SenSage Webinar: Negotiating the Classified Network Audit Labyrinth
with Dan Barahona, Director of Business Development, SenSage, Inc.

(Originally broadcast on Thursday, November 17, 2005.)

To view this webcast, you must have the WebEx player downloaded. If you do not already have the WebEx player, please click here to download.

Classified networks are especially sensitive to security threats and insider abuse. To combat these threats, defense contractors and government agencies must meet NISPOM, DCID 6/3, and other audit requirements.

NISPOM Chapter 8 and DCID 6/3 define strict requirements for reviewing event log records to identify and respond to security threats. These regulations mandate the following activities, depending on designated protection level:

• At least a weekly review of log records
• Audit of successful and unsuccessful logins and logouts
• Audit of accesses to security relevant objects
• Protection of log records from unauthorized access and tampering
• Retention of log records for a period of one to five years

These regulations present substantial challenges for many organizations because of:

• The variety of log data sources that must be audited
• Different platforms used throughout their networks
• The many diverse log data formats that exist
• Huge volumes of log data that must be captured on a daily basis
• Lengthy data retention requirements

Current approaches often rely on manual review or custom shell scripting - which not only limits effectiveness and scalability, but also fails to meet automated audit reduction requirements.

View a 30 minute recorded version of Dan Barahona’s webinar discussion, titled, “Negotiating the Classified Network Audit Labyrinth.” In this webcast, Dan reveals a much more effective approach to NISPOM and DCID 6/3 information system audit compliance. You will also learn about the regulations, the challenges of comprehensive IT monitoring, and how log analysis best-practices can translate to improved TCO.

About the speaker:

Dan Barahona, Director of Business Development at SenSage, has spent much of the past decade in executive operational roles for emerging and established technology leaders. His breadth of experience ranges from directing mergers and acquisitions, to creating core new business lines for companies in the semiconductor, logistics, software infrastructure and security industries.

Dan began his career at General Motors as a design engineer, and held management positions in Allied Signal’s semiconductor organization, GetToday (which he founded), and AppStream.

As Director of Business Development for SenSage, Dan was instrumental in the initiation of the company’s entry into the information security space. With a unique combination of business acumen and technical expertise, Dan has become an expert on issues involving information systems monitoring — including regulatory compliance, insider abuse, forensics, and legal issues. A published author on IT security, and frequently requested lecturer, Dan often speaks on the impact of core regulatory requirements such as HIPAA, GLBA, Sarbanes-Oxley, FERC, FISMA, NISPOM, and DCID 6/3.

Dan has a B.S. degree in Engineering from the Rensselaer Polytechnic Institute, a Master of Engineering degree from Cornell University, and an MBA from the University of Michigan.

Please email us at info@sensage.com or call 415.808.5900 x22 if you would like to have a copy of the presentation slides, and the questions and answers from the live broadcast of this webinar.