Enterprise Architecture Practitioners Conference The Open Group
You are here:  Home > Events > 3rd Security Practitioners Conference, Toronto 2009
Introduction
Program
Other Open Sessions
Propose a Presentation
Member Meetings
Dinner Event
Registration
Fees
Venue & Transport
Exhibit / Sponsor
Contact
Future Events
Past Events



The Open Group's Platinum Members
  Tim Grance, Senior Computer Scientist, Information Technology Laboratory, NIST    


Tim GranceTim Grance is a senior computer scientist in the Information Technology Laboratory at the National Institute of Standards and Technology in Gaithersburg, MD. He leads team of researchers in the Systems and Network Security Group and is engaged in a broad research program focused on such topics as cloud computing, access control, identity management, vulnerability analysis, privacy protections, security metrics, protocol security, smart cards, and wireless/mobile device security. In addition, he is also the Program Manager for Cyber and Network Security (CNS) Program and exercises broad technical and programmatic oversight over the NIST CNS portfolio. This portfolio includes high profile projects such as the NIST Hash Competition, Cloud Computing, Security Content Automation Protocol (SCAP), Protocol Security (DNS, BGP, IPv6), Combinatorial Testing, and the National Vulnerability Database.

He has extensive public and private experience in accounting, law enforcement, and computer security. He has written on diverse topics including incident handling, intrusion detection, privacy, metrics, contingency planning, forensics, and identity management. He was named in 2003 to the Fed 100 by Federal Computer Week as one of the most influential people in Information Technology for the US Government. He is also is a recipient of the highest award from the US Department of Commerce™ — a Gold Medal, from the Secretary of Commerce.

   
 


Presentation

NIST view on standards for Compliance
In cooperation with other federal agencies and private industry, NIST's IT Security Automation Agenda is helping organizations describe, test, and verify certain security attributes while also generating audit artifacts as a function of regular security operations. Through the use of standardized data expressions, enumerations, and metrics (i.e. Security Content Automation Protocol (SCAP)), organizations can improve network and system security while correlating organized security-related data. NIST hosted reference data in the form of SCAP checklists and related data feeds provide organizations with the ability to automatically scan, report, and remediate known software flaws, vulnerable configurations, and missing patches according to authoritative security guidance such as checklists issued by government agencies (i.e. DISA, NSA, NIST, etc.) and software vendors (IBM, Microsoft, RedHat, etc.). These events can also be correlated to compliance frameworks including, but not limited to the NIST Special Publication 800-53, ISO 27001, and other compliance frameworks. See the following NIST Publications for additional information: SP800-70rev1, SP800-126 (DRAFT), NIST IR 7511, NIST IR 7375, SP800-117 (Draft).

return to program

 

    
   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page