IT Security Automation Conference Reinforces The Need for Better Security Measures

November 6, 5:16 AMBaltimore Information Technology ExaminerIbrahim Dabo

Previous Next

1 comment Print Email RSS Subscribe

Subscribe

Get alerts when there is a new article from the Baltimore Information Technology Examiner. Read Examiner.com's terms of use.

Email Address   Include other special offers from Examiner.com Terms of Use

Dr. Ross said Enterprise Architecture is the salvation long term for our security problems.
Ibrahim Dabo

The 5th Annual IT Security Automation Conference and Expo, held at the Baltimore Convention Center, Baltimore, Maryland, between October 26 and 29, featured many high profile speakers, highlighted emerging technologies designed to support the security automation needs of various sectors, workshops, and an expo.

Dr. Ron Ross, Senior Computer Scientist and Information Security Researcher at the National Institute of Standards and Technology (NIST) presented exclusively on information security and risk management strategies.

“We will never have enough controls in place. There will never be enough SCAP (Security Content Automation Protocol) configuration settings to fully stop the adversary. So how do we manage risk in the very dangerous environment and more importantly how do we monitor risk over time?” Ross said.

He said it is important to effectively manage risk in these very complicated times and be able to change things around quickly to confuse and delay the adversaries that are very, very capable.

“It’s all about mission. We have to be able to turn the equation around and stop thinking about security as a cost center, and start looking at security as an investment in our mission’s success,” Ross said.

Tony Hager, Chief of the Vulnerability Analysis and Operations Group, National Security Agency (NSA), said getting the right information to help us make better decisions is vital.

“We don’t want to spend a lot of money on the data gathering point—that’s where we are today,” Hager said. “What we want to find is ways to move that information to where it is needed in a form in which it is needed to allow us to make those kinds of tough choices…”

Talking on the fragility of our technology, and reinforcing the need to be proactive was Richard Hale, Chief, Communications Information Assurance Engineering & Support, Defense Information Systems Agency (DISA).

“This business of cyber attacking right now is pretty easy,” Hale said. “Attacks are really easy, cheap, [and] scalable. They can be developed fast. ‘Bad guy’ really don’t need a lot of infrastructures.”

For more info:

Click here for full report on Dr. Ross' presentation

IT Security Automation Conference Highlights New Security Strategies