News and Views July 1999 Vol. II No. I From the Executive Board ChairSince our conference in March I have been totally overtaken by events requiring 150% of my time in activities to help the Department of Energy "get well". If you haven't read the newspapers or heard the news about the many problems we are trying to correct, then you've been in outer space! Anyhow, that's my excuse for causing this issue of the FISSEA News and Views to be delayed for so long. The exciting thing is, we are getting money for training!! The Secretary of Energy announced we will be training 1000 system administrators and security personnel by the end of this calendar year. Now that's a daunting undertaking, but we're going to get it done, and done well. Hopefully I will be able to share with you in a future newsletter or at our conference how we accomplished this, why we have established new requirements, and what assistance we have and will provide to the field to keep our work force up-to- date and computer/cyber security savvy. A major part of this initiative to improve our work force is targeted at all levels of management to increase their awareness of system vulnerabilities, to emphasize their responsibilities in managing their information technology resources (that includes personnel!), and to ensure they are accountable for their actions, especially in the area of accepting residual risk. Our new Unclassified Cyber Security Policy, which is being prepared for submission to a Congressional committee by July 1, 1999, has incorporated new requirements for system administrators that may lead to a type of certification for them, but it definitely will influence the type of training required and the frequency of that training. More on what's new at DOE, especially as it relates to our training initiatives, will be in the next issue. We have a development project underway that may be of interest it's a "system administrator simulation" dealing with handling attacks. Keep posted for more news. In closing, if I rambled, please excuse me. If what I've said isn't of general enough interest, please let me know that too! And, I thank the executive Board for once again putting their faith in me to lead this organization over the next year. Right now, it's very obvious I couldn't do this without the support of all the Board members, and especially without the support of the NIST folks. Philip L. Sibert, CISSP
EDUCATOR OF THE YEAR AWARD
|
1 The National Information Assurance Partnership (NIAP) is a partnership between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) along with several industry supporters. The purpose of the partnership is to provide a means for enhancing the quality of information security products and to increase consumer confidence in those products that have been independently evaluated. NIAP's goals are to develop security test methods, extol the benefits of independent testing and validation, and encourage establishment of a robust commercial security testing industry. The internationally developed Common Criteria is the focus of much of NIAP's work. |
The National Institute of Standards and Technology (NIST) requests computer security training and awareness materials for inclusion in the Federal Computer Security Training Resource Center web site repository. Materials covering the following areas of interest are: Laws/Policies/Regulations, Guidance, Procedures, Awareness, and Technical (both foundation and specifics)
Materials submitted will be made available to the general public and should be applicable for use by a broad range of Federal employees. Interested parties should contact Pat Toth 301-975-5140 or patricia.toth@nist.gov.
(Please note bios were submitted by individual board members)
lewis_baskerville@wdc.fsa.usda.gov LISA BIAFORE, Co-Conference Director lbiafore@imsidc.com PATTI BLACK, Co-Conference Director Patricia.Black@cio.treas.gov PAULINE BOWEN, Assistant Chair pbowen@bangate.fda.gov BLAINE BURNHAM burnham@cc.gatech.edu BARBARA CUFFIE barbara.cuffie@ssa.gov DEBORAH HEFNER dhefner@bpd.treas.gov LOUIS NUMKIN, Newsletter Editor LMN@nrc.gov PHILIP L. SIBERT, Chair philip.sibert@hq.doe.gov CAREN WILLIAMS caren.l.williams@usdoj.gov |
Lewis Baskerville
Department of Agriculture
Lewis Baskerville is employed by the Department of Agriculture,
Farm Service Agency as an Information Systems Security Officer. Other
than his ISSP duties, he represents the Agency at IRM, ADP, IT
meetings and conferences such as USDA Departmental Councils,
Interagency IRM Planning Groups, ISSP Security Committees and Data
Management Working Groups. He works closely with various regulatory
Agencies, such as NIST, NSA, OMB, GSA, OPM, and USDA to comply with
their ADP/ISSP regulations and to satisfy their reporting requirements
in the areas of Program Management, Information Management, Hardware,
Software, and Electronic Transmission Services.
He has almost 30 years of Management Information Systems (MIS)
experience (Government and Private Industry) as a
Contractor/Consultant, Information Systems Security Officer (ISSO) and
Administrator, IRM Strategic Planning, Contract, Project and Program
Management, System Design and Development, Developing and Coordinating
Computer Security Training, and Facilitating Management Retreats. He
has a Graduate Certificate in Management Information Systems and a
Bachelor of Science degree in Technology of Management and
Administration from American University, two Associates of Applied
Science degrees in Business Management and Computer Science from the
University of the District of Columbia.
Lisa Biafore
Integrated Management Services, Inc.
Lisa Biafore is a Project Manager with Integrated Management
Services, Inc. (IMSI) located in Arlington, VA. In the past 6 years
she has worked with many of the Federal government agencies as well as
a few commercial companies. With 15 years experience in computer
security, Biafore has a varied background that includes security
training, risk analysis, program and policy development, disaster
recovery planning, compliance reviews, and the like. Prior to her
employment with IMSI, Biafore worked as a Senior Security Analyst at
Campbell Soup Company in New Jersey. Biafore earned a BS in Business
from Glassboro State College and an MBA from Drexel University.
Patricia Black
Department of the Treasury
Patti Black organized and began managing the Departmental Systems
Security Awareness and Training Program in 1986. She established and
chairs Treasury's Systems Security Training Forum which is composed of
representatives from all Treasury bureaus. As part of the awareness
program, she established and managed Treasury's Telecommunications and
Information Systems Security Awards Program from 1992-1996. As the
Systems Security Training Manager, Patti represents the Treasury
Department on various national level interagency training working
groups including NSTISSC Education Training and Awareness Issues
Group, Federal Information Systems Security Education Association, and
the NIST Computer Security Program Manager's Forum. Patti has
participated in numerous national-level systems security training
activities with the goal of improving training standards and
availability throughout the government. Patti received her bachelor
degree from George Mason University in 1980.
Pauline Bowen
Food and Drug Administration
Pauline Bowen has been in the federal sector since being hired by
the Federal Energy Regulatory Commission (FERC) in 1984. She was hired
by the Food and Drug Administration (FDA) as an Information Systems
Security Officer (ISSO) for the Agency in May 1991. During the 14
years at both FERC and FDA, she gained valuable experience as a
systems administration and a information systems security program
manager. She received her B.A. in Applied Behavioral Sciences from
National-Louis University in 1989.
In January 1993 she was promoted to a computer specialist and became
the FDA's Computer Security Program Manager for the Agency-wide
Information Technology Security Program. In 1995 and 1996 she
participated in the Computer Security Program Managers' Forum
Workgroup on Automated Information System Security Plans Development.
She has presented AIS security training instruction at the Indian
Health Services's Annual ISSO Conference on several occasions and the
1998 Geologics Information Security Conference in Richmond. She
regularly participates in the Federal Computer Security Program
Managers' Forum, and she has been a member of FISSEA since 1992.
Blaine Burnham
Georgia Tech
Dr. Blaine Burnham joined Georgia Tech on December 14, 1998 as a
Principal Research Scientist in the College of Computing to serve as
the Director of the Georgia Tech Information Security Center (GTISC).
He most recently served as program manager for the National Security Agency (NSA) at Ft. Meade, Maryland. While at NSA Dr. Burnham established, promoted and sustained the Information Security Research Council for the Department of Defense as well as the intelligence community as a whole. He also achieved an operational prototype of a trusted client/server operation system; created and developed the Product Security Profile (PSP); and directed the Infosec Criteria and Guidelines organization that published half of the guideline documents, the Rainbow Series, and crafted the Federal Criteria. Dr. Burnham also did stints on the technical staffs of the Los Alamos National Laboratory and Sandia National Laboratory developing tools and techniques for achieving higher levels of information security.
Dr. Burnham received his Ph.D. and masters in Mathematics from
Arizona State University and a B.S. in Mathematics from Idaho State
University.
Barbara Cuffie
Social Security Administration
Barbara Cuffie was a secondary teacher in Baltimore public
schools before starting her career with the Social Security
Administration (SSA) over 32 years ago. She is Chief of the Security
and Integrity Branch in the Office of Systems Planning and Integration
and has served in that position since 1986.
Today Barbara finds it difficult to recall a time when she did not
love her job in security and the variety of challenges and
opportunities she experiences in the workplace daily. She wears a
number of different hats with a wide range of responsibilities. She is
now an Internal Control Officer, a Component Security Officer, a
Property Management Officer, a Principle Security Officer, a project
manager and a branch chief. She considers herself fortunate to have
the support of an excellent staff, coworkers and her management. She
is a past president of the Baltimore Metropolitan Chapter of ISSA and
encourages her peers to participate in professional organizations like
ISSA. She was particularly pleased when she became a CISSP in 1998.
