Institute of Electrical and Electronic Engineers (IEEE)
Oregon Section
Computer Society Chapter
Communications Society Chapter
http://www.ieee.or.com/
Joint Meeting and Technical Lecture Announcement
Topic: "Maximizing Operations and Security Effectiveness:
Why Integrity Is Misunderstood, and
Strategies to Cope and Thrive"
Speaker: Gene Kim
Chief Technology Officer and Co-founder of Tripwire, Inc.
Date & Time: January 16, 2003, Thursday
6:00 PM - Networking & food/refreshments
(sponsored by AZAD http://www.azad.com)
6:45 PM - Technical Lecture
Cost:
Free and open to the public
RESERVATIONS: By 12 NOON January 15, 2003, Wednesday
http://www.ieee.or.com/programs.html
Location:
Oregon Graduate Institute of Science and Technology (OGI)
Wilson Clark Center, main dining room
20000 NW Walker Rd., Beaverton, OR 97006
Campus map: http://www.ogi.edu/maps/campus_map.html
(Host: OGI Center for Professional Development www.cpd.ogi.edu)
ABSTRACT:
In the quest to maximize availability and uptime, many
operations and information security practitioners will quickly
point out that the largest problems stem from poor configuration
management and change control practices. The ITIL and BS17799
practices are emerging as the industry standard for IT best
practices, but even those practices do not show how to ensure
that actual practices match best practices. In this
presentation, we will present the results of numerous
benchmarking exercises, where we found a most surprising
correlation: the "best in class" operations organizations with
the lowest Mean Time to Repair (MTTR) and the highest
server/sysadmin ratios are consistently the most secure as well.
To motivate why this is the case, we will present the Visible
Ops methodology, which is based on the ITIL concepts, and
represents how "best in class" operations conduct daily
processes. The goals of the Visible Ops methodology are to
decrease Outage MTTR, improve operational efficiencies, and
build a "culture of causality" in operations. Visible Ops
concentrates on ensuring process integrity by using Tripwire in
three service level disciplines: Release Management, Controls,
and Problem Management. Key benefits of the methodology include
a step-by-step cookbook for creating processes, even where none
currently exist, and a framework for generating key metrics for
continual process improvement. This talk also describes the
twenty years of computing history that has led to the current
state of affairs, including IT decentralization and
commoditization of technology, changes in the capacity expansion
model caused by the transition from mainframe to distributing
computing, and the continual tendency to misdiagnose the
problems, addressing only symptoms while the underlying disease
remains misunderstood. This talk is intended to provide
practical IT audit and control philosophies, in the context of
classical IT defense philosophies, but addressing the new
problems posed by modern infrastructures.
BIOGRAPHY:
Gene Kim is the chief technology officer and co-founder of
Tripwire, Inc. In 1992, he co-authored Tripwire while at Purdue
University with Dr. Gene Spafford. Although Gene is widely
published on computer security, operating systems and networking
in SANS, Usenet, ACM and IEEE publications and is a frequent
speaker at industry conferences, he is continually fixated on
the problems of data and network integrity. He is currently
working with Spafford on IT safety models to explain why IT is
in so much pain, and show how basic capabilities such as
repeatable builds and quick remediation are the key to running
IT securely. He holds an M.S. in computer science from
University of Arizona and a B.S. in computer sciences from
Purdue University.
For information on this lecture, contact:
Alex Harkins harkins@private
Interested in Security and Privacy? Check out IEEE Computer
Society's new magazine. Free download of initial supplement
published with the November issue of Computer Magazine:
http://www.computer.org/security/
For information on the IEEE Society Chapters, contact:
Computer: Hadi Asgharzadeh hadi@private
Communications: Pradeep Kumar pradeep@private
Check out these sites for joining information:
IEEE: http://www.ieee.org/membership/join/
Computer: http://www.computer.org/join/
Communications: http://www.comsoc.org/member/index.html
===============================================================
Other related lectures:
Digital Forensics and Computer Crime Series at OCATE
http://www.ocate.edu/lecture_schedule.htm
Friday, January 17, 2003, 12:30 pm
Simple But Sound First Responder Tools Jesse Kornblum
Friday, January 31, 2003 12:30 pm
The Future of Computer Forensics Mark Pollitt
Friday, February 14, 2003, 12:30 pm
Evaluating IDS Systems
(Why testing Security Software is Hard) John McHugh
Friday, February 28, 2003, 12:30 pm
Error, Uncertainty, & Loss in Digital Evidence Eoghan Casey
Sponsored by OCATE, CRIME (Computer Related Investigations
Management & Education), and PSU/CS Laboratory for Digital
Forensics and Security Research
IEEE Oregon Lectures, Seminars, and Events:
http://www.ieee-or.org/events/
OGI-OHSU Center for Professional Development Public Lectures:
http://cpd.ogi.edu
This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 20:48:48 PST