Folks, 2nd Call for the CRIME meeting this next Tuesday. See you there! Speaker: Gene Kim from Portland's own Tripwire Security. Topic: "An IT Safety Metric: Why Is It So Difficult To Maintain Control?" Synopsis: The job of security practitioners is bad enough trying to detect bad guys, but what happens when forces conspire to make the task of remediation and recovering almost impossible? Rapid capacity expansion and "break/fix" cycles often lead to loss of repeatable builds. This talk describes how the loss of production controls, configuration management, and change control leads to configuration drift and the loss of what is a "known, good state." We also describe how to measure it, and recover it before you need to. To measure an IT organization's ability to avert "unbounded security remediation" efforts, Kim and Dr. Spafford developed the IT Safety Index. We present case studies to display the various attributes of Level 0 to Level 5 organizations to show how basic capabilities map to an IT organizations ability to provide business continuity and security. Gene's Bio: As co-creator of the original Tripwire software and co-founder of Tripwire, Inc., Gene Kim now serves as Vice President and Chief Technical Officer. While his major responsibility is Tripwire products and development of future technology, his stamp on Tripwire can be seen everywhere, from new products and business development, to sales and marketing. Kim also frequently serves as the company evangelist, speaking at industry events and contributing articles on security-related topics. Kim co-created the first version Tripwire software in 1992 when he was a student at Purdue University working under security luminary, Dr. Eugene Spafford. Tripwire worked so well it was quickly embraced by the security community and eventually became a part of best practices for computer security professionals around the world. After earning his B.S. in Computer Sciences from Purdue, he earned an M.S. in Computer Sciences from the University of Arizona. Kim also spent summers at the Supercomputing Research Center (now known as the Center for Computing Sciences) in Maryland working with many of the country's best computer scientists, engineers, and mathematicians on high-performance computing techniques for the National Security Agency. Following that, Kim worked at Intel and then at Infinite Pictures where he met Wyatt Starnes. He and Starnes formed Tripwire, Inc. in 1997 to create a dramatically enhanced version of Tripwire that would protect data and network integrity for Internet-driven businesses. Directions: http://crime.zotconsulting.com/directions.php3 <http://crime.zotconsulting.com/directions.php3> Geo
This archive was generated by hypermail 2b30 : Sat Sep 07 2002 - 19:06:13 PDT