Deborah Hefner
Bureau of the Public Debt
Debbie Hefner is a computer specialist in the Office of
Information Technology at the Bureau of the Public Debt, Parkersburg,
West Virginia. She is a member of the Security Evaluation Assistance
Team (SEAT) that is responsible for providing policy and program
development and oversight for security of IT resources on behalf of
the CIO. They conduct security reviews of all sensitive systems and
act as consultants to assist program offices in developing security
plans for their sensitive systems as part of the accreditation
process. Other responsibilities include the IT security training
program at Public Debt and the incident response capability for
computer security incidents. Debbie has 18 years of federal service
with the past 3 devoted to IT security.
Louis Numkin
Nuclear Regulatory Commission
Louis Numkin is a senior computer security specialist in the
Office of the Chief Information Officer at the US Nuclear Regulatory
Commission. His duties relate to computer security awareness training,
anti-virus activities, classified inspections of nuclear plants,
disaster recovery planning, computer security plan review and
approval, risk assessment, and the like. Prior to joining the NRC,
Louis performed computer security for GSA on the FTS2000. Outside of
the office, Numkin volunteers in an agency outreach program to provide
computer security sessions for schools (elementary through high
school) and for senior citizen centers, especially dealing in the area
of Computer Ethics. Numkin's Bachelor's of Science Degree is in
Business Administration and his Masters Degree is in Technology of
Management (majoring in Management Information Systems and Computer
Systems), both from the American University. Louis Numkin was awarded
the FISSEA Educator of the Year Award for 1998.
Philip Sibert
Department of Energy
Phil Sibert has been in the federal sector since being hired by
the Social Security Administration as a programmer trainee in June
1967. Over the next 18 ½ years at SSA he gained valuable
experience as a programmer, social insurance systems analyst, and
computer specialist. He has worked with IBM, Amdahl, and Univac
mainframe computers, and various mini- and micro-computers during his
career. In 1983 Phil began working in computer security related areas
at SSA, working with TopSecret implementation and doing risk analyses.
In January 1986 he changed jobs to move full time into computer security at the U. S. Department of Energy headquarters facility located in Germantown, Maryland. In 1988 Phil became the Department's Computer Security Program Manager for the unclassified computer security program. In 1989 Phil was instrumental in establishing the first federal civilian agency computer incident response capability for DOE, called the Computer Incident Advisory Capability (CIAC). In 1996 Phil was instrumental in having CIAC become one of the core partners in the Federal Computer Incident Response Capability (FedCIRC).
Phil has been active in various government-wide working groups since
1983, having participated in the first Security Educator's Symposium
convened at the Fort Meade Officer's Club in 1984, a precursor to
today's Federal Information Systems Security Educators' Association.
He was chosen to serve on the first Federal Computer Security Program
Managers Forum steering committee, his term lasting nearly three
years. Phil has also served on the FISSEA steering committee the past
three years. Phil joined the Baltimore Chapter of the Information
Systems Security Association in 1988 and has served on the Board of
Directors in various capacities. He is a Certified Information Systems
Security Professional, having passed the examination for that
certification in 1996.
Caren Williams
Department of Justice
Caren Williams has been in the information systems security field
since 1990. Ms. Williams is currently employed by the U.S. Department
of Justice, where she manages the Department's security awareness and
training program. She received her B.S. in information systems
management from the University of Maryland University College.
Membership is open to information systems security professionals, trainers, educators, and managers who are responsible for information systems security training programs in federal agencies. Contractors of these agencies and faculty members of accredited educational institutions are also welcome.
There are no membership fees; all that is required is a willingness to share your products, information, and experiences. Send an e-mail to peggy.himes@nist.gov to join or call 301-975-2489.
Submitted by Ann Brown
The Good
Why we love E-mail/Internet:
The Bad
Why we hate them:
The Ugly
Why it is dangerous for us to use them:
Back to FISSEA Homepage Back to Newsletter Index Back to CSRC Homepage
Please send comments or suggestions to
webmaster-csrc@nist.gov.
Last Modified: July 25, 2001.