CRIME IEEE: 1/16 Thurs 6pm "Operations and Security Effectiveness" Lecture - Computer & Communications Chapters

From: M. Alex Harkins (Harkins@private)
Date: Mon Jan 06 2003 - 13:54:42 PST

  • Next message: George Heuston: "CRIME FW: [Cyber_threats] Daily News 01/07/03"

         Institute of Electrical and Electronic Engineers (IEEE)
                             Oregon Section
                         Computer Society Chapter
                     Communications Society Chapter
                        http://www.ieee.or.com/
            Joint Meeting and Technical Lecture Announcement
    
    Topic:    "Maximizing Operations and Security Effectiveness: 
                      Why Integrity Is Misunderstood, and 
                          Strategies to Cope and Thrive"
    
    Speaker:                    Gene Kim
        Chief Technology Officer and Co-founder of Tripwire, Inc.
    
    Date & Time:   January 16, 2003, Thursday
                   6:00 PM - Networking & food/refreshments
                            (sponsored by AZAD  http://www.azad.com)
                   6:45 PM - Technical Lecture
    Cost:
                   Free and open to the public
    
    RESERVATIONS:  By 12 NOON January 15, 2003, Wednesday
                   http://www.ieee.or.com/programs.html  
    
    Location:
        Oregon Graduate Institute of Science and Technology (OGI)
                  Wilson Clark Center, main dining room
                20000 NW Walker Rd., Beaverton, OR 97006
           Campus map: http://www.ogi.edu/maps/campus_map.html
     (Host: OGI Center for Professional Development www.cpd.ogi.edu)
    
    ABSTRACT:
    In the quest to maximize availability and uptime, many 
    operations and information security practitioners will quickly 
    point out that the largest problems stem from poor configuration 
    management and change control practices.  The ITIL and BS17799 
    practices are emerging as the industry standard for IT best 
    practices, but even those practices do not show how to ensure 
    that actual practices match best practices.  In this 
    presentation, we will present the results of numerous 
    benchmarking exercises, where we found a most surprising 
    correlation:  the "best in class" operations organizations with 
    the lowest Mean Time to Repair (MTTR) and the highest 
    server/sysadmin ratios are consistently the most secure as well.  
    To motivate why this is the case, we will present the Visible 
    Ops methodology, which is based on the ITIL concepts, and 
    represents how "best in class" operations conduct daily 
    processes.  The goals of the Visible Ops methodology are to 
    decrease Outage MTTR, improve operational efficiencies, and 
    build a "culture of causality" in operations.  Visible Ops 
    concentrates on ensuring process integrity by using Tripwire in 
    three service level disciplines: Release Management, Controls, 
    and Problem Management.  Key benefits of the methodology include 
    a step-by-step cookbook for creating processes, even where none 
    currently exist, and a framework for generating key metrics for 
    continual process improvement.  This talk also describes the 
    twenty years of computing history that has led to the current 
    state of affairs, including IT decentralization and 
    commoditization of technology, changes in the capacity expansion 
    model caused by the transition from mainframe to distributing 
    computing, and the continual tendency to misdiagnose the 
    problems, addressing only symptoms while the underlying disease 
    remains misunderstood.  This talk is intended to provide 
    practical IT audit and control philosophies, in the context of 
    classical IT defense philosophies, but addressing the new 
    problems posed by modern infrastructures.
    
    BIOGRAPHY: 
    Gene Kim is the chief technology officer and co-founder of 
    Tripwire, Inc.  In 1992, he co-authored Tripwire while at Purdue 
    University with Dr. Gene Spafford.  Although Gene is widely 
    published on computer security, operating systems and networking 
    in SANS, Usenet, ACM and IEEE publications and is a frequent 
    speaker at industry conferences, he is continually fixated on 
    the problems of data and network integrity.  He is currently 
    working with Spafford on IT safety models to explain why IT is 
    in so much pain, and show how basic capabilities such as 
    repeatable builds and quick remediation are the key to running 
    IT securely.  He holds an M.S. in computer science from 
    University of Arizona and a B.S. in computer sciences from 
    Purdue University.
    
    For information on this lecture, contact:
                                Alex Harkins   harkins@private
    
    Interested in Security and Privacy?  Check out IEEE Computer 
    Society's new magazine.  Free download of initial supplement 
    published with the November issue of Computer Magazine:
                    http://www.computer.org/security/
    
    For information on the IEEE Society Chapters, contact:
                Computer: Hadi Asgharzadeh    hadi@private
          Communications: Pradeep Kumar       pradeep@private
    
    Check out these sites for joining information: 
                    IEEE: http://www.ieee.org/membership/join/
                Computer: http://www.computer.org/join/
          Communications: http://www.comsoc.org/member/index.html
    
    ===============================================================
    Other related lectures:
    
    Digital Forensics and Computer Crime Series at OCATE
       http://www.ocate.edu/lecture_schedule.htm
     Friday, January 17, 2003, 12:30 pm 
       Simple But Sound First Responder Tools Jesse Kornblum 
     Friday, January 31, 2003 12:30 pm
       The Future of Computer Forensics Mark Pollitt
     Friday, February 14, 2003, 12:30 pm
       Evaluating IDS Systems 
       (Why testing Security Software is Hard) John McHugh 
     Friday, February 28, 2003, 12:30 pm
       Error, Uncertainty, & Loss in Digital Evidence Eoghan Casey
    Sponsored by OCATE, CRIME (Computer Related Investigations 
    Management & Education), and PSU/CS Laboratory for Digital 
    Forensics and Security Research
    
    IEEE Oregon Lectures, Seminars, and Events:
         http://www.ieee-or.org/events/
    
    OGI-OHSU Center for Professional Development Public Lectures:
         http://cpd.ogi.edu
    



    This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 20:48:48 PST