Leading Experts from CERT and SEI Offering AIM, CERT Tutorials at SEPG Europe 2011

You can maximize your travel costs and create an even more robust educational experience at SEPG Europe 2011 (7-9 June 2011 in Dublin, Ireland) by taking a one-day tutorial on Monday, 6 June. Delegates may choose one tutorial from a menu of five topics led by leading experts from the SEI.

The registration fee for a Monday tutorial session is $250 (separate from the SEPG Europe 2011 registration). Tutorial registration may be completed through the general SEPG Europe 2011 registration link.

Cyber Response and Analysis Challenge
Presenters: Chris May, Dennis Allen

This tutorial is a team-based, live-fire cybersecurity exercise involving a fictitious shipping company experiencing numerous cyber-security events and anomalies. Participants will be organized into teams, where they must work together to detect, identify, report, and potentially mitigate live events while also taking staged quizzes to test their understanding and facilitate a friendly competition as well as conduct forensically sound volatile and persistent data acquisition and analysis.

Tutorial participants must bring a WiFi-enabled laptop to the tutorial in order to access CERT’s XNET cyber training platform. Participants will be provided with 10 days of remote XNET access prior to the tutorial so they can develop and polish their skills with preparatory hands-on labs.

The tutorial will allow participants to:

* Understand how to access and utilize the XNET cyber training profile.
* Work through scenarios to detect, identify, report, and mitigate events.
* Analyze data collected during the scenarios.

Forensics for Law Enforcement
Presenter: Rich Nolan

This tutorial is designed for individuals involved in law enforcement who wish to receive targeted training. It concentrates on four primary components (Imaging, Forensics Tools, Cryptography and Memory Analysis, and Incident Response). This tutorial will include presentations, discussions, and practical exercises. The tutorial will also include an introduction to the CERT Forensic Appliance (FA), which contains a suite of CERT-created and open-source forensic tools.

This tutorial will allow participants to:

* Understand how to acquire forensically-sound digital images.
* Identify implications of cryptography as it relates to cyber investigations and digital forensic examinations.
* Provide incident response to victims and tactics for triage of large-scale incidents.

Introduction to the CMMI Accelerated Improvement Method (AIM)
Presenters: Timothy Chick, James McHale

This tutorial is designed for organizational leaders, process improvement champions, consultants, and advocates. It concentrates on the concepts and strategies underlying the SEI’s new Capability Maturity Model Integrated (CMMI) Accelerated Improvement Method (AIM). AIM is a radical departure from the traditional methods of CMMI implementation, technology transition, and organizational change. This tutorial will provide a foundational understanding of the technologies, tools, methods, and strategies. Case study methodology will be used to illustrate the AIM product components and implementation sequence.

The tutorial will allow participants to:

* Understand the SEI’s new CMMI-AIM.
* Obtain a foundational understanding of the technologies, tools, methods, and strategies used in AIM.
* Learn how others are using AIM and the results they have achieved.

Managing Risk and Resilience: The CERT Resilience Management Model (CERT-RMM)
Presenters: David White, Richard Caralli

This tutorial is designed for individuals who wish to learn a model-based process improvement approach to managing operational resilience using the CERT Resilience Management Model (CERT-RMM), v1.1. This tutorial will describe operational resilience in complex, risk-evolving environments as it relates to risks that affect system and software assurance and will introduce CERT-RMM concepts and process areas. CERT-RMM’s relationship to CMMI and its coverage of software and system assurance throughout the life cycle will also be explained.

This tutorial will allow participants to:

* Understand the challenges of managing operational resilience.
* Have a working knowledge of key operational resilience, operational risk, and resilience management concepts and their relationships.
* Begin planning for a process improvement effort in their organization.


Software Engineers as Insider Threats: Actual Attacks and Their Consequences
Presenter: Dawn Cappelli, Michael Hanley

This tutorial will discuss the work of the CERT Insider Threat Center, which has catalogued over 500 cases of actual insider attacks, capturing the technical details, behavioral indicators, organizational context, management issues, and legal/contractual factors. This session will describe the patterns in each type of case (insider IT sabotage, theft of intellectual property, and fraud), focusing specifically on attacks carried out or facilitated by software engineers.

The tutorial will allow participants to:

* Understand the motivation, characteristics of insiders, behavioral and technical precursors, and technical aspects of insider fraud, theft of confidential or sensitive information, and IT sabotage.
* Understand insider threats that have been introduced during various phases of the software engineering life cycle, as well as mitigation strategies for preventing them in their own organizations.
* Know what “observables” to looking for within their own organizations that could indicate a pending insider attack.
* Leave with actionable steps that they can take to better manage the risk of insider threat in their organization.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s