5th Annual IT Security Automation Conference and Expo Presentations
Below is a list of presentations from the 5th Annual IT Security Automation Conference and Expo.
Day 1 (10/26/2009)
- SCAP Introduction
- Benchmark Development Course (T)
- NIST/ISAlliance VOIP SCAP Project - Phase II Kickoff
Day 2 (10/27/2009)
- General
- SCAP
- DoD Security Automation Strategy and Activities
- Health IT and FIPS
- Computer Network Monitoring, Audit, and Logging
- Cloud Computing
Day 3 (10/28/2009)
- General
- SCAP
- DoD Security Automation Strategy and Activities
- Compliance Frameworks/800-53/FISMA
- SCAP Technical
- Cloud Computing
Day 4 (10/29/2009)
- SCAP Workshops
- Security Automation Workshops
Day 1 (10/26/2009)
Presenter(s) | Presentation |
---|---|
MITRE | SCAP Introduction |
MITRE | Making Security Measurable |
MITRE | OCIL Introduction |
Presenter(s) | Presentation |
---|---|
MITRE | Introduction |
MITRE | Phase 1: Writing Good Guidance |
MITRE | Phase 2: Augmenting Recommendations using SCAP |
MITRE | Phase 3: Checking Language Overview |
MITRE | Phase 4: Introduction to Creating Checks |
MITRE | Phase 5: Benchmark Structure and Tailoring with XCCDF |
MITRE | Conclusion |
Presenter(s) | Presentation |
---|
Day 2 (10/27/2009)
Presenter(s) | Presentation |
---|---|
Cita Furlani (NIST) | Conference Welcome Address |
Phil Reitinger, Deputy Undersecretary (DHS) | Keynote |
Tim Grance (NIST) | NIST Address |
John Thompson, Chairman of the Board and former CEO (Symantec), Mark Bregman, CTO (Symantec) | Symantec Address |
Mischel Kwon, Vice President Public Sector Security Solutions (RSA, The Security Division of EMC) | RSA Address |
Alain Mayer (RedSeal) | IT Risk - CVSS and Beyond |
Presenter(s) | Presentation |
---|---|
Jim Ivers (Triumfant) | Security Automation Through Granular Change Detection |
Ed Bellis (Orbitz) | Automating Vulnerability Management at Orbitz with SCAP |
Jim Hansen (BigFix) | BigFix's Experience with Standards |
Rajat Bhargava (StillSecure), Tom Lerach (HP) | Industry Standards: The Key to Deploying a Closed-Loop Process for Endpoint Policy Compliance |
Tiffany Jones (Symantec) | Situational Awareness *Secure Ops |
Jonathan Couch (iSight) | Next Generation SCAP: Threat Intelligence Scoring and XML Reporting Standards |
Kim Watson, Paul Bartock | Securing the Enterprise Panel
[Slides] [Text] |
Presenter(s) | Presentation |
---|---|
Mark Orndorff | HBSS Open Framework Strategy |
Mason Brown (SANS) | Consensus Audit Guidelines |
LtCol Wolfkiel (NSA) | ARF, ARCAT, and Summary Reporting (T) |
Shawn Oles (NSA), Sandra Harrell-Cook (NSA) | CND Data Strategy (T) |
Paul Green (G2), George Saylor (G2) | Expanding Use of SCAP: Malware Detection and MACE Tool Demo (T) |
Presenter(s) | Presentation |
---|---|
Rob Snelick (NIST) | NIST HIT Test Infrastructure Project |
Kenneth Lin (Booz Allen Hamilton) | Architecting Measurable Security in Health Information Technology using SCAP |
Ryan Brewer, CISO (CMS) | Centers for Medicare and Medicaid Services Case Study |
Tim Polk (NIST) | Cryptographic Transition Strategies |
Randy Easter (NIST) | Cryptographic Validation Programs |
Sharon Keller (NIST) | Cryptographic Validation Programs |
Gerald Beuchelt (MITRE) | Secure and Scalable RESTful Health Data Exchange |
Presenter(s) | Presentation |
---|---|
Bruce Gabrielson | Insider Threat Panel |
Lawrence Dobranski (Nortel Networks), John Nagengast (AT&T), Ben Halpert (Lockheed Martin) | Developing an SCAP Solution for Unified Communications |
Paul Sand (Salare Security, LLC) | Using SCAP for Automated VoIP Configuration, Assurance and Security |
Mark Humphrey (Boeing), Scott Armstrong (Gideon Technologies) | Baseline Standards for Applying SCAP to Secure VoIP |
Bill Heinbockel (MITRE) | Common Event Expression (CEE) (T) |
Anton Chuvakin | Log Standard Challenges |
Chip Lutz (Booz Allen Hamilton) | NSA Audit Management |
