National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

5th Annual IT Security Automation Conference and Expo Presentations

Below is a list of presentations from the 5th Annual IT Security Automation Conference and Expo. If any presenters from the conference, or associated workshops, would like to have their presentation listed please send the presentation, presenter's name, presentation date, and track name to david.lee@nist.gov.

Day 1 (10/26/2009)

  • SCAP Introduction
  • Benchmark Development Course (T)
  • NIST/ISAlliance VOIP SCAP Project - Phase II Kickoff

Day 2 (10/27/2009)

  • General Session Presentations
  • SCAP Track Presentations
  • DOD Security Automation Strategy and Activities Track Presentations
  • Health IT and FIPS Track Presentations
  • Computer Network Monitoring, Audit, and Logging Track Presentations
  • Cloud Computing Track Presentations

Day 3 (10/28/2009)

  • General Session Presentations
  • SCAP Track Presentations
  • DOD Security Automation Strategy and Activities Track Presentations
  • Compliance Frameworks/800-53/FISMA Track Presentations
  • SCAP Technical Track Presentations
  • Cloud Computing Track Presentations

Day 4 (10/29/2009)

  • SCAP Workshops
  • Security Automation Workshops

Day 1 (10/26/2009)

SCAP Introduction
Presenter(s) Presentation
MITRE SCAP Introduction
MITRE Making Security Measurable
MITRE OCIL Introduction
Benchmark Development Course (T)
Presenter(s) Presentation
MITRE Introduction
MITRE Phase 1: Writing Good Guidance
MITRE Phase 2: Augmenting Recommendations using SCAP
MITRE Phase 3: Checking Language Overview
MITRE Phase 4: Introduction to Creating Checks
MITRE Phase 5: Benchmark Structure and Tailoring with XCCDF
MITRE Conclusion

Day 2 (10/27/2009)

General
Presenter(s) Presentation
Cita Furlani, NIST Conference Welcome Address
Phil Reitinger, Deputy Undersecretary, DHS Keynote
Tim Grance, NIST NIST Address
John Thompson, Chairman of the Board and former CEO and Mark Bregman, CTO, Symantec Symantec Address
Mischel Kwon, Vice President Public Sector Security Solutions of RSA, The Security Division of EMC RSA Address
Alain Mayer, RedSeal IT Risk - CVSS and Beyond (Lunch and Learn Session)
SCAP
Presenter(s) Presentation
Jim Ivers, Triumfant Security Automation Through Granular Change Detection
Ed Bellis, Orbitz Automating Vulnerability Management at Orbitz with SCAP
Jim Hansen, BigFix BigFix's Experience with Standards
Rajat Bhargava, StillSecure and Tom Lerach, HP Industry Standards: The Key to Deploying a Closed-Loop Process for Endpoint Policy Compliance
Tiffany Jones, Symantec Situational Awareness *Secure Ops
Jonathan Couch, iSight Next Generation SCAP: Threat Intelligence Scoring and XML Reporting Standards
Kim Watson, Moderator and Paul Bartock, Moderator Securing the Enterprise Panel [Slides] [Text]
DoD Security Automation Strategy and Activities
Presenter(s) Presentation
Mark Orndorff HBSS Open Framework Strategy
Mason Brown, SANS Consensus Audit Guidelines
LtCol Wolfkiel, NSA ARF, ARCAT, and Summary Reporting (T)
Shawn Oles and Sandra Harrell-Cook, NSA CND Data Strategy (T)
Paul Green and George Saylor, G2 Expanding Use of SCAP: Malware Detection and MACE Tool Demo (T)
Health IT and FIPS
Presenter(s) Presentation
Rob Snelick, NIST NIST HIT Test Infrastructure Project
Kenneth Lin, Booz Allen Hamilton Architecting Measurable Security in Health Information Technology using SCAP
Ryan Brewer, CMS CISO Centers for Medicare and Medicaid Services Case Study
Tim Polk, NIST Cryptographic Transition Strategies
Randy Easter, NIST Cryptographic Validation Programs
Sharon Keller, NIST Cryptographic Validation Programs
Gerald Beuchelt, MITRE Secure and Scalable RESTful Health Data Exchange
Computer Network Monitoring, Audit, and Logging
Presenter(s) Presentation
Bruce Gabrielson, Moderator Insider Threat Panel
Lawrence Dobranski, Nortel Networks, John Nagengast, AT&T, and Ben Halpert, Lockheed Martin Developing an SCAP Solution for Unified Communications
Paul Sand, Salare Security, LLC Using SCAP for Automated VoIP Configuration, Assurance and Security
Mark Humphrey, Boeing, and Scott Armstrong, Gideon Technologies Baseline Standards for Applying SCAP to Secure VoIP
Bill Heinbockel, MITRE Common Event Expression (CEE) (T)
Anton Chuvakin Log Standard Challenges
Chip Lutz, Booz Allen Hamilton NSA Audit Management
Kevin Bingham, NSA Final Thoughts
Cloud Computing
Presenter(s) Presentation
David Hunter, VMWare, Kunjal Trivedi, Cisco, and Nicklous Combs, EMC Federal A Vision for a Private Cloud
Prakash Sinha, Citrix App-Centric Scalability, Reliability, and Security in the Cloud
Hasan S. Alkhatib, Microsoft Security Challenges in Cloud Computing
Jim Blakley, Intel Corporation The Cloud Architecture Transformation
Victor L. Harrison, Object Management Group (OMG) Board of Directors Cloud Standards: Opening the Cloud
George Reese, enStratus Separating Perceptional from Real Security Concerns
Charles Crouchman, Opalis Why Automation and Interoperability is Critical to Cloud Success

