Comprehensive Threat Intelligence
Large far-flung and complex organizations often blur the lines between the strategic, tactical and operational dimensions of cyber risk management. The net result is a fragmented strategy for understanding threats and mitigating the most relevant and pertinent cyber risks.
US-CERT Operational Model, Future Goals and Network & Information Security
RICHARD HARRIS, Chief, Future Operations, US CERT, National Cyber Security Division, DHS
Like most organizations, the US-CERT is constantly striving to improve itself and the way we do business. To realize the US-CERT vision to become a trusted global leader in cybersecurity – collaborative, agile, and responsive in a complex environment, we restructured along our lines of operation as derived from the US-CERT Strategic Plan. This change will eliminate bottlenecks in the flow of information between our operational functions and define ownership for an entire line of operations from input to outcome. Additionally, the reorganization will enhance our capability to develop and maintain information sharing partnerships and ensure that US-CERT grows in a strategic and coordinated fashion. How the US-CERT shares information and collaborates within the National Cyber Security Division, federal government and other partners and shareholders are key to network and information security.
Key Topics:
US-CERT; information security; network security, incident management
Learning Objectives:
1. Become familiar with US-CERT operational model and goals.
2. Understand how US-CERT supports network and information security.
The Evolution of Information Sharing: Using Technology, Policy, and Standardization to turn Data into Business Assets
MARY FORBES, Chief Enterprise Architect, Office of Enterprise Architecture, Office of the Chief Information Officer, HHS
PATRICIA CRAIGHILL, Special Advisor to the Chief, Warfighting Integration, NEXTGEN/JPDO, Assistant Director of Defense, SAF/XC - NEXTGEN, US Air ForceWOLF TOMBE, Chief Technology Officer, Customs & Border Protection
DAVID LEWIS, CTO, Nationwide SAR Initiative, JUSTICE
DERMOT O’MAHONY, Vice President of LexisNexis, Advanced Government Solutions, LexisNexis
Across the government, there has been tremendous growth in the number of successful information sharing programs aimed at breaking-down silos and sharing data with other agencies, nations and our citizens. Despite the undeniable benefits these initiatives have provided, today’s climate of limited resources, increased expectations and calls for the reform of Federal IT requires us to further push for efficiencies and innovation in our information sharing programs. During this panel, architecture, infrastructure, and information sharing experts will share strategies and experiences which will give attendees a fresh perspective on how new technologies, policies, standards and IT/end-user collaboration can benefit any information sharing program- large or small.
Learning Objectives:
• Learn what technologies, infrastructures, and standards are proving successful in various information sharing initiatives.
• Discuss techniques on garnering buy-in from non-IT leaders on your initiatives, and how to transform your program into a business asset
• Key Topics in this Session include: Information Sharing, Information Sharing Security, Shared Services, Enterprise Architecture, NIEM, Standards
|
Securing the Software: An Industry Perspective Insights on New DOD Legislation That Redefines Software Security
With the 2011 National Defense Authorization Act (NDAA), the DOD is taking a leadership position by defining policy that emphasizes the need to protect and defend the software layer.
The Advanced Persistent Threat (APT) is rapidly becoming very adept at penetrating government network defenses, increasingly focusing its efforts on the software layer.
Fortify's Public Sector President, Kelly Collins and Federal Division CTO, Rob Roy address this topic in Fortify's new podcast.
Segment one discusses:
- What is new about the software security assurance provisions in the 2011 NDAA?
- Why is the focus on the software layer important?
- Why has the software layer been deemphasized in the past?
- What does the new NDAA policy do to address this challenge?
Segment two discusses:
- What solutions are available to enable the DOD to comply with the new NDAA policy?
- How can the DOD ensure their software is as secure, or more secure, than their hardware?
- How is the systems integrator community getting involved?
As the leader of Fortify's Public Sector Division, Kelly Collins works closely with public officials to raise awareness on the critical need for cogent policy to protect government systems from cyberattack. She ensures customer success with Fortify's products in the Defense and Intelligence Community as well as at Civilian government agencies.
Rob Roy is currently the Federal Chief Technology Officer at Fortify Software. In this capacity, he represents Fortify's technology leadership to Government, Systems Integrator and Critical Infrastructure organizations seeking to address their Software Security Assurance challenges. He believes that protecting information at the application level is the last line of defense in a never-ending cyber threat that is increasing in both sophistication and harm to the international community.
Workforce 2.0 - Integrating Social Media, Mobility and Telework to Securely Modernize the Workplace
JIRKA DANEK, Chief Technology Officer & Chief Information Security Officer, Office of CTO, Information Technology Services Branch, Public Works and Government Services Canada
The way that people work is changing, and so are the places in which they work. In the Government of Canada, the Workplace 2.0 initiative reflects that fact, and also sets the groundwork for enabling productive changes in the public service toward a more collaborative and open work environment. This workplace renewal strategy takes place across three pillars: The Workplace, The Back-Office, and the Way We Work. Its goals include a more mobile and sustainable workspace, a more efficient and effective back office, and the increased integration of collaborative media.
Learning Objectives:
• To gain a greater understanding of the importance of a more collaborative and open work environment as well as its implications on productivity and work/life balance for employees of the Government of Canada.
• To realize, through the pillars of Workplace 2.0, the many ways in which the workplace, its tools, and its back office, can further serve the workforce to achieve their goals and objectives of providing valuable and efficient services to Canadians.
• Key Topics in this session include: Collaborative Technology, Social Media, IT Infrastructure, Back Office, Mobility and Flexibility in the Workplace, Sustainability, and Telework
Panel on the Positive Impact of Digital Forensics on Organizational IT Security
NOAH NASON, Chief, IT Service Management Division, ATF
LAM NGUYEN, Associate Laboratory Director, Justice
DARA SEWELL, Investigative Analysis Unit Chief, FBI
KENNETH MENDELSON, Managing Director, STROZ FRIEDBERG
Our panel of digital forensics practitioners will address from their years of practical experience what they have learned about the threat to IT security. The panel will address their practical responses once an incident has been detected. The panel will also address what they have learned the audience can apply to their own systems to harden them. Finally, we plan to quickly speak to internal vice external forensics support.
Learning Objectives:
1. What forensic auditors/technicians are saying about the threat.
2. What the panel members can extrapolate from their own capabilities into what the bad guys can do.
3. What reactive (incident response) are being taken post compromise/attack.
4. What attendees can learn from the forensics analysis on the Who, What, When, How, and Why they can apply to proactively harden their systems.
5. Internal vice external forensics support: costs, pitfalls, training certification.
|
