ACSA Home

Current Activities

Past Activities

ACSA Membership

Contact ACSA

Past ACSA Projects

[SAC-TAC]

SAC Technology Advocacy Committee (SAC-TAC)

The SAC Technology Advocacy Committee is a group whose mission is to advance Strong Access Control (SAC) technology and increase its awareness in the marketplace. Strong Access Control refers to mechanisms that provide effective protection and assured behavior under concerted and sophisticated attack, and includes mechanisms such as multilevel security. The

SAC-TAC has the following goals:

  1. To increase market awareness and demand for SAC technology and products.
  2. To facilitate interoperability of SAC products.
  3. To identify commercial and research opportunities for SAC.
  4. To enhance communication within the SAC community.
  5. To define the appropriate resistance for attack for SAC products.
Coordinator. Daniel Faigin, The Aerospace Corporation
[WAEPSSD]

Workshop on the Application of Engineering Principles
to System Security Design (WAEPSSD)

The goal of the Workshop on the Application of Engineering Principles to System Security Design (WAEPSSD) was to examine engineering fundamentals, the principles and practice of designing and building secure systems. The workshop looked at where we have been in security engineering (formal methods, Orange book, Common Criteria, penetrate and patch, Certification and Accreditation, Defense in Depth) and where we should go. The goal of the workshop was to begin a process of serious thinking about these important issues. The output of the workshop is a collection of essays and technical papers on the issues discussed in the workshop. ACSA's intent is that the output of the workshop becomes the kernel for a growing on-line collection of theory, principles, and practice of security engineering.

This workshop was held in November 2002 in Boston, MA.

Workshop Chair.Marshall D. Abrams, The MITRE Corporation
[Measurement]

Workshop on Information-Security-System Rating and Ranking

The Information Security System Rating and Ranking (ISSRR)Workshop was a venue to explore the meaning and intent of approaches for rating and ranking information assurance. Specific goals of the workshop included:

  • To clarify what researchers and practitioners are talking about when they refer to IA metrics.
  • To debunk the pseudo-science associated with assurance metrics.
  • To discover some indirect indicators of security.
  • To precisely define the research problems in developing IA metrics methodologies.
  • To recap the latest thinking on current IA metrics activities.
  • To identify efforts that are successful in some sense, if they exist, and if none exist, reduce expectations on what might be achieved through IA metrics.
  • To explore the unintended side effects of ratings/measures (e.g., inflating the numbers to ensure promotion, delay review by higher authority)
  • To clarify what's measurable and what's not.
  • To scope and characterize the measures to be addressed (e.g., EJB Security, CORBA Security, and/or Microsoft DNA Security) and to explain what happens when several of these measures/applications co-exist in the same enterprise: do they augment each other or cancel each other out?
  • To describe how measures should be used in the context of IA, especially to influence purchases and for general resource allocations.
  • To identify misapplications of measures, including their description as "metrics"

The workshop was held in May 2001.

Chair. Ronda Henning, Harris
ACSA Liaison. Marshall D. Abrams, The MITRE Corporation
[TC11 Logo]

Second International Working Conference on Integrity and Internal Control in Information Systems

In 1998, ACSA was an "in cooperation with" partner for the 2nd International Working Conference on Integrity and Internal Control in Information Systems. This workshop continued the ongoing dialog between IT security specialists and internal control specialists with the intent of assisting to create reliable business systems in the future. The goals were to find an answer to the questions:

  • What precisely do business managers need in order to have confidence in the integrity of their information systems and their data?
  • What is the status quo of research and development in this area?
  • Where are the gaps between business needs on the one hand and research/development on the other?
  • What needs to be done to bridge these gaps?

The workshop was sponsored by IFIP TC-11 Working Group 11.5. It was held in cooperation with Applied Computer Security Associates (ACSA), George Mason University, and the International Federation of Accountants (IFAC), IT-Committee. It was supported and sponsored by: PricewaterhouseCoopers GRMS, the Dutch Association of Registered EDP-Auditors (NOREA), and the Dutch Computer Society (NGI), SIG on Information Security.

Coordinator. Marshall Abrams, MITRE (Conference Chair, 1998)

Workshop on Information Technology Assurance and Trustworthiness

In 1994, 1995, and 1996, ACSA sponsored the Workshop on Information Technology Assurance and Trustworthiness (WITAT). The general goal of the workshop was to investigate and promote promising methods of gaining assurance in information technology. Other sponsors of the workshop were the National Institute of Standards and Technology, and the University of Maryland Institute for Advanced Computer Studies.

Coordinator. Doug Landoll, ARCA Systems (Workshop Chair, 1996)
[Lectureship]

ACSA Visiting Lecturer Program

The goal of this project was to initiate a Visiting Lecturer program to bring speakers on Information Security to university campuses. This was seen as a way of spreading information about Information Security as a career choice and academic pursuit. The project is currently on hold, pending volunteers and suggestions for membership on this committee.

Coordinator. Position Open

2015 Applied Computer Security Associates