5th Annual IT Security Automation Conference and Expo Presentations
Below is a list of presentations from the 5th Annual IT Security Automation Conference and Expo.
Day 1 (10/26/2009)
- SCAP Introduction
- Benchmark Development Course (T)
- NIST/ISAlliance VOIP SCAP Project - Phase II Kickoff
Day 2 (10/27/2009)
- General
- SCAP
- DoD Security Automation Strategy and Activities
- Health IT and FIPS
- Computer Network Monitoring, Audit, and Logging
- Cloud Computing
Day 3 (10/28/2009)
- General
- SCAP
- DoD Security Automation Strategy and Activities
- Compliance Frameworks/800-53/FISMA
- SCAP Technical
- Cloud Computing
Day 4 (10/29/2009)
- SCAP Workshops
- Security Automation Workshops
Day 1 (10/26/2009)
| Presenter(s) | Presentation |
|---|---|
| MITRE | SCAP Introduction |
| MITRE | Making Security Measurable |
| MITRE | OCIL Introduction |
| Presenter(s) | Presentation |
|---|---|
| MITRE | Introduction |
| MITRE | Phase 1: Writing Good Guidance |
| MITRE | Phase 2: Augmenting Recommendations using SCAP |
| MITRE | Phase 3: Checking Language Overview |
| MITRE | Phase 4: Introduction to Creating Checks |
| MITRE | Phase 5: Benchmark Structure and Tailoring with XCCDF |
| MITRE | Conclusion |
| Presenter(s) | Presentation |
|---|
Day 2 (10/27/2009)
| Presenter(s) | Presentation |
|---|---|
| Cita Furlani (NIST) | Conference Welcome Address |
| Phil Reitinger, Deputy Undersecretary (DHS) | Keynote |
| Tim Grance (NIST) | NIST Address |
| John Thompson, Chairman of the Board and former CEO (Symantec), Mark Bregman, CTO (Symantec) | Symantec Address |
| Mischel Kwon, Vice President Public Sector Security Solutions (RSA, The Security Division of EMC) | RSA Address |
| Alain Mayer (RedSeal) | IT Risk - CVSS and Beyond |
| Presenter(s) | Presentation |
|---|---|
| Jim Ivers (Triumfant) | Security Automation Through Granular Change Detection |
| Ed Bellis (Orbitz) | Automating Vulnerability Management at Orbitz with SCAP |
| Jim Hansen (BigFix) | BigFix's Experience with Standards |
| Rajat Bhargava (StillSecure), Tom Lerach (HP) | Industry Standards: The Key to Deploying a Closed-Loop Process for Endpoint Policy Compliance |
| Tiffany Jones (Symantec) | Situational Awareness *Secure Ops |
| Jonathan Couch (iSight) | Next Generation SCAP: Threat Intelligence Scoring and XML Reporting Standards |
| Kim Watson, Paul Bartock | Securing the Enterprise Panel
[Slides] [Text] |
| Presenter(s) | Presentation |
|---|---|
| Mark Orndorff | HBSS Open Framework Strategy |
| Mason Brown (SANS) | Consensus Audit Guidelines |
| LtCol Wolfkiel (NSA) | ARF, ARCAT, and Summary Reporting (T) |
| Shawn Oles (NSA), Sandra Harrell-Cook (NSA) | CND Data Strategy (T) |
| Paul Green (G2), George Saylor (G2) | Expanding Use of SCAP: Malware Detection and MACE Tool Demo (T) |
| Presenter(s) | Presentation |
|---|---|
| Rob Snelick (NIST) | NIST HIT Test Infrastructure Project |
| Kenneth Lin (Booz Allen Hamilton) | Architecting Measurable Security in Health Information Technology using SCAP |
| Ryan Brewer, CISO (CMS) | Centers for Medicare and Medicaid Services Case Study |
| Tim Polk (NIST) | Cryptographic Transition Strategies |
| Randy Easter (NIST) | Cryptographic Validation Programs |
| Sharon Keller (NIST) | Cryptographic Validation Programs |
| Gerald Beuchelt (MITRE) | Secure and Scalable RESTful Health Data Exchange |
| Presenter(s) | Presentation |
|---|---|
| Bruce Gabrielson | Insider Threat Panel |
| Lawrence Dobranski (Nortel Networks), John Nagengast (AT&T), Ben Halpert (Lockheed Martin) | Developing an SCAP Solution for Unified Communications |
| Paul Sand (Salare Security, LLC) | Using SCAP for Automated VoIP Configuration, Assurance and Security |
| Mark Humphrey (Boeing), Scott Armstrong (Gideon Technologies) | Baseline Standards for Applying SCAP to Secure VoIP |
| Bill Heinbockel (MITRE) | Common Event Expression (CEE) (T) |
| Anton Chuvakin | Log Standard Challenges |
| Chip Lutz (Booz Allen Hamilton) | NSA Audit Management |
| Kevin Bingham (NSA) | Final Thoughts |
| Presenter(s) | Presentation |
|---|---|
| David Hunter (VMWare), Kunjal Trivedi (Cisco), Nicklous Combs (EMC Federal) | A Vision for a Private Cloud |
| Prakash Sinha (Citrix) | App-Centric Scalability, Reliability, and Security in the Cloud |
| Hasan S. Alkhatib (Microsoft) | Security Challenges in Cloud Computing |
| Jim Blakley (Intel Corporation) | The Cloud Architecture Transformation |
| Victor L. Harrison (Object Management Group (OMG) Board of Directors) | Cloud Standards: Opening the Cloud |
| George Reese (enStratus) | Separating Perceptional from Real Security Concerns |
| Charles Crouchman (Opalis) | Why Automation and Interoperability is Critical to Cloud Success |
Day 3 (10/28/2009)
| Presenter(s) | Presentation |
|---|---|
| Tony Sager (NSA) | Keynote |
| Richard Hale (DISA) | DoD Address |
| Ron Ross (NIST) | Next Generation Risk Management |
| Paul Bartock | Operating System Vendor Panel |
| Presenter(s) | Presentation |
|---|---|
| Kelly Hengesteg (Microsoft), Chase Carpenter (Microsoft) | Microsoft Adoption of SCAP |
| Steve Grubb (RedHat), Kevin Sitto (G2) | The OpenSCAP Project |
| Paul Bartock | Public Sector Adoption of SCAP Panel |
| Bill Niester (Qualys) | Automating the Continuous Compliance Process in the Decentralized Enterprise |
| Dr. Mike Lloyd (RedSeal Systems, Inc.), Doug Dexter (Cisco) | Automating Network Security Assessment |
| Wyatt Starnes (SignaCert) | Enhancing SCAP with Whitelist-based Image Management |
| Andy Bove | Vendor Interoperability Panel |
| Presenter(s) | Presentation |
|---|---|
| Michele Iversen (NSA) | DoD Sensor Grid Security Automation Requirements |
| David Hoon (DISA) | VMS/STIG SCAP Strategy (T) |
| Bruce Gabrielson (Booz Allen Hamilton) | Automating Attack Analysis Using Audit Data (T) |
| NETSPA (T) | |
| Matthew Wojcik (Mitre) | Remediation Specification (T) |
| Presenter(s) | Presentation |
|---|---|
| Kurt Dillard | Understanding the Greatest FDCC Technical Challenges (T) |
| Arnold Johnson (Information Technology Laboratory) | FISMA Implementation Project Update |
| Kent Landfield (McAfee) | FDCC Compliance and Audit |
| Tony Uceda-Velez (Gideon Technologies) | SCAP - Lessons Learned and an Enterprise Use Case |
| Wende Peters (Johns Hopkins APL) | National Information Assurance Engagement Center (NIAEC) |
| Presenter(s) | Presentation |
|---|---|
| Andy Bove (Secure Acuity) | Content Validation (T) |
| Tim Keanini (nCircle) | Semantic Technologies Primer (T) |
| Scott Streit | Semantic Engineering and Modeling Panel |
| Matthew Wojcik (MITRE) | Semantic Engineering and Modeling Panel |
| Paul Cichonski (Booz Allen Hamilton) | Semantic Engineering and Modeling Panel |
| Vaibhav Khadikar (University of Texas at Dallas), Jyothsna Rachapalli (University of Texas at Dallas) | Relational Database to Triple Store Migration (T) |
| Presenter(s) | Presentation |
|---|---|
| Ron Knode (CSC) | Into the Cloud with SCAP |
| Ron Ritchey (Booz Allen Hamilton) | Using SCAP to Mitigate Risks in the Cloud |
| Scott Chasin (McAfee) | Security as a Service |
| Aaron Bawcom (Reflex Systems) | New Advances in Virtualization Security Enable Secure Cloud Computing |
| Tom Klaff (Surety, LLC) | Cloud-enabled Protection of Data Integrity and Authenticity of Electronic Content |
| Gary Sumner (DataCastle Corporation) | Endpoint Data Protection Services |
| Pete Nicoletti (Terremark) | An Accredited Fed Cloud IaaS |
Day 4 (10/29/2009)
| Presenter(s) | Presentation |
|---|---|
| Drew Buttner (MITRE), Brant Cheikes (MITRE) | The Future of CPE (T) |
| XCCDF Technical Deep-Dive for Next Version (T) | |
| Matthew Wojcik (MITRE) | Where we Stand with Remediation (T) |
| Presenter(s) | Presentation |
|---|---|
| Robert Martin (MITRE) | Software Assurance Automation (T) |
| Robert Martin (MITRE) | ISO, ITU, Common Criteria, and the Content Automation Efforts (T) |
| Red Hat | OpenSCAP (T) |
| Penny Chase (MITRE) | Malware Attribute Enumeration and Characterization (MAEC) Introduction (T) |