2002
FISSEA Conference:
Speaker Abstracts
Kelly Arnold, National Security Agency-National
Cryptologic School
Judy Hoover, National Security Agency-National Cryptologic School
"Train the Trainer: "Third Base Coach: Getting and Keeping Your Players
in the Game Through Interaction""
This presentation will cover why interaction is so important in teaching adults. Participants will focus on maintaining interaction throughout the class: icebreakers/openers; data presentation; and review sessions through hands-on demonstrations. Many other techniques will be provided via handouts.
Maxine Hill, General Services Administration
Susan Boaz, Veterans Affairs
"Training the Physically Challenged (Live Demonstration Using the U.S. Treasury
Tool)"
This session will address tools available at GSA's Center for IT Accommodation to assist stakeholders in evaluating products for conformance with the Federal Acquisition Regulation regarding Section 508 of the Rehabilitation Act. A live demonstration using the U.S. Treasury Tool will be presented.
Jim Litchko
Litchko & Associates, Inc.
"How to Sell IT Security or "Sucking-Up Works""
The number one requirement for an effective security program is senior management support. How do you get it? This presentation will describe a "business" approach to selling security including an introduction to four key components for successfully selling security to management: what, who, how and when. Attendees will learn that the primary keys to promoting a security program are, how to leverage internal or external events, and know the client.
Thornton May
Toffler Associates
Keynote Speaker (Thursday)
"The Future Security Curriculum"
In the much simpler world of 30 years ago Coca Cola assembled 200 multi-ethnic youngsters on a hilltop in Italy and had them sing. The message - the whole world could be united in its desire for a single product. While the world might be able to coalesce in its desire for a carbonated beverage, it certainly can't make up its mind what we need to know, who needs to know it, who should be teaching and how security should be taught.It has become common knowledge that all stakeholders in the enterprise should 'know a little something' about security and privacy. Thornton's keynote session will deal with the state of executive knowledge on system security and then comment on the future of 'teaching' security.
Lynn McNulty, Director of Government
Affairs, ISC2 and
Marc Thompson, Vice President ISC2 Institute
CISSP UPDATE
This presentation will review the growth of the Certified Information Systems Security Professional (CISSP) credential over the past year. These will be discussed in the context of recent initiatives to professionalize the Federal IT security workforce. The session will also review the new Common Body of Knowledge training program. Marc Thompson will devote the last part of this presentation to discuss the recently announced ISC2 Institute.
Louis Numkin, Moderator
Nuclear Regulatory Commission
"IG INFOSEC AUDITING - A Panel on an IG View of Information Security Resulting
From Recent Audits"
Panelists: Vickie McCray, KMPG, LLP, James Nagle, Department of State,
Beth Serepca, NRC, Bill Wadsworth, General Accounting Office
The panel will inform attendees about several topics which were subjects of recent IG Audits, including: Internet usage monitoring, GISRA - especially as it applies to computer security awareness, training, and education, IT Application Audits, and demonstrate how audit outcomes can become the basis for more training than just "lessons learned."
Alan Paller
The SANS Institute
Keynote Speaker (Wednesday)
"Catching the Wave: Forces Shaping the Future of Information Security"
With the cumulative impact of Lion, Leaves, Code Red, Nimda and September 11th still pounding in their heads, senior management has changed the forces that shape the path that computer security is taking in their organizations. In this fast-paced briefing, Alan will illustrate each of the major changes with real-world examples. Then he will offer an action plan, based on promising practices actually in place in Federal agencies and large organizations, for security people who want to take maximum advantage of the opportunities these shifting forces offer.
Angel Rivera
The MITRE Corporation
This session will cover the lessons learned in setting up a CSIRT from the ground up while working at the FDIC. We will start with the basic definition of an incident, move through the process of setting up basic policies and procedures, and end up with how to survive a GAO or OIG audit of your CSIRT.
Michael Robertson
Office of the Associate CIO for Cyber Security
Mike Robertson, of the Office of the Associate CIO for Cyber Security, will discuss DOE's Cyber Security Training, Education, and Awareness (TEA) program. He will cover how it is intended to improve cyber security awareness by providing DOE Federal and contractor personnel, including but not limited to users, managers, IT and cyber security professionals, with a practical understanding of cyber security threats and vulnerabilities, and the skills and capabilities to address them.Building on successful initiatives undertaken over the past two years, the Office of the CIO is continuing support of the SANS Institute's conference, and the use of SANS on-site, and on-line training. In 2002, the TEA program is being expanded to include a forensic awareness course and revised classified and unclassified computer security courses. The TEA program identifies competency learning objectives, and develops a comprehensive cyber security training catalog and recognition program. Mike will also touch on metrics for the program, briefly discussing DOE's approach and the issues involved with developing and gaining acceptance of meaningful metrics.
Brian Snow
National Security Agency
"We Need Assurance"
NSA is willing to rely on commercial security products and services to satisfy its customer's needs, but only if the commercial offerings have sufficient assurance of quality, reliability, safety, and appropriateness for use. These assurances are lacking in most of today's commercial security products.Security Educators need to be aware of this major shortfall, and be able to train customers and users that a list of functions for security gear is not adequate; one most also know if it is capable of continuing to provide those functions when stressed in a malicious environment.
Paths to better assurance in Operating Systems, Applications, and Hardware through better development environments, requirements definition, systems engineering, quality certification, and legal constraints will be discussed, with a focus on how to educate the end users and customer organizations.
Robert Solomon
NASA - John Glenn Research Center - Expert Center for IT Security Awareness
and Training
"The NASA Expert Center for IT Security Awareness and Training"
NASA has established the Expert Center for Information Technology Security awareness and Training to provide a coordinated and consistent focus on Information security training. The presentation will describe how NASA has used this approach to provide consistent IT Security training to its diverse and distributed installations and multiple audiences. The use of various delivery mechanisms to provide training and the approach to measuring participation will also be discussed. Some of the NASA-developed products will be described.
William L. Tafoya, PhD.
Computer Sciences Corporation
"The Role of Formal Education in the Future of INFOSEC"
This presentation will discuss an informal survey that reports on the role of formal education in today's information security professional positions in corporate America and in government as a specific position requirement. Also discussed will be the possible, probable, and preferable future of INFOSEC as a function of the evolution of other professions.