The following presentation contains insights and opinions gathered from over 30 years of combined experience in the government INFOSEC space. It’s interspersed with some humor – security presentations can be pretty dry without it. We hope that this presentation will provide you with the impetus to reemphasize security within your organization, and feel good about doing so. The subtitle means “Automatic, Practical, Good!” and is a play on the Ritter Sport tagline “Quadratisch, Praktish, Gut!” which translates as “Square, Practical, Good!” http://www.ritter-sport.de/
Mike’s blog is at http://www.guerilla-ciso.com/ Mike teaches for Potomac Forum http://www.potomacforum.org/ Contact information for Mike is at the end of this presentation.
OK, it could be that SCAP and automation replaces all of us with tool monkeys. This impact remains to be seen.
WASC Threat Classification Working Group http://projects.webappsec.org/Threat-Classification-Working CWE http://cwe.mitre.org/
Picture is “lifted” from Encyclopedia Dramatica and used under Fair Use. http://www.encyclopediadramatica.com/Image:God-kills-kitten.jpg http://www.encyclopediadramatica.com/Encyclopedia_Dramatica:General_disclaimer#Fair_Use_and_Copyrighted_Materials
If you would like us to speak for your event or group, please ask. If you would like to learn more and to keep up-to-date on groundbreaking Government security news, subscribe to the guerilla-ciso blog feed. Presentation released under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License. More information available at http://creativecommons.org/licenses/by-nc-sa/3.0/
The Security Content Automation Protocol and Web Application Security Automatisch, Praktisch, Gut!
SCAP comprises a suite of specifications for organizing and expressing security-related information in standardized ways, as well as related reference data, such as identifiers for software flaws and security configuration issues. SCAP can be used for maintaining the security of enterprise systems, such as automatically verifying the installation of patches, checking system security configuration settings, and examining systems for signs of compromise.