CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Maximizing Operations and Security Effectiveness: Why Integrity Is Misunderstood, and Strategies to Cope and Thrive Despite It All

Gene Kim

Gene Kim - Tripwire

Apr 02, 2003


In the quest to maximize availability and uptime, many operations and
information security practitioners will quickly point out that the largest
problems stem from poor configuration management and change control
practices. A challenge, however, is that Ops and Security often work very
poorly together, even though they have common objectives.

While ITIL and BS17799 practices are emerging as the industry standard for
IT best practices, they do not describe in any usable way how to make actual
practices more resemble best practices. In other words, how do you
bootstrap good process where none already exists?

In this presentation, we will present the results of numerous benchmarking
excercises, where we found a most surprising correlation: the "best in
class" operations organizations with the lowest Mean Time to Repair (MTTR)
and the highest server/sysadmin ratios are consistently the most secure as

To motivate why this is the case, we will present the Visible Ops
methodology, which is based on the ITIL concepts, and represents how "best
in class" operations conduct daily processes. The goals of the Visible Ops
methodology are to decrease Outage MTTR, improve operational efficiencies,
and build a "culture of causality" in operations. Visible Ops concentrates
on ensuring process integrity by using Tripwire in three service level
disciplines: Release Management, Controls, and Problem Management. Key
benefits of the methodology include a step-by-step cookbook for creating
processes, even where none currently exist, and a framework for generating
key metrics for continual process improvement.

This talk also describes the twenty years of computing history that has led
to the current state of affairs, including IT decentralization and
commoditization of technology, changes in the capacity expansion model
caused by the transition from mainframe to distributing computing, and the
continual tendency to misdiagnose the problems, addressing only symptoms
while the underlying disease remains misunderstood.

This talk is intended to provide practical IT audit and control
philosophies, in the context of classical IT defense philosophies, but
addressing the new problems posed by modern infrastructures.

About the Speaker

Gene Kim is the chief technology officer and co-founder of Tripwire(tm), Inc. In 1992, he co-authored the Tripwire integrity assessment software technology while at Purdue University with Dr. Gene Spafford. Gene is widely published on computer security, operating systems and networking in Usenet, ACM and IEEE publications and is a frequent speaker at industry conferences. He holds an M.S. in computer science from University of Arizona and a B.S. in computer sciences from Purdue University.

Most recently, Gene is co-chair of SANS's newest technical conference, Auditable Security Controls That Work, called one of their most important initiatives for 2003.

Gene loves visiting his alma mater each semester, but is still concerned that he still owes the money for parking tickets.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.