Incident Materiality and the SEC Guidance

Vulnerabilities in software put at risk the Nation’s critical infrastructure. The risk is compounded by software size and complexity, the use of software produced by unvetted suppliers, and the interdependence of software systems. Software assurance deals with the root of the problem by improving software security.

There are key pressures driving IT today: budget, security threats, consumerization of IT, end-user needs and expectations. In response, IT is turning to virtualization to relieve these pressures but which is the best solution?

Join this webinar to learn which technology: VDI, RDS or both that you should turn to for help. This presentation will cover use cases to help determine best fit, how the addition of the PCoIP protocol to RDS can improve performance, and a first hand account of how and why Gypsum Management and Supply, a national distributor of construction supplies, implemented a desktop virtualization solution replacing aging PCs.

About the Presenter:
Mike Fodor is a customer-focused product management professional with over 20 years of experience in technology, six of which have spent in the desktop virtualization space. Mike began his career in Southern California as a technology manager for Walt Disney Feature Animation.  He has spent more than a decade in Silicon Valley, holding management posts at NetIQ, Peoplesoft and Pano Logic before joining Teradici.

Creating your IT strategy with a combination of public and private cloud services can improve the efficiency and reduce costs of your infrastructure. Join Keith Trippie, Executive Director for Enterprise System Development Office for the U.S. Department of Homeland Security (DHS) as he explains:

- The DHS's public and private cloud services
- Data security in their cloud
- The benefits they've seen
- Challenges and lessons learned

October 13, 2011 saw the release of the Securities and Exchange Commission's guidance on the reporting of material cyber security breaches. Consistent with regulations which address financial reporting, this guidance calls for publicly-traded companies to disclose breach information to current and prospective investors. Such disclosure may include discussion of service providers associated with the event.

This session will summarize the disclosure guidance and discuss its implications to both the business and the incident response team. A collaboration model will be discussed wherein a business representative can work with the IR team to evaluate incident materiality, allowing the business to address this guidance efficiently. The implications of of the Dodd-Frank Act in light on this guidance will also be discussed.

As an ITSM professional with over 30 years experience in IT, Mike will discuss the importance of collaboration and coordination among all work groups in the creation of a Service Catalog and share the challenges he faced as a Process Owner.

In this session, Mike will cover:

- Why management support is essential
- The process of establishing an effective team
- How to utilize project management principles
- Defining services: Taking the time needed to do it right
- How a maturity model was used in his process
- Tool selection: Consider all options
- How to keep the momentum going

Virtualization provides the opportunity for organizations to utilize existing resources to create new and innovative ways to achieve higher availability, better reliability and an overall better user experience -- all while not breaking the bank. In this webinar, you will learn how Alex Musicante, System Security Architect, leveraged virtualization to improve the City of Pittsburgh's infrastructure, and explore his thoughts on the what the desktop market can and will bring in the future.

Social engineering is the art of creating social illusions that result in the sharing of sensitive information or physical access to secured areas. This webinar will review the psychological framework that informs a social engineer's reconnaissance, pretext formulation, and social exploit activities. A case study will illustrate the use of the Social Engineer's Toolkit, Maltego, and Google Hacking to collect information that contributed to a successful engagement. Attendees will learn to identify social illusions and respond to protect their personal and professional data. They will also learn how to frustrate the efforts of social engineers.

The National Institutes of Health (NIH) is a very large, multi-faceted organization with a significant IT presence. A ten year veteran of the IT customer support industry, Phil will discuss his organization’s challenges, trials and tribulations, and successes as they evolved from a Help Desk to an IT Service Management focused Service Desk.

Phil’s presentation covers: the transformation of their very large internal organization – what was the “before” picture and how they determined what needed to change; how they articulated a vision and set objectives; the process of creating buy-in from skeptical IT service partners and customers in adopting the necessary ITIL processes – what worked and why; the process used to select and implement the right tools to support the objectives; steps taken to “cement” a service-based climate and a summary of major improvements made that radically changed IT support.