Kevin Bingham (NSA) | Final Thoughts |
Presenter(s) | Presentation |
---|---|
David Hunter (VMWare), Kunjal Trivedi (Cisco), Nicklous Combs (EMC Federal) | A Vision for a Private Cloud |
Prakash Sinha (Citrix) | App-Centric Scalability, Reliability, and Security in the Cloud |
Hasan S. Alkhatib (Microsoft) | Security Challenges in Cloud Computing |
Jim Blakley (Intel Corporation) | The Cloud Architecture Transformation |
Victor L. Harrison (Object Management Group (OMG) Board of Directors) | Cloud Standards: Opening the Cloud |
George Reese (enStratus) | Separating Perceptional from Real Security Concerns |
Charles Crouchman (Opalis) | Why Automation and Interoperability is Critical to Cloud Success |
Day 3 (10/28/2009)
Presenter(s) | Presentation |
---|---|
Tony Sager (NSA) | Keynote |
Richard Hale (DISA) | DoD Address |
Ron Ross (NIST) | Next Generation Risk Management |
Paul Bartock | Operating System Vendor Panel |
Presenter(s) | Presentation |
---|---|
Kelly Hengesteg (Microsoft), Chase Carpenter (Microsoft) | Microsoft Adoption of SCAP |
Steve Grubb (RedHat), Kevin Sitto (G2) | The OpenSCAP Project |
Paul Bartock | Public Sector Adoption of SCAP Panel |
Bill Niester (Qualys) | Automating the Continuous Compliance Process in the Decentralized Enterprise |
Dr. Mike Lloyd (RedSeal Systems, Inc.), Doug Dexter (Cisco) | Automating Network Security Assessment |
Wyatt Starnes (SignaCert) | Enhancing SCAP with Whitelist-based Image Management |
Andy Bove | Vendor Interoperability Panel |
Presenter(s) | Presentation |
---|---|
Michele Iversen (NSA) | DoD Sensor Grid Security Automation Requirements |
David Hoon (DISA) | VMS/STIG SCAP Strategy (T) |
Bruce Gabrielson (Booz Allen Hamilton) | Automating Attack Analysis Using Audit Data (T) |
NETSPA (T) | |
Matthew Wojcik (Mitre) | Remediation Specification (T) |
Presenter(s) | Presentation |
---|---|
Kurt Dillard | Understanding the Greatest FDCC Technical Challenges (T) |
Arnold Johnson (Information Technology Laboratory) | FISMA Implementation Project Update |
Kent Landfield (McAfee) | FDCC Compliance and Audit |
Tony Uceda-Velez (Gideon Technologies) | SCAP - Lessons Learned and an Enterprise Use Case |
Wende Peters (Johns Hopkins APL) | National Information Assurance Engagement Center (NIAEC) |
Presenter(s) | Presentation |
---|---|
Andy Bove (Secure Acuity) | Content Validation (T) |
Tim Keanini (nCircle) | Semantic Technologies Primer (T) |
Scott Streit | Semantic Engineering and Modeling Panel |
Matthew Wojcik (MITRE) | Semantic Engineering and Modeling Panel |
Paul Cichonski (Booz Allen Hamilton) | Semantic Engineering and Modeling Panel |
Vaibhav Khadikar (University of Texas at Dallas), Jyothsna Rachapalli (University of Texas at Dallas) | Relational Database to Triple Store Migration (T) |
Presenter(s) | Presentation |
---|---|
Ron Knode (CSC) | Into the Cloud with SCAP |
Ron Ritchey (Booz Allen Hamilton) | Using SCAP to Mitigate Risks in the Cloud |
Scott Chasin (McAfee) | Security as a Service |
Aaron Bawcom (Reflex Systems) | New Advances in Virtualization Security Enable Secure Cloud Computing |
Tom Klaff (Surety, LLC) | Cloud-enabled Protection of Data Integrity and Authenticity of Electronic Content |
Gary Sumner (DataCastle Corporation) | Endpoint Data Protection Services |
Pete Nicoletti (Terremark) | An Accredited Fed Cloud IaaS |
Day 4 (10/29/2009)
Presenter(s) | Presentation |
---|---|
Drew Buttner (MITRE), Brant Cheikes (MITRE) | The Future of CPE (T) |
XCCDF Technical Deep-Dive for Next Version (T) | |
Matthew Wojcik (MITRE) | Where we Stand with Remediation (T) |
Presenter(s) | Presentation |
---|---|
Robert Martin (MITRE) | Software Assurance Automation (T) |
Robert Martin (MITRE) | ISO, ITU, Common Criteria, and the Content Automation Efforts (T) |
Red Hat | OpenSCAP (T) |
Penny Chase (MITRE) | Malware Attribute Enumeration and Characterization (MAEC) Introduction (T) |