Loading in 2 Seconds...
Loading in 2 Seconds...
Information Security: Addressing Surety for Various Communities. Georgia Tech Information Security Center Fall 2004 Distinguished Lecture Series November 4, 2004 Roger Callahan Bank of America. 1. Today *. Discuss the need for information security “surety”. What does that mean?
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Georgia Tech Information Security Center
Fall 2004 Distinguished Lecture Series
November 4, 2004
Bank of America
*Note: These views represent solely those of the author and not necessarily those of Bank of America.
Source: “Exploiting Software: How to Break Code”, Gary McGraw and Greg Hoglund, Addison-Wesley 2004
Today’s amazing information technology environment
*Source: Bureau of Economic Analysis Data published March 25, 2004
*** Source: Internet Software Consortium (www.isc.org)
****Source: “Exploiting Software: How to Break Code”, Gary McGraw and Greg Hoglund, Addison-Wesley 2004
Each Operational Organizational Unit Manages Their Firewalls
An Information Security Organization Manages a Firewall Utility
Comprehensive Protection Framework
Defense in Depth
Source: Internet Storm Center – SANS Organization
Definition: 3) A pledge or formal promise made to secure against loss, damage, or default: a guarantee or security.1
Familiar legal arrangement:
Surety Bonds – three-party agreements in which the issuer of the bond (the surety) joins with a second party (the principal) in guaranteeing to a third party (the obligee) the fulfillment of an obligation on the part of the principal.
1The American Heritage Dictionary
Sandia National Laboratories:
Engineering design concepts related originally to nuclear weapons engineering.
Defined as ensuring the “correct” operation of an information system through the incorporation of appropriate levels of safety, functionality, confidentiality, availability and integrity1.
Through a integrated risk assessment modeling methodology to identify proper design decisions.
1 “Toward a Risk-Based Approach to the Assessment of the Surety of Information Systems” – U.S. DOE Contract DE-AC04-94AL8500
An Integrated Effort: