Fiona Pattinson to present at ISSA Austin: “FRITSA: Do you understand how all of your IT security assurance efforts fit together?”
2012-01-07Austin, TX – Fiona Pattinson will be presenting a talk titled, “FRITSA: Do you understand how all of your IT security assurance efforts fit together?” at the January 19th meeting of the Austin chapter of the ISSA.
IT security professionals use security assurance to achieve confidence that a deliverable satisfies its stated IT security assurance requirements. To do this they provide a security assurance case to their stakeholders that includes the various security claims that are made and that those relying on them must have confidence in. Examples of such claims may include SAS/70, FIPS 140-2, FISMA compliance, CISSP, PCI compliance, etc. Each contributes to the overall security case presented to stakeholders in the product or service.
A framework for understanding the complexities of the security assurance provided and the confidence that can be placed in it is useful to those producing or using products, services, integrating systems, and the operation and maintenance of them. This framework has been identified by the international community as much needed guidance to the IT security community.
The proposed Framework for IT Security Assurance gives guidance on understanding how the security assurance efforts fit together and includes how to assess security assurance that may be passed to you through supplied components, as well as those you provide directly. An understanding of the "worth" of each component of the assurance case and what may be missing can help guide practitioners in specifying the right security assurance to be provided to their stakeholders.
Key takeaways from this presentation:
- An understanding of the key terminology and concepts of IT security assurance
- An understanding of the various types of methods for providing security assurance
- An understanding of aspects of security assurance methods to determine the strengths and weaknesses of each
For more information on this and other ISSA events, please visit:
http://www.austinissa.org/calendar/
About atsec information security
atsec information security is an independent, standards-based information technology security services company with offices in the U.S., Germany, Sweden, and China. atsec's services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology, as well as information security consultancy.
atsec offers evaluation and testing services leading to formal certification of information security technology, including evaluations under Common Criteria schemes in the U.S., Germany, and Sweden. In addition, the atsec US organization operates a Cryptographic and Security Testing Laboratory accredited under the Cryptographic Module Validation and the Cryptographic Algorithm Validation Programs of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada for validating cryptographic modules under the FIPS 140-2 standard.
atsec is also an experienced Payment Card Industry (PCI) Security Standards Council Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and Payment Application Qualified Security Assessor (PA-QSA) and accredited as a third-party auditor for the North American Security Products Organization (NASPO).
We work with leading global companies such as Apple, IBM, Hewlett-Packard, Samsung, Quantum Corporation, Red Hat, and ZTE Corporation.
