The Changing Face of Security Analysis: Community-Based Security Informatics

Presented at Notacon 2 (2005), April 9, 2005, 3 p.m. (60 minutes)

This presentation will examine the dichotomy between the traditional secrecy-based and more modern community-based methods of information-sharing both to understand some successful forms of community-based information-sharing and demonstrate how the cybersecurity profession has changed the nature of security analysis in the real world. It concludes that absent a formal revision to the traditional mindsets embracing secrecy-based information sharing favored by the United States government and large corporate constituencies, and despite some shortcomings, a community-based approach to security analysis should become the preferred mechanism for identifying, analyzing, and resolving emerging cybersecurity concerns in a timely and effective manner.

Presenters:

• Richard Forno - infowarrior.org
  Richard Forno's career in information assurance centers around security program development and management, incident response operations, security awareness, and emerging trends analysis. His career highlights include helping build the first incident response and computer crimes investigation program for the United States House of Representatives and serving as the first Chief Security Officer at Network Solutions (the InterNIC) where he designed and managed the global information assurance program for one of the Internet's most critical infrastructures. In recent years, he provided independent strategic consulting services to military and commercial clients on critical infrastructure protection and information warfare projects. He is also an active advisory board member at several innovative and successful technology companies. In 2001, Richard developed (and delivered) American University's first modern course on information security and conducted monthly lectures on information warfare at the National Defense University in Washington, DC from 2001-2003. He is a founding member of the Academic Advisory Board for Northern Virginia Community College's Information Security Program and also participated in the 2000 White House Office of Science and Technology Policy Information Security Education Research Project. Both a technologist and student of national security studies, Richard is a frequent lecturer at assorted government, industry, and academic symposia. Along with several articles, he is the author of The Art of Information Warfare (1999), Incident Response (2001), and Weapons of Mass Delusion: America's Real National Emergency (2003). He is also a contributor to CERT/CC Advisories 1999-17, 2000-01, and the CERT/CC Report on Distributed Intruder Tools. Richard holds undergraduate and graduate degrees from the American University and Salve Regina University, and is also a graduate of Valley Forge Military College and the United States Naval War College. He is currently pursuing his doctorate by examining several aspects of vulnerability disclosure that pertain to critical infrastructure protection. His professional affiliations include the National Military Intelligence Association (Past President, Potomac Chapter) and the Regional Computer Forensics Group.

Links:

• https://web.archive.org/web/20050331054328/http://notacon.org/speakers.html#forno
• https://infocon.org/cons/notacon/notacon 2 - 2005/Video/forno-informatics.mp4

Similar Presentations:

• Still Hacking Anyway (SHA2017) / MISP threat sharing platform : The MISP threat sharing platform is a free and open source software helping information sharing of threat and cyber security indicators.
• Black Hat USA 2015 / Panel: Getting It Right: Straight Talk on Threat & Information Sharing
• ShmooCon IX (2013) / Is Practical Information Sharing Possible?