Instructor: E. Eugene Schultz, Ph.D., CISSP, CISM
Chief Technology Officer
Emagined Security
EugeneSchultz@emagined.com

Few issues in the IT arena are currently treated with more interest and passion than virtualization. Virtualization refers to technologies designed to provide a layer of abstraction between computer hardware systems and the software running on them. By providing a logical rather than a physical view of computing resources, virtualization makes possible many functions, currently the most popular of which is to run multiple operating systems and/or applications on a single physical machine. Virtualization also has many additional benefits; virtualization and computing will continue to converge well into the future.

The information security implications of breakthrough technologies are almost never thoroughly understood until well after they are widely implemented; virtualization is no exception. An increasing number of significant security-related risks (each associated with a variety of business risks) in connection with virtualization have been and are still being identified. These risks include ability to defeat "secure isolation," "hyperjacking," unauthorized data capture in virtualized networks, new types of denial of service attacks, and many others. Unmitigated virtualization-related risk can result in substantial business loss and disruption. Because the business benefits of virtualization are also so great, pitting costs versus benefits in the world of virtualization is frequently an unusually difficult task.

This one-day course is designed to facilitate learning at the knowledge, comprehension, application and evaluation levels. At the knowledge and comprehension levels, attendees will learn what virtualization is, how virtualization works, major types of virtualization, its many benefits, the kinds and severity of risks that it introduces, the types of administrative and technical controls that can be used for risk mitigation, and how effective each control is. The course then focuses on analyzing, evaluating and applying to real-world settings issues such as whether virtualization-related risk is adequately considered during the risk analysis process, how policy, standards and procedures may have to be modified in accordance with changes that virtualized environments typically create, how to make costs versus benefits comparisons, special considerations due virtualization components in "cloud computing," and how virtualization technology is likely to evolve over time and the probable impact upon information security. Finally, the course covers audit considerations—the kinds of issues auditors should examine while conducting audits on virtualized environments and why. Kinds of findings that are likely result and how to prioritize each will also be covered.

Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a SANS instructor, member of the SANS NewsBites editorial board, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. A Distinguished Fellow of the Information Systems Security Association (ISSA), Gene has also been named to the ISSA Hall of Fame and has received ISSA's Professional Achievement and Honor Roll Awards. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

To find out more about our services, please call us at 415.944.2977 or request additional information by emailing info@emagined.com.