The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Gene Kim - Tripwire

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

An IT Safety Index: Measuring Capabilities for Repeatable Builds and Remediation

Sep 19, 2001

Abstract

There is no doubt that IT is in a tremendous amount of pain lately. A good indication is that when things go wrong in a computing environment, what is blamed is usually the closest piece of IT (e.g., "I can't reach the web -- it's the network." Or, firewall, mail server, etc.). A question that many people have created their careers around is asking, "How did we get here, and how are we going to find our way out?"

In this presentation, I'm going to present the absurdities that dominate modern IT environments, and propose some answers on how we might solve these problems. While some believe that our world is filled with new computer threats, others believe that we are merely paying the price of having lost virtually all operational control of the computing environment during the last 20 years. Furthermore, much of the solution will be found not in exotic technologies, but in the more mundane areas of infrastructure and production controls, providing the most basic of capabilities.

I personally believe that some of the most fascinating (and commercially viable) technologies are around addressing very basic capabilities, indeed. These include repeatability, inventory, and measurement. In this presentation, I'll paint the case for an IT Safety Index that measures how well an organization can recover from service outages and security breaches.

In this presentation, I'll also hypothesize on how we came to this miserable state of affairs, painting the various technology, business, and macroeconomic forces that are at work. And what might be the surprisingly simple (but not necessarily easy) ways that we'll create safety in computing environments.

About the Speaker

Gene Kim
Gene Kim is the chief technology officer and co-founder of Tripwire, Inc. In 1992, he co-authored Tripwire while at Purdue University with Dr. Gene Spafford. Although Gene is widely published on computer security, operating systems and networking in SANS, Usenet, ACM and IEEE publications and is a frequent speaker at industry conferences, he is continually fixated on the problems of data and network integrity. He is currently working with Spafford on IT safety models to explain why IT is in so much pain, and show how basic capabilities such as repeatable builds and quick remediation are the key to running IT securely. He holds an M.S. in computer science from University of Arizona and a B.S. in computer sciences from Purdue University.



Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!