20 most critical internet security vulnerabilities, SANS, etc.
Press Alert and Invitation
The Twenty Most Critical Internet Security Vulnerabilities to be Announced by a multi-national consortium of governments and industry and the SANS Institute.
plus
Surprising Lessons Learned in Implementing The Federal Information Security Reform Act (FISMA)
Date: October 8, 2003 Time: Press Conference 2:00 PM - 2:45 PM Technical Briefing: 2:50 PM - 4:15 PM Place: DC near the White House (all registered people for whom we have space will receive the location on Monday or Tuesday)
Deadline for Registering: Monday, October 6, 6:00 PM EDT
Summary: Hundreds of thousands of computers are being attacked, compromised, and used in attacks on other systems, simply because their owners do not fix the most commonly exploited security vulnerabilities. Some federal systems have even been taken over and used to attack other systems in the same agency. People who decide to protect their computers face an enormous challenge with more than 2,500 vulnerabilities having been announced. Which ones matter? Which ones must be fixed first?
A consortium of US and British government agencies and private companies in a half-dozen countries have reached consensus on the most important vulnerabilities - the ons that need to be fixed first and kept fixed.
The list, called the SANS Top 20 Internet Security Vulnerabilities, will be released on October 8 in a ceremony that will be anchored by Steve Cummings, Minister of the National Infrastructure Security Co-ordination Centre (NISCC) in the UK and Sallie McDonald of the US Department of Homeland Security.
At this announcement (and technical briefing) you will learn what vulnerabilities are in the Top 20 and what vulnerabilities were left out and why. You'll also get access to a document that details how to alleviate each of the vulnerabilities. In addition, at least one tool will be announced that tests for all of the Top 20 automatically.
As a bonus session, attendees will also get a preview of a new study by SANS that answers some of the tough questions about implementation of the Federal Information Security reform Act. Questions like:
(1) How can one agency spend $6,000 per system for Certification and Accreditation while others spend $50,000 - $100,000 per system. Is the job being done badly or does the low cost reflect actual innovation?
(2) How do you make the IG and GAO folks into resources to help make the process work? How can you lower the cost of monitoring performance on eliminating problems identified during the C&A process? And more.
About forty of the 150 seats have already been reserved by Federal CIOs, CISOs, CTOs, and IG staff members and people who helped work on the project.
If you would like one of the remaining seats, complete the data below. You may also register others who can help you put the new resources to work.
We're giving priority to people who have management responsibility for securing (and/or ensuring the security of) large numbers of systems -- especially federal systems.
==================================================================
Please reserve seats for the following people (if the title and organization for any person does not make their responsibility for securing large numbers of systems obvious, please add a note.)
===================== Name:
Job Title:
Agency:
Department:
Email:
===================== Name:
Job Title:
Agency:
Department:
Email:
================ Name:
Job Title:
Agency:
Department:
Email:
================= Name:
Job Title:
Agency:
Department:
Email:
participants (1)
-
jeremy hunsinger