News and Views January 2003 |
||||
Issue Four of FISSEA Year 2002-2003 | ||||
|
||||
From the Executive Board Chair2003 has arrived! It is really difficult for me to believe that our 16th Annual FISSEA Conference is only about five weeks away. This year we will be offering our conference attendees an opportunity to participate in our best conference to date. I say that because every year we strive to make the next conference even better and to learn lessons from our last conference. We read and discuss each of your comments as we review the evaluation forms. Then we discuss the pros and cons of implementing your suggested changes. We try our best to be as responsive as possible to your feedback. A perfect example of this was our decision to move our next conference to the Hilton in Silver Spring, MD. This will be the first time we have moved out of the Gaithersburg area where NIST is located. However, our participants kept requesting that we have the conference in a site near the Washington Metro. I understand that this location is easy to find and only about 2 blocks from the Metro station. We are hopeful that you will be pleased with this major change, which resulted in a slightly higher cost this year. Of course, we still believe that our conference is by far the best return on investment you can find. We are offering you the opportunity to participate in a superior 3-day information systems security awareness, training and education conference for only $275.00. In addition to hearing from expert presenters, you will be able to network with many other professionals, visit the exhibition hall to find out about new services and tools, meet the Educator of the Year, eat delicious food and have a lot of fun. I guarantee it! Please visit our website often for current information about FISSEA and our next conference: http://csrc.nist.gov/fissea. I am particularly thankful to two NIST employees (i.e., Patrick O'Reilly and Peggy Himes) for keeping our website up to date, informative and interesting. Lt. Colonel Curt Carver has been doing an exceptional job as our Conference Program Manager. This is also an excellent time for me to publicly extend my gratitude to all the Board members and acknowledge their tremendous support all year. Although many of you contributed articles, it was Louis Numkin's job as editor to pull the newsletter together quarterly. Phil Sibert recently retired after many years of outstanding government service. He is a past FISSEA Board chair and continues to support FISSEA as a Board member. Phil is such a great person with whom to work and a major asset to the Board. I am so glad that he has promised to keep on working for FISSEA through our upcoming conference. There is just not enough time for me to list the individual contributions of each of the FISSEA Board members in this article, but I assure you I could easily do so. Perhaps, I will have an opportunity to
tell you more about how the current Board functions at the annual meeting
during our conference. Contact me if you want to request that a specific
item be added to the business agenda. Sometimes, it is difficult to
find the time to complete a FISSEA task timely because of competing
priorities, but somehow we have managed to amaze ourselves by getting
it done -- even when it was completed at home in the wee hours of the
morning. I assure you that being a Board member involves sacrifice,
our management's support and our willingness to stay committed to FISSEA's
mission. However, the opportunity to serve and make such a major difference
for our members makes it all worthwhile. We are always looking for talented,
cooperative, hard-working and friendly volunteers to help us move toward
our vision. I encourage you to seriously consider joining our team if
you have both the desire to work with us and your management's full
support. You can find other details about being a Board member in our
last newsletter and/or on our website. Like Uncle Sam, FISSEA needs
YOU! Letter From the Editor:
|
FISSEA EXECUTIVE
BOARD *Barbara Cuffie
CISSP, Executive Board Chair barbara.cuffie@ssa.gov FISSEA Membership/NIST
Liaison (non-voting member): |
Interactive Session at March Conference Lee Ohringer's Sharing
of Computer Security Posters on Tuesday, March 4th at 2:00 p.m.
will be an interactive session. Please bring samples of posters
developed by your organization. |
"Securing Your
Cyber Frontier Through Awareness, Training and Education"
By Curtis Carver, Program Director
U.S. Military Academy, West Point
The 2003 FISSEA conference is right around
the corner and is likely to be the best security awareness, training,
and education conference this year. We had so many proposals for presentations
this year that we picked the very best, added an alternate track so
we could schedule more presentations and allow conference attendees
to choose between presentations, and then capped registration at 250
because there was no doubt the conference was going to be full. Four
keynote speakers and over thirty regular speakers from over twenty-five
different federal, academic, and industrial organizations provide the
foundation for this year's conference and they are exceptional even
by FISSEA standards. High profile keynote speakers such as Keith Rhodes
(GAO), Lance Spitzner (Sun), Alan Paller (SANS), and Thornton May will
provide you with insight into the important trends in the field. Invited
speakers will provide the detailed and lively presentations into the
best practices and research in the field. Are you interested in what
CERIAS, the FBI, the Federal CERT, NIST, OMB, and the National Cryptologic
School are doing in security awareness and training? These organizations
are just a subset of the presentations on the first day of the conference.
