Thursday, January 10, 2008

Computing Systems Security

I was scheduled to start a class at UCLA Extension this evening in Vulnerability Assessment and Auditing, but it was cancelled (only three people signed up). Too bad, as it sounded very relevant to my new job:

Security professionals, auditors, and IT management must evaluate the security of their systems, both to ensure protection of critical business information and to meet an increasing array of regulatory requirements. This course provides an overview of security assessment methods and introduces technical tools for conducting security assessments. Key distinctions between information security audits, vulnerability assessments, and penetration testing are clarified. Assessment methodologies covered include audit general control reviews, Payment Card Industry (PCI) Data Security Standard, National Security Agency (NSA) INFOSEC Assessment Methodology, and NIST SP 800-30 risk assessment methods. Technical assessments of Windows and Unix environments are discussed, and open-source evaluation tools (such as nmap and nessus) are demonstrated.

Somewhat ironically, tomorrow morning I'm off to MacWorld Expo in San Francisco to be a speaker on auditing, actually - Using Common Criteria Tools Under Mac OS X - How To Audit Systems for Compliance with Business and Government Standards. This is the second year I'll be giving this presentation topic (I gave it in Jan 2007 also). Last year was successful, so along with repeating this presentation I also pitched the MWSF technical chief on doing a BOF session for Federal Systems Administration and Integration. They liked that idea, so I'm leading the discussion in that also (assuming anybody shows up at 6:30 PM). It is supposed to include the following, but as a BOF I think we can be flexible.
  • Configuring Macs for Federal Use
  • Auditing
  • CAC Cards
  • Problems and Solutions
  • Differences in Inspection Requirements
It will be interesting to see how this goes.

I'll be giving largely the same presentation this year that I gave last year, with only a few additions or changes. This is even though Apple has gone completely to Intel CPUs, and to OS X 10.5. I point this out because they haven't actually released the BSM installers for Intel (they can be got by special request), and they don't have BSM ready for OSX 10.5 either (not available by special request!).

Most of the people in the audience will understand though that I am not an Apple employee, or even a messenger from Apple.

Will be fun. (And I hope the swag bag is just as goody-laden as last year!)

No comments: