CSD Rolodex

Karen Scarfone

Computer Scientist

National Institute of Standards and Technology
Computer Security Division
Phone: 301-975-8136
Fax: 301-975-8387
Email: karen.scarfone@nist.gov

Publications:

  • SP 800-114: User's Guide to Securing External Devices for Telework and Remote Access, November 2007
  • SP 800-111: Guide to Storage Encryption for End User Devices, November 2007
  • SP 800-44 version 2: Guidelines on Securing Public Web Servers, September 2007
  • NIST IR 7435: The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems, August 2007
  • SP 800-95: Guide to Secure Web Services, August 2007
  • SP 800-97: Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, February 2007
  • SP 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS), February 2007
  • SP 800-45 version 2: Guidelines on Electronic Mail Security, February 2007
  • SP 800-92: Guide to Computer Security Log Management, September 2006
  • SP 800-69: Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist, September 2006
  • SP 800-86: Guide to Integrating Forensic Techniques into Incident Response, August 2006
  • SP 800-77: Guide to IPsec VPNs, December 2005
  • SP 800-83: Guide to Malware Incident Prevention and Handling, November 2005
  • SP 800-68: Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist, October 2005
  • SP 800-70: Security Configuration Checklists Program for IT Products—-Guidance for Checklists Users and Developers, May 2005
  • SP 800-61: Computer Security Incident Handling Guide, January 2004

External Publications:

  • V. Hu and K. Scarfone, "Decentralized Trust Domain Management in Multiple Grid Environments", The First Workshop on Community Computing (CommCom2007), Tokyo, November 2007
  • P. Mell and K. Scarfone, "Improving the Common Vulnerability Scoring System", IET Information Security, September 2007.
  • P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.
  • G. Reid, P. Mell, and K. Scarfone, "CVSS-SIG Version 2 History", FIRST, June 2007.
  • V. Hu, K. Scarfone, S. Gavrila, and D. Ferraiolo, “A Trust Domain Management Schema for Multiple Grid Environments”, Second International Conference on Scalable Information Systems, Suzhou, China, June 2007
  • V. Hu, D. Ferraiolo, and K. Scarfone, “Access Control Policy Combinations for the Grid Using the Policy Machine”, 7th IEEE International Symposium on Cluster Computing and the Grid, Rio de Janeiro, May 2007
  • P. Mell, S. Romanosky, and K. Scarfone, “Common Vulnerability Scoring System”, IEEE Security & Privacy, November/December 2006, pp. 85-89
  • S. Northcutt, L. Zeltser, S. Winters, K. Kent, and R. Ritchey, Inside Network Perimeter Security, Second Edition, Sams, 2005
  • K. Kent, “Preventing Widespread Malicious Code Incidents”, IAnewsletter, Vol. 7, No. 3, winter 2004/2005, pp. 6-9, 30
  • K. Kent, “The NIST Computer Security Incident Handling Guide”, IAnewsletter, Vol. 7, No. 1, spring 2004, pp. 4-7, 14
  • K. Kent, “Evaluating Network Intrusion Detection Signatures”, parts 1-3, SecurityFocus.com, September­December 2002
  • S. Northcutt, L. Zeltser, S. Winters, K. Kent Frederick, and R. Ritchey, Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems, New Riders, 2002
  • K. Kent Frederick, “Cisco IOS HTTP Authorization Vulnerability”, Sys Admin Magazine, March 2002
  • K. Kent Frederick, “Network Intrusion Detection Signatures”, parts 1-5, SecurityFocus.com, December 2001­April 2002
  • K. Frederick, “Network Monitoring for Intrusion Detection”, SecurityFocus.com, August 2001
  • E. Casey (editor), Handbook of Computer Crime Investigation: Forensic Tools and Technology, Academic Press, 2001, pp. 93-114
  • S. Northcutt, M. Fearnow, K. Frederick, and M. Cooper, Intrusion Signatures and Analysis, New Riders, 2001
  • K. Frederick, “Studying Normal Traffic”, parts 1-3, SecurityFocus.com, January­May 2001
  • K. Frederick, “Abnormal IP Packets”, SecurityFocus.com, October 2000

Education:

  • M.S., Computer Science, University of Idaho, 2002
  • B.S., Computer Science, University of Wisconsin-Parkside, 1993

Interests:

  • Security metrics
  • Threat modeling
  • Intrusion detection
  • Incident response
  • Malware
  • System security