steve Boyle (MITRE), Harold Booth (NIST), Art Manion (CERT/CC), Joe Hemmerlein (Microsoft) | Panel: The State of Global Vulnerability Reporting |
Harold Booth (NIST) | NVD Vulnerability Process |
Art Manion (CERT/CC) | CVE |
Tom Millar (US-CERT), Richard Struse (DHS), Art Manion (CERT/CC), Kent Landfield (McAfee), Tim Keanini (nCircle), Steve Boyle (MITRE) | Panel: The Future of Global Vulnerability Reporting |
Tom Millar (US-CERT), Richard Struse (DHS) | Workshop: Issues in Global Vulnerability Reporting and Identification |
Lal Narayanasamy (McAfee) | Efficiency in Security Audits - The Standards Journey of McAfee Policy Auditor |
Aharon Chernin (SCAP.com) | Workshop: Implementing a Standards-Based Security Automation Program Outside of the Federal Government |