[Air-l] 20 most critical internet security vulnerabilities, SANS, etc.

jeremy hunsinger jhuns at vt.edu
Mon Oct 13 11:50:40 PDT 2003


>
> Press Alert and Invitation
>
> The Twenty Most Critical Internet Security Vulnerabilities to be
> Announced by a multi-national consortium of governments and industry
> and the SANS Institute.
>
> plus
>
> Surprising Lessons Learned in Implementing The Federal Information
> Security Reform Act (FISMA)
>
> Date: October 8, 2003
> Time: Press Conference 2:00 PM - 2:45 PM
>       Technical Briefing: 2:50 PM - 4:15 PM
> Place: DC near the White House (all registered people for whom we have
> space will receive the location on Monday or Tuesday)
>
> Deadline for Registering: Monday, October 6, 6:00 PM EDT
>
> Summary:
> Hundreds of thousands of computers are being attacked, compromised, and
> used in attacks on other systems, simply because their owners do not
> fix the most commonly exploited security vulnerabilities.  Some federal
> systems have even been taken over and used to attack other systems in
> the same agency.  People who decide to protect their computers face an
> enormous challenge with more than 2,500 vulnerabilities having been
> announced.  Which ones matter? Which ones must be fixed first?
>
> A consortium of US and British government agencies and private 
> companies
> in a half-dozen countries have reached consensus on the most important
> vulnerabilities - the ons that need to be fixed first and kept fixed.
>
> The list, called the SANS Top 20 Internet Security Vulnerabilities, 
> will
> be released on October 8 in a ceremony that will be anchored by Steve
> Cummings, Minister of the National Infrastructure Security 
> Co-ordination
> Centre (NISCC) in the UK and Sallie McDonald of the US Department of
> Homeland Security.
>
> At this announcement (and technical briefing) you will learn what
> vulnerabilities are in the Top 20 and what vulnerabilities were left
> out and why. You'll also get access to a document that details how to
> alleviate each of the vulnerabilities. In addition, at least one tool
> will be announced that tests for all of the Top 20 automatically.
>
> As a bonus session, attendees will also get a preview of a new study by
> SANS that answers some of the tough questions about implementation of
> the Federal Information Security reform Act. Questions like:
>
> (1) How can one agency spend $6,000 per system for Certification and
> Accreditation while others spend $50,000 - $100,000 per system.  Is the
> job being done badly or does the low cost reflect actual innovation?
>
> (2) How do you make the IG and GAO folks into resources to help make
> the process work?  How can you lower the cost of monitoring performance
> on eliminating problems identified during the C&A process? And more.
>
> About forty of the 150 seats have already been reserved by Federal 
> CIOs,
> CISOs, CTOs, and IG staff members and people who helped work on the
> project.
>
> If you would like one of the remaining seats, complete the data below.
> You may also register others who can help you put the new resources to
> work.
>
> We're giving priority to people who have management responsibility for
> securing (and/or ensuring the security of) large numbers of systems --
> especially federal systems.
>
>
> ==================================================================
>
> Please reserve seats for the following people (if the title and
> organization for any person does not make their responsibility for
> securing large numbers of systems obvious, please add a note.)
>
> =====================
> Name:
>
> Job Title:
>
> Agency:
>
> Department:
>
> Email:
>
> =====================
> Name:
>
> Job Title:
>
> Agency:
>
> Department:
>
> Email:
>
> ================
> Name:
>
> Job Title:
>
> Agency:
>
> Department:
>
> Email:
>
> =================
> Name:
>
> Job Title:
>
> Agency:
>
> Department:
>
> Email:
>





More information about the Air-L mailing list