A Predictive Security Model Using Bayesian Networks
- Dan Lyon-Master's Degree Candidate
- Friday, December 13th, 7:15pm - 7:55pm
Master's Degree Presentation
Designing systems with security at the front of the product development cycle is the only way to ensure a secure system, but how do you measure security on a system under design?
The information security industry lacks a concrete method to collect meaningful metrics on existing systems, primarily because a security breach that has not been detected cannot be measured. In development, this lack of detection problem is amplified by not having the system available for penetration testing. Therefore the current approach from the information security community is inadequate, and a new model must be created that enables appropriate business and design decisions.
This presentation will show a model using Design for Six Sigma techniques to measure a systemâs level of security.
Speaker Bio: Dan Lyon is a Principal Systems Engineer at Medtronic, responsible for creating information security requirements, controls, processes and metrics within product development. His experience includes 15 years engineering in various disciplines, including systems, software, human factors, quality and reliability, and his research interests are focused on design techniques that improve dependability. Dan is currently a Candidate with the SANS Technology Institute where he is completing the requirements for a Masterâs Degree in Information Security Engineering.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
Thursday, December 12
|General Session - Welcome to SANS||Dr. Eric Cole||Thursday, December 12th, 8:15am - 8:45am||Special Events|
|Building a Security Program that Protects an Organizationâs Most Critical Assets â A Different Approach||Robert Eggebrecht, President and CEO, BEW Global||Thursday, December 12th, 12:30pm - 1:15pm||Lunch and Learn|
|SANS Technology Institute Open House||Alan Paller, President of the SANS Technology Institute||Thursday, December 12th, 6:00pm - 7:15pm||Special Events|
|APT: It is Time to Act||Dr. Eric Cole||Thursday, December 12th, 7:15pm - 9:15pm||Keynote|
Friday, December 13
|Vendor Solutions Expo||—||Friday, December 13th, 12:00pm - 1:30pm||Vendor Event|
|Vendor Solutions Expo||—||Friday, December 13th, 5:00pm - 7:00pm||Vendor Event|
|Windows Exploratory Surgery with Process Hacker||Jason Fossen||Friday, December 13th, 7:15pm - 8:45pm||SANS@Night|
|Have no fear - DFIR is here!||Rob Lee, Chad Tilbury, Alissa Torres, and Lenny Zeltser||Friday, December 13th, 7:15pm - 8:45pm||SANS@Night|
|A Predictive Security Model Using Bayesian Networks||Dan Lyon-Master's Degree Candidate||Friday, December 13th, 7:15pm - 7:55pm||Special Events|
|Discovering Security Events of Interest Using Splunk||Carrie Roberts-Master's Degree Candidate||Friday, December 13th, 8:15pm - 8:55pm||Special Events|
|Active Deception to Augment Intrusion Detection||Josh Johnson- Master's Degree Candidate||Friday, December 13th, 8:15pm - 8:55pm||Special Events|
Saturday, December 14
|Fortinet Next Generation Firewalls||Justin Kallhoff, CEO Infogressive||Saturday, December 14th, 12:30pm - 1:15pm||Lunch and Learn|
|The Power of Lossless Packet Capture (1G-100G) & Real-time Netflow||Andrew Weismanâ€“ Senior Sales Engineer, Emulex||Saturday, December 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Continuous Ownage: Why you Need Continuous Monitoring||Eric Conrad and Seth Misenar||Saturday, December 14th, 7:15pm - 8:15pm||SANS@Night|
|Booting a Write-blocked Drive to a VM Using Linux (Ubuntu)||Carlos Cajigas||Saturday, December 14th, 7:15pm - 8:15pm||SANS@Night|
|An Introduction to PowerShell for Security Assessments||James Tarala||Saturday, December 14th, 8:15pm - 9:15pm||SANS@Night|
|Closing the Door on Web Shells||Anuj Soni||Saturday, December 14th, 8:15pm - 9:15pm||SANS@Night|
Sunday, December 15
|NetWars Tournament of Champions||Yori Kvitchko||Sunday, December 15th, 6:30pm - 9:30pm||Special Events|
|GIAC Program Overview||Jeff Frisk||Sunday, December 15th, 7:15pm - 8:15pm||Special Events|
|Who's Watching the Watchers?||Mike Poor||Sunday, December 15th, 7:15pm - 8:15pm||SANS@Night|
|Security Onion: Installed and Now What?||Chris Mohan||Sunday, December 15th, 7:15pm - 8:15pm||SANS@Night|
|Sharing Without Borders: Attacking and Testing SharePoint||Kevin Johnson||Sunday, December 15th, 8:15pm - 9:15pm||SANS@Night|
|Hacking Back, Active Defense, and Internet Tough Guys||John Strand||Sunday, December 15th, 8:15pm - 9:15pm||SANS@Night|
|Privacy and Peace of Mind While Accessing the Internet Via a Free/Public Access Point Through the Use of Your Very Own SOHO VPN Server. Easy as Pie... Raspberry Pi.||Eric Jodoin - STI Masterâ€™s Degree Candidate||Sunday, December 15th, 8:15pm - 8:55pm||Special Events|
Monday, December 16
|SANS Presents: People Who Made a Difference In Security in 2013||Alan Paller||Monday, December 16th, 12:30pm - 1:15pm||Lunch and Learn|
|Targeted, Wire-speed Yara Analysis for Real-time Malware Prevention||Mike Nichols, Technical Product Manager||Monday, December 16th, 12:30pm - 1:15pm||Lunch and Learn|
|NetWars Tournament of Champions||Yori Kvitchko||Monday, December 16th, 6:30pm - 9:30pm||Special Events|
|Effective Phishing that Employees Like||Lance Spitzner||Monday, December 16th, 7:15pm - 8:15pm||SANS@Night|
|New School Forensics: Latest Tools and Techniques in Memory Analysis||Chad Tilbury||Monday, December 16th, 7:15pm - 8:15pm||SANS@Night|
|Securing The Kids||Lance Spitzner||Monday, December 16th, 8:15pm - 9:15pm||SANS@Night|