NIST logo
*

 

Tuesday, April 17, 2012

The NIST Information Technology Security Day is hosted annually as a means to heighten DOC and NIST user awareness of information technology security and related issues. Event will take place in Building 101 at the Gaithersburg, Maryland, campus.

Registration and attendance to at least one of the IT security lectures will satisfy the requirement for FY2012 mandatory IT security awareness training! (Applicable only to NIST staff.) Be sure to register on the day of the event (in front of the Auditorium(s) or in each room)!

9:00am-10:00am

Identity Theft

A. Rodriguez, Federal Trade Commission

RED Auditorium 

This talk will include a discussion of Identity theft, including the many forms of identity theft (e.g., financial, medical); recent surveys of consumers affected by identity theft, and actions consumers may take to protect themselves from becoming victims or from the effects of identity theft.

10:00am-11:00am

 

Security the BIOS-Winning the Race to the Bare Metal

Lecture Room A

As security in operating systems and applications has improved, a race to the "bare metal" has begun between those wishing to attack systems and those responsible for protecting them. This talk will describe NIST's research efforts to improve the security of fundamental system firmware in PCs, called the Basic Input/Output System (BIOS). It will discuss threats to BIOS, and NIST operation's approach for mitigating these threats on its computer systems.

Secure Web Programming

Lecture Room B

Targeted for application developers and those who manage application developers. Talk will provide an overview of web application attacks and common development mistakes, with a focus on three vulnerabilities and potential actions to resolve these vulnerabilities.

Purchasing Cloud Services

Lecture Room D

Targeted for System Security Officers, Acquisition, and Administrative staff.   The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a "do once, use many times" framework that will save cost, time, and staff required to conduct redundant agency security assessments. An overview of the Program's security requirements of participating vendors and how agencies are to engage (i.e., purchase services) through FedRAMP will be introduced.

Windows 8 Security Deep Dive

Heritage Room

Targeted for system administrators and developers. This session covers some of the deeper aspects of Windows 8 and security improvements. Topics include Secure Boot, Virtual Smart Cards, Windows to Go, Bitlocker, Dynamic Access Control, Virtual Switch, Enterprise application support (side load). The session is a deep dive and assumes a base level knowledge of these topics as they exist within Windows today.
11:00am-12:00pm

Privacy and Personally Identifiable Information (PII)

J. Cantor, U.S. Department of Commerce

RED Auditorium

Privacy is becoming an ever increasingly topic that we much each be aware. Knowing how to best protect and sometimes how to define PII remains a challenge. This talk will focus on sensitive versus non-sensitive PII, the relationship between PII and privacy data, and subsequent actions general users should take when it comes to maintaining and protecting PII will be covered. 
1:00pm-2:00pm

Advanced Threat Report: 2011

D. Kindlund, FireEye

RED Auditorium

This talk will provide an overview of advanced targeted attacks based on research and trend analysis conducted by FireEye Malware Intelligence Labs. Insight into the current threat landscape, evolving advanced persistent threats (APT) tactics, and the level of infiltration will be highlighted. 
2:00pm-3:00pm 

Security the BIOS-Winning the Race to the Bare Metal

Lecture Room A

As security in operating systems and applications has improved, a race to the "bare metal" has begun between those wishing to attack systems and those responsible for protecting them. This talk will describe NIST's research efforts to improve the security of fundamental system firmware in PCs, called the Basic Input/Output System (BIOS). It will discuss threats to BIOS, and NIST operation's approach for mitigating these threats on its computer systems.

Secure Web Programming

Lecture Room B

Targeted for application developers and those who manage application developers. Talk will provide an overview of web application attacks and common development mistakes, with a focus on three vulnerabilities and potential actions to resolve these vulnerabilities.

Purchasing Cloud Services

Lecture Room D

Targeted for System Security Officers, Acquisition, and Administrative staff.   The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a "do once, use many times" framework that will save cost, time, and staff required to conduct redundant agency security assessments. An overview of the Program's security requirements of participating vendors and how agencies are to engage (i.e., purchase services) through FedRAMP will be introduced.

Windows 8 Security Deep Dive

Heritage Room

Targeted for system administrators and developers. This session covers some of the deeper aspects of Windows 8 and security improvements. Topics include Secure Boot, Virtual Smart Cards, Windows to Go, Bitlocker, Dynamic Access Control, Virtual Switch, Enterprise application support (side load). The session is a deep dive and assumes a base level knowledge of these topics as they exist within Windows today.
3:00pm-4:00pm

Mobile Device Security

G. Kramer, National Security Agency

RED Auditorium

This talk discusses vulnerabilities in wireless/mobile devices, with a focus on current adversarial attacks, social networking site usage, web-based threats, and how a user can protect their Portable Electronic Devices (PED). A demonstration of exploits is also included.

From 8:30am to 1:00pm, visit the Vendor Exhibits in the Green Auditorium Corridor and the Portrait Room! Sign Language Interpreters provided for Auditorium talks. This event is hosted by Management Resources Office of Information Systems Management (OISM).