Risk Session I
From AFCEAWiki
Contents |
[edit] Session I: Enhanced Compliance/security Best Practices
JOIN THE ONGOING SOLUTIONS DIALOGUE ON THE GOOGLE GROUP SITE
[edit] Abstract
There is an on-going U.S. Government multi-agency initiative to enable automation and standardization of technical security operations. This is a large effort that encompasses understanding and implementation of vulnerability management, measurement and policy compliance. Ensuring that government agencies are correctly implementing and complying with security best practices is at the forefront of this initiative. What established standards and models are recommended for meeting today's organizations unique security needs? How do you implement enhanced security best practices without creating excessive management complexity? What are todays biggest security challenges? Do you think they can be overcome with more wide spread use of enhanced compliance/security best practices? What does an enhanced compliance/security best practices implementation look like in today's world? Architecture: How can vendors be encouraged to implement best security practices into their development lifecycle? How much is risk reduced by implementing enhanced compliance technologies? Is there a commonly agreed upon list of security best practices?
[edit] Moderator
- Mr. Joe Grace, Grace and Associates
[edit] Panel
- Mr. Andrew Bove, CTO, Secure Elements
- Mr. David Hollis, Senior CyberSpace and IA Program Manager, ASD NII/DoD CIO, DASD IIA
- Mr. Richard Marcell, CIV, USA, DCS G-2
- Mr. Ron Ross, NIST