Imagine all the useful information, insight, and contacts you will have
at the end of the conference. There will be door prizes, industry exhibits,
and the "Cruise Director" will be back again to take care of your cruising
needs. But don't take my word for it - check out the Conference website
at:
http://csrc.nist.gov/organizations/fissea/conference/2003/index.html
for yourself and afterwards you can register at:
https://sales.nist.gov/conf/secure/CONF476/conf_register.htm
.
The 2003 FISSEA conference is the conference of the year for security
awareness, training and education. Don't miss out on your opportunity
to attend.
This column's name is a contraction of the words "Training" and "Trivia." It includes information on upcoming conferences, book reviews, and even humor. The purpose is to provide readers with places to go and things to use in pursuing and/or providing Computer Security Awareness, Training, and Education. However, FISSEA does not warrant nor determine the value of any inclusions. Readers are encouraged to do their own checking before utilizing any of this data. If readers have items to submit to this column, please forward them to the Editor at lmn@nrc.gov
**************
FEB 9-11, 2003 CyberCrime 2003 Conference and Exhibition at the Foxwoods Resort in Mashantucket, Connecticut. For more info, phone 1(800) 213-4326 or visit www.cybercrime2003.com
**************
MAR 4-6, 2003 FISSEA Annual Conference. "Securing Your Cyber Frontier Through Awareness, Training, and Education". The Hilton in Silver Spring, MD. Three days only $275. SPACE is limited. Further questions, contact peggy.himes@nist.gov. Register Today! See Curt Carver's Update in this issue. Agenda and registration information available at your website, http://csrc.nist.gov/fissea.
***************
MAR 7-12, 2003 SANS Institute's 2003 Annual Conference with 12 separate tracks will be held in the Sheraton San Diego Hotel and Marina in California. More information is available at www.sans.org/register4SANS
**************
MAR 19-20, 2003 THE INSTITUTE FOR APPLIED NETWORK SECURITY is hosting the Mid-Atlantic Network Security conference, focusing on Intrusion Detection and Enterprise Security Management at the National Conference Center in Leesburg, Virginia. This gathering of experienced network security professional from government, industry and academia is to share technical and business insights in a "sheltered" environment. Faculty leading this event includes Becky Bace, Eric Cole, Ron Gula, Chris Petersen, Marcus Ranum and Robin Roberts. Positions at the Forum are LIMITED. To register or to learn more, please contact Amanda O'Donnell at the Institute at (617) 399-8100 or visit www.ianetsec.com
**************
APR 22-24, 2003 MISTI is sponsoring "The FORUM on Information Security in Government" which will be held at the Hilton Alexandria Old Town in Virginia.There will be additional workshops on either side of the conference. For information, please contact MIS Training Institute at (508) 879-7999x346 or e-mail mis@misti.com
**************
MAR 27-28, 2003 European Organisation for Conformity Assessment (EOTC) News reports that a major conference will be held in Nice, France, examining how the establishment of standards can help to widen access to a variety of modern products, services and environments for young, old and people with disabilities or special needs. The event, entitled 'Accessibility for All', is being organized by the three European Standardization Organizations (ESOs) - the European Committee for Standardization (CEN), the European Committee for Electrotechnical Standardization (CENELEC) and the European Telecommunications Standards Institute (ETSI). Details of the conference workshops and a registration form is available at: www.etsi.org/cce
**************
European Organisation for Conformity Assessment (EOTC) has informed us that the ConformityAssessment.org Web-Portal has launched a new Certification Category which includes references to Training. This new category currently features over 384 websites and 110,520 web-pages dealing specifically with Certification. (ISO/IEC Guide 2:1996). Organizations may submit their websites through the following link: http://www.conformityassessment.org/directory/addsite for possible inclusion. Contact: Fred.Werner@eotc.be
**************
MAY 12-15, 2003 The CardTech SecurTech annual conference will be held at the Orange County Convention Center in Orlando, Florida. This year, a track is being devoted to "Security Technology Applications." For info, call 1-(800) 442-CTST or check www.ctst.com
**************
JUN 2-5, 2003 The Colloquium for Information Systems Security Education will be held at the Washington (DC) Marriott Hotel. Papers are called for - send them to www.ncisse.org/papers.htm Registration info is available at www.ncisse.org/registration.htm
**************
AUG 5-7, 2003 NEbraskaCert - 5th annual Computer Security and Information Assurance Conference, Omaha, NE. They're looking for qualified presenters! To inquire about speaking and sponsor opportunities, email info@certconf.org. For additional information, visit: http:www.certconf.org. Keynote speakers include: Jim Christy, Defense Cyber Crime Center; Rich Pethia, Carnegie Mellon University; Ray Semko, Diceman, of the Interagency OPSEC Support Staff.
**************
Note, see the FISSEA News and Views, December 2002 issue for previously noted 2003 security conferences.
**************
Computer Security Institute's catalog of 2003 Information Security Seminars is now available. If you haven't yet received a copy, contact (415) 947-6320 or e-mail csi@cmp.com
**************
MIS Training Institute's annual Course Catalog is available and if you haven't received your copy, please go to their website: www.misti.com
**************
InfoSec News reported that Symantec Corp. will provide up to $50,000 to cover the full tuition costs and a stipend for one student for two years in launching a fellowship program at Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS). The student must be degree-seeking, enrolled at Purdue, and maintain a grade point average of 3.0 in his or her field of study. Symantec said the application deadline is March 1. The fellowship program's goal is to increase awareness within the Internet security industry as well as increase students' knowledge, said Teresa Bennett, director of strategic relations at CERIAS. The fellowship recipient will be announced April 8 at the annual CERIAS Spring Symposium held on the West Lafayette, Ind., campus of Purdue University. The Symantec fellowship will begin during the 2003-2004 school year and will be expanded to include a second student beginning in the fall of 2004.
**************
Book Review by Debra S.
Herrmann
debra.ctr.herrmann@faa.gov
Using the Common Criteria for IT Security Evaluation
ISBN: 0849314046 December 2002 Auerbach Publications
This book is a user's guide for the Common Criteria for IT Security
Evaluation, the first such book to be published. It explains how to
understand, interpret, apply, and employ the Common Criteria throughout
the life of a system, including the acquisition and certification and
accreditation (C&A) processes. December 1999 ISO/IEC 15408 Parts 1-3,
the Criteria for IT Security Evaluation, was approved as an international
standard. The Common Criteria, considered the international standard
for IT security, provide a complete methodology, notation, and syntax
for specifying security requirements, designing a security architecture,
and verifying the security integrity of a product, system, or network.
In the U.S. NSTISSP #11, National Information Assurance Acquisition
Policy, mandated the use of CC evaluated IT security products in national
security and critical infrastructure systems starting in July 2002.
Like ISO 9000, the Common Criteria have a mutual recognition agreement
so that products certified in one country are recognized in another.
As of December 2002, sixteen countries have signed the mutual recognition
agreement: Austria, Australia, Canada, Finland, France, Germany, Greece,
Israel, Italy, Netherlands, New Zealand, Norway, Spain, Sweden, U.K.,
and U.S.
**************
An interview with training pioneer Tom Kelly, head of training for Cisco Systems, which discusses many of the innovative approaches Cisco has taken to training that has expanded its training methodologies and delivery options, making it a model for tech companies that want to upgrade their training materials. The interview was with ComputerUser's James Mathewson and may be found at http://www.computeruser.com/articles/2201,2,1,1,0101,03.html
FEDERAL INFORMATION SYSTEMS SECURITY EDUCATORS' ASSOCIATION
EXECUTIVE BOARD ELECTION - 2003
The Board consists of a total of 11 members. These current Board Members are serving the second year of their two-year terms. Do not nominate any of them.
The term for the following board members expires in March 2003. They will have to be nominated and elected by the membership at the annual business meeting in March 2003.
Nominations may be made prior to the conference and from the floor of the conference. A FISSEA member who wishes to serve on the Executive Board may nominate him/herself. Please give careful consideration to the time and commitment involved before making the decision to run. The Executive Board meets monthly in Gaithersburg, Maryland. It is desired that all board members attend the monthly meetings as well as the 3-day annual conference. It is urged to have prior management approval of your FISSEA Board responsibilities.
Send the information below to Peggy Himes, Nat'l Inst of Stds and Tech, 100 Bureau Dr Stop 8930, Gaithersburg, MD 20899-8930 or e-mail the information to peggy.himes@nist.gov.
Name of Nominee: ___________________________________________________
Employing Organization: ______________________________________________
Position or Title: ________________ Phone Number: _____________________
E-mail Address: _____________________________________________________
Qualification Statement: (You must have the permission of the nominee to submit his/her name. What has the nominee done to warrant this nomination?)
__________________________________________________
__________________________________________________
__________________________________________________
__________________________________________________
_______________________ ___________ _____________________________
(Person making this nomination) (Date) (E-mail
address and/or Phone Number)
Back to FISSEA Homepage Back to Newsletter Index Back to CSRC Homepage
Please send comments
or suggestions to webmaster-csrc@nist.gov.
Last Modified: January 11, 2003.