
PRELIMINARY AGENDA


Computer System Security and Privacy Advisory Board  (CSSPAB) Meeting
And Workshop on "APPROACHES TO MEASURING SECURITY"

National Institute of Standards and Technology (NIST)
NIST North
820 West Diamond Avenue
Gaithersburg, MD
Lecture Room 152

NOTE:  Speakers/Times are subject to change without notice

Tuesday, June 13, 2000

 9:00 a.m.	Welcome
		Ed Roback, NIST

 9:05 a.m.	Opening Remarks
		Franklin Reeder, Chairman, CSSPAB

 9:15 a.m.	Workshop Goals
		Fran Nielsen, NIST

 9:30 a.m.	"Security Metrics - What Are They?"
		Stuart Katzke, National Security Agency

 9:45 a.m.	"Information Technology Security Assessment Framework"
		John Gilligan, Chief Information Officer
		Department of Energy, and
		Co-chair, CIO Council Security, Privacy, and Critical Infrastructure
		Protection Subcommittee

10:00 a.m.	"Defense Information Assurance Program (DIAP) – Information 	
		Assurance Readiness Assessment Metrics"
		Capt. Katharine Burton, Director, DIAP (invited)

10:45 a.m.	BREAK

11:15 a.m.	"Systems Security Engineering Capability Maturity Model (SSE-CMM)
		Profiles, Assurance and Metrics (PAM) Working Group"
		George Jelen, Director
		International Systems Security Engineering Association

12:00 p.m.	 LUNCH

 1:15 p.m.	"Information Security Metrics - An Audit-Based Approach"
		Jennifer L. Bayuk, Associate Director for Corporate Security
		Bears, Stearns & Co.

 2:00 p.m.	"Overview of FISCAM - Chapter 3"
		Darrell Heim, Assistant Director
		Accounting and Information Management Division
		General Accounting Office

 2:45 p.m.	BREAK

 3:15 p.m.	"Quantitative Risk Assessment"
		Fred G. Tompkins
		Key Technologies & Security Inc.

 4:00 p.m.	"Survey of Security in the World's Leading Organizations"
		William H. Murray
		Deloitte & Touche

 4:45 p.m.	"Cryptographic Algorithm Metrics"
		Landgrave T. Smith
		Institute for Defense Analysis

 5:15 p.m.	RECESS



Wednesday, June 14, 2000

 9:00 a.m.	Summary of Day One
		Fran Nielsen, NIST and attendees

 9:15 a.m.	Government Panel 
		Moderator: Joe Leo, U. S. Department of Agriculture
		Case studies- panelists:
			Robert Benedict, National Aeronautics and Space Administration 
			(invited)
			Jean Boltz, General Accounting Office
			James Craft, U. S. Agency for International Development
			Bill Hadesty, U.S. Department of Agriculture
			Edward Keefe, U.S. Customs
			
10:30	a.m.	BREAK

11:00	a.m.	DISCUSSION

12:00 p.m.  LUNCH

 1:15 p.m.	Industry Panel
		Moderator: John Sabo, Trivoli SecureWay
		Case Studies - panelists:
			Bob Aanerud, Global (invited)
			Tom Dunbar, Citigroup
			Pat Hymes, First Union
			Michael Leach, Dupont
			Randy Sanovic, General Motors
			Don Sarge, Proctor & Gamble (invited)

 3:30 p.m.	BREAK

 4:00 p.m.	DISCUSSION

 5:00 p.m.	RECESS


Thursday, June 15, 2000

 9:00 a.m.	Workshop Recap and Discussion of Potential Follow-on Activities
		Fran Nielsen, NIST

10:00 a.m.	How CSSPAB Can Make a Difference
		Open Discussion by the Board

10:45 a.m.	BREAK

11:00 a.m.	Continuation of Open Board Discussion

12:00 p.m.	LUNCH

 1:00 p.m.	The NIST Expert Review Team Effort
		Tim Grance, NIST

 2:00 p.m.	Board Discussion of Agenda Topics for September 2000 Meeting

 2:45 p.m.	Public Participation [5 minutes maximum per person; please sign up 
		with the Board Secretary]

 3:30 p.m.	ADJOURN