This session will look at the use cases developed by the US National Institute of Standards and Technology (NIST) in collaboration with the public to drive interoperability, portability and security of cloud computing. A panel of key representatives from NIST as well as several industry standards organizations, including the DMTF, SNIA and the Cloud Security Alliance will discuss their work as it pertains to these use cases. The discussion will cover portable workloads and standardized interfaces for cloud computing. The goal of cloud standards is to improve cloud consumer agility and define a set of architectural semantics that unify the interoperable management of workloads and resources between enterprises of all sizes and cloud computing infrastructures.

Panelists:
Lee Badger, Computer Scientist, NIST
Mark Johnson, Co-Chair, DMTF Cloud Management Working Group
Mark Carlson, Vice Chair, SNIA Cloud Storage Initiative
Becky Swain, Risk & Compliance Mgmt, Corporate Security Programs Organization (CSPO), Cisco

Moderator:
Winston Bumpus, President, DMTF

Organizations are faced with dwindling IT budgets and pressure to deliver more with less; sophisticated data centers can help meet this challenge. By embracing technologies such as virtualization, IT can deliver increased compute capacity, reduce its footprint and even enhance its green IT posture. Los Alamos National Laboratory has evolved its successful technology investment in virtualization into a self service Infrastructure-as-a-Service (IaaS) private cloud, providing compute resources on demand to users and bringing the cloud into our data center.

Participants will learn:
• LANL's journey into virtualization
• The steps LANL took to deploy an Infrastructure-as-a-Service (IaaS) private cloud, “Infrastructure on Demand”

The Marine Corps has had tremendous success in virtualizing IT infrastructure to improve utilization and availability while reducing the cost of hardware and manpower associated with managing servers. Desktop virtualization is the next logical step to continue this momentum. The Marine Corps is interested in reducing the touch labor costs with managing desktops, improving security, and providing disaster recovery. This presentation will focus on the vision and strategy, describe a notional desktop architecture with use cases and provide lessons learned from ongoing virtual desktop proof of concept deployments.

The data center in LBNL’s Building 50, Room 1275 has a long and interesting history that stretches back several decades. The center originally housed large, air-cooled IBM computers. It was later reconfigured to support LBNLs’ payroll and other miscellaneous computing needs. In 1996, the National Energy Research Scientific Computing Center (NERSC) was located in this center that used water-cooled Cray C-90 computers. In 1999, the Cray computers were replaced with new air-cooled computers. By July of 2007, the data center had two types of datacom equipment: approximately 250kW of high density research computing clusters and approximately 90kW of “back-of-house” IT equipment.
A baseline energy-use assessment, and subsequent energy-efficiency retrofit analyses, began in July 2007. This assessment confirmed a baseline IT load approximate of 330 kW. With a cooling system capacity of 140 tons (nominal), it only just kept the servers cool. However, during the assessment period while some retrofit measures were being installed, the facility operators added approximately 100 kW of IT load. To further complicate matters, the IT staff was contemplating installing an additional 120 kW of IT load in the near future that would bring the total connected IT load to 550 kW.
With chiller capacity “maxed out” and no additional space to locate additional cooling system capacity, installing efficiency measures (EEMs) to increase the center’s effective cooling capacity were the only option for the LBNL staff. Three main EEM upgrades were identified that resulted in reduced energy waste in the data center, effectively increasing the existing system’s cooling capacity as follows:
Retrofit Tune-up Summary
1. Airflow Optimization
2. Wireless temperature sensors
3. Server rear-door heat exchangers

Save Energy Now in Data Centers, A Case Study at the Lawrence Berkeley National Laboratory

Mr. Dale Sartor from the Lawrence Berkeley National Lab (LBNL) specializes in the energy efficiency of buildings for high-tech industries. He will describe trends and issues relative to energy consumption in data centers, and will focus his talk on lessons learned improving the efficiency of LBNL’s own data centers.

LBNL has benchmarked dozens of data centers. The results of that benchmarking, as well as high level performances metrics and tools will be presented. Further benchmarking helps identify opportunities and best practices. The best practices adopted at LBNL will be described. Topics will include: air management, right sizing, plant optimization, liquid cooling, “free” cooling, humidity control, the electrical power chain, and design and operational practices.

Finally Mr. Sartor will describe some of the resources available to improve energy efficiency in data centers.