Day 3 (10/28/2009)

General
Presenter(s) Presentation
Tony Sager, NSA Keynote
Richard Hale, DISA DoD Address
Ron Ross, NIST Next Generation Risk Management
Paul Bartock, Moderator Operating System Vendor Panel
SCAP
Presenter(s) Presentation
Kelly Hengesteg and Chase Carpenter, Microsoft Microsoft Adoption of SCAP
Steve Grubb, RedHat and Kevin Sitto, G2 The OpenSCAP Project
Paul Bartock, Moderator Public Sector Adoption of SCAP Panel
Bill Niester, Qualys Automating the Continuous Compliance Process in the Decentralized Enterprise
Dr. Mike Lloyd, RedSeal Systems, Inc. and Doug Dexter, Cisco Automating Network Security Assessment
Wyatt Starnes, SignaCert Enhancing SCAP with Whitelist-based Image Management
Andy Bove, Moderator Vendor Interoperability Panel
DoD Security Automation Strategy and Activities
Presenter(s) Presentation
Michele Iversen, NSA DoD Sensor Grid Security Automation Requirements
David Hoon, DISA VMS/STIG SCAP Strategy (T)
Bruce Gabrielson, Booz Allen Hamilton Automating Attack Analysis Using Audit Data (T)
NETSPA (T)
Matthew Wojcik, Mitre Remediation Specification (T)
Compliance Frameworks/800-53/FISMA
Presenter(s) Presentation
Kurt Dillard Understanding the Greatest FDCC Technical Challenges (T)
Arnold Johnson, Information Technology Laboratory FISMA Implementation Project Update
Kent Landfield, McAfee FDCC Compliance and Audit
Tony Uceda-Velez, Gideon Technologies SCAP - Lessons Learned and an Enterprise Use Case
Wende Peters, Johns Hopkins APL National Information Assurance Engagement Center (NIAEC)
SCAP Technical
Presenter(s) Presentation
Andy Bove, Secure Acuity Content Validation (T)
Tim Keanini, nCircle Semantic Technologies Primer (T)
Scott Streit Semantic Engineering and Modeling Panel
Matthew Wojcik, MITRE Semantic Engineering and Modeling Panel
Paul Cichonski, Booz Allen Hamilton Semantic Engineering and Modeling Panel
Vaibhav Khadikar and Jyothsna Rachapalli, University of Texas at Dallas Relational Database to Triple Store Migration (T)
Cloud Computing
Presenter(s) Presentation
Ron Knode, CSC Into the Cloud with SCAP
Ron Ritchey, Booz Allen Hamilton Using SCAP to Mitigate Risks in the Cloud
Scott Chasin, McAfee Security as a Service
Aaron Bawcom, Reflex Systems New Advances in Virtualization Security Enable Secure Cloud Computing
Tom Klaff, Surety, LLC Cloud-enabled Protection of Data Integrity and Authenticity of Electronic Content
Gary Sumner, DataCastle Corporation Endpoint Data Protection Services
Pete Nicoletti, Terremark An Accredited Fed Cloud IaaS

Day 4 (10/29/2009)

SCAP Workshops
Presenter(s) Presentation
Drew Buttner and Brant Cheikes, MITRE The Future of CPE (T)
XCCDF Technical Deep-Dive for Next Version (T)
Matthew Wojcik, MITRE Where we Stand with Remediation (T)
Security Automation Workshops
Presenter(s) Presentation
Robert Martin, MITRE Software Assurance Automation (T)
Robert Martin, MITRE ISO, ITU, Common Criteria, and the Content Automation Efforts (T)
Red Hat OpenSCAP (T)
Penny Chase, MITRE Malware Attribute Enumeration and Characterization (MAEC) Introduction (T)