IT Security Focus Day: Monday 07 June, 2010

Sign up for this in-depth and interactive workshop day examining the latest advances in IT security and information assurance. During this focus day, you can expect smaller, classroom-style sessions and in-depth discussions with class leaders and fellow attendees.

8:15 Registration & Coffee

9:00am – 10:00am NASA update: NASA’s Identity, Credential, and Access Management (ICAM) Architecture

From 2006 to the present, NASA has developed and matured an Enterprise Architecture segment for ICAM to be able to consistently issue credentials from user IDs to PIV smartcards, and ensure proper access to NASA's physical and IT assets.

The focus now is on Trust and what that means to NASA’s internal access as well as for federated identities/federated credentials. There has been a great deal of movement in the area of federation with the Federation Interoperability Working Group under the Federal Government's ICAM Subcommittee, and NASA is one agency performing federation pilots.

What will be covered:

  • NASA's ICAM
  • The move to integrate all applications into its ICAM infrastructure
  • Current initiatives, including tying training requirements to access, removing access in an automated fashion when someone leaves, and, finally, knowing who IT remote users are

How you will benefit:

  • Learn about innovations in looking at:
    • The level of confidence we have in a person
    • The level of assurance we have in their credential
    • The level of risk that access to a particular IT asset has
  • Discover how we can make smart decisions about access if we identify those three facets well

Session Leader:

Corinne S. Irwin
PMP, Project Executive for Authentication and Authorization, Architecture and Infrastructure Division
Office of the Chief Information Officer, NASA

10:15am – 11:30amUsing virtualization to protect against malicious codes: Defending against Advanced Persistent and Zero Day Threats against the Enterprise

Today's threats that compromise enterprise networks do so largely through users getting phished and infected through their browsers. Advanced persistent threats use zero day browser exploits to implant on the desktop and maintain a stealthy presence with backdoor access to command and control networks. These threats will be discussed and preventative solutions described.

What will be covered:

  • The malicious software epidemic
  • How malicious software bypasses firewalls and anti-virus solutions
  • How virtualization technology can be leveraged for security
  • How to collect intel on your adversaries

How you will benefit:

  • Learn about emerging cyber threats
  • Understand how advanced persistent threats defeat current security measures
  • Discover how users are integral to your security
  • Learn how to protect against advanced persistent and zero day threats

Session Leader:

Dr. Anup K Ghosh
Founder
Secure Command, Inc.

11:30am – 12:30pm Lunch will be served

12:30pm – 2:30pm Earlier intervention of insider threats: Focusing on the Pre-Insider

The problem with many insider threat detection systems is the focus on after-the-fact detection of threat activity. Our Autonomic Detector of Insider Adversaries (ACADIA) approach is to move the window of observation back to the where the first signs of social-behavioral change would be present. Rather than looking for events that would indicate an attack or attack rehearsal, our focus is on detecting subtle variations in cyber event data that would indicate changes in sentiment, social interactions and/or mental health. In this, we are detecting the pre-insider – the person who’s most likely to harm the organization in the future. By bringing such a change to the notice of management early, timely intervention can remediate a potential problem.

What will be covered:

  • Host-based cyber activity monitoring and aggregation and initial anomaly and trending analyses
  • Specialized, server-based sensors, e.g. for performing social networking and sentiment analyses on email
  • Centralized, organizational-level correlation of cyber activity

How you will benefit:

  • Learn how insider attacks can be prevented by detecting social-behavioral changes that occur prior to attack planning
  • Through early detection of problem behaviors allow for earlier intervention and better overall organizational health
  • Discover how Linguistic Appraisal Theory makes fine-grained distinctions that reduce false alarms

Session Leaders:

Catherine D. Call
Principal Investigator

Dr. Terry Patten, Principal Scientist (co-author)
Charles River Analytics, Inc.

2:45pm – 4:45pm The following session restricted to US Citizens Only!:Applications of Semantic Technologies on Information Assurance in IT Domains

IT in the 21st century enforces information sharing (net-centric). The timely flow of the correct information to the mission partners is fundamental, but at the same time security threats rise as the overarching nemesis. Current IA mechanisms are not able to protect the information as we need, but semantic technologies show potential to solve the problem.

What will be covered:

  • Why current mechanisms fail
  • Current trends on information sharing in IT
  • What are the semantic technologies that apply to the problem
  • Current efforts and success in applying semantic technologies

How you will benefit:

  • Gather a view on current IA mechanisms and why they cannot protect on the “envisioned” net-centric
  • Gain a brief understanding of semantic technologies trends and how they can be applied to the problem
  • Receive a synopsis of current work in the area

Session Leader:

Renato Levy
D.Sc., Chief Scientist/VP
Intelligent Automation, Inc.

[ Register Now ]