Bright Shiny Things = Why We Need Intelligent Data Access Controls

ShmooCon IX - 2013

Presented by: Bob Bigman, David Ferraiolo, Mark McGovern, Craig Rosen
Date: Saturday February 16, 2013
Time: 14:00 - 14:50
Location: Regency B/C/D
Track: Belay It!

Establishing, monitoring and managing access control is a basic requirement for information security. Ultimately no matter what firewall, IDS or authentication mechanisms you’ve deployed – enterprise servers and systems must decide ‘should this request for a sensitive resource be (approved || blocked || flagged)?’.

Other industries have incorporated data analytics and intelligence into their decisioning systems. Ironically, IT servers and systems rely on static lists (i.e., LDAP & ActiveDirectory) to decide if a user should be granted access to a resource. They don’t make decisions based on factors that are readily available including past user activities, endpoint characteristics, data content – or input from other security components such as firewalls, IDS or VPN.

The panel will discuss how different enterprises think about data access control; the practical challenges they’ve faced deploying these solutions; and the compelling need for both enterprises and vendors to focus on building intelligent data access control capabilities. Intelligent data access controls enable an enterprise to monitor and manage risk better – and to adopt new technologies faster.

The panel will introduce, highlight and encourage audience participation in an open source project based on NIST’s Policy Machine, a novel framework for defining and managing access control policies.

Bob Bigman

Founder of 2BSecure LLC, and former CISO for the CIA

Craig Rosen

Director of Technology Risk & Strategy for Pacific Gas & Electric

David Ferraiolo

Manager of NIST’s Secure Systems and Applications Group

Mark McGovern

CEO, Mobile System 7


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats