Typical enterprise environments consist of thousands of endpoints (e.g., servers, fixed and mobile clients) and hundreds of network devices (e.g., switches, routers, firewalls, VPNs). Security design and implementation is woven through all of these elements. Simple questions such as "how secure am I?" and "I am more secure now than last month?" are very difficult to answer. They require rigorous security metrics and a risk-management framework in which to compare them. In this session I will talk about Security Risk Management, an emerging discipline aiming at (1) defining and calculating meaningful security and risk metrics and (2) enabling and prioritizing risk mitigation tasks.
Alain Mayer is currently Chief Software Technology Officer and Director of RedSeal Systems, a security risk management start-up. Prior to RedSeal Systems, Alain was the CTO of CenterRun, a data center management company which was successfully acquired by Sun Microsystems. Before joining CenterRun, Alain was a research scientist for Bell Labs, Lucent Technologies, where he spearheaded several projects in computer security, privacy enabling technologies, and system management. Alain has published over 35 research papers and his work has been recognized with the USENIX Best Paper Award in Security and USENIX Best Paper Award in Electronic Commerce. Alain earned a PhD in Computer Science from Columbia University.
Gates 4B (opposite 490)