FROM: Dawna Baird <>

Pittsburgh SPIN September 18 Meeting
Union Switch & Signal
1000 Technology Drive
Pittsburgh, PA 15219
(Directions are available at

6 pm - 6:30 pm SPIN planning meeting
6:30 pm - 7:00 pm Networking
7:00 pm - 8:15 pm Presentation
8:15 pm - 8:30 pm Q&A

Topic: What Is My Role in Information Survivability and Why Should I Care?
Presenter: Julia Allen, Software Engineering Institute

As a software developer, manager, project manager, or SEPG member, consider this:
• How do I help protect my work from viruses, intrusions, or compromised data?
• What can I do to minimize the risks of compromise due to a security breach to the systems and software in my network development environment?
• Do I just call the help desk or the IT hotline? Or do I have a greater responsibility?
• If I have to influence others to do something differently so that my project doesn't fail due to a security breach, how do I do that?

Your computing infrastructures, hardware, and software may seem invisible to you until there is a problem, and you might take for granted that it works or assume somebody will fix it for you, but you can do things to help yourself, your projects, and your business. Information survivability is a new technical and business perspective on protecting critical assets (systems, networks, and information assets that if damaged could affect your ability to do business). To protect mission-critical systems from cyber-attacks, failures, and accidents, the new survivability approach expands critical asset protection to a business-critical and risk-management perspective that requires participation of the whole organization from executive management, to network and system administrators, to all employees. Much of what we have learned in software process improvement can be applied to solve the organizational change problems inherent in addressing this new business-critical area. Ms.! J! ulia Allen will discuss how to identify survivability and security risks to critical assets, how to determine protection strategies to mitigate these risks, and how to use a set of practices as the basis for action plans and implementation planning and review for continuous improvement of information survivability.

Julia Allen is a senior member of the technical staff within the Networked Systems Survivability Program at the Software Engineering Institute (SEI), Carnegie Mellon University (CMU) where she is engaged in development and transition of security improvement practices for network-based systems. Previously, Allen served as acting Director of the SEI for 6 months and Deputy Director/Chief Operating Officer for 3 years. She started the Industry Customer Sector at the SEI in 1992. Allen has over twenty-five years of managerial and technical experience in software engineering. She was Vice President at SAIC, responsible for starting a division specializing in embedded systems software for government customers, and spent 10 years at TRW in Redondo Beach, responsible for integration, test, field site support, and managing major software development programs. Allen holds a B. Sci. in Computer Science from the University of Michigan, an MS in Electrical Engineering from USC, and an e! xe! cutive business certificate from the UCLA. Her professional affiliations include ACM and IEEE Computer Society. In addition to technical reports for CMU/SEI, she is the author of The CERT Guide to System and Network Security Practices (Addison-Wesley, June 2001).

A meeting of the Pittsburgh SPIN planning committee will be held from 6 - 6:30. All are welcome to join.

If you plan to attend the Pittsburgh SPIN September 18 meeting, please RSVP by September 17:

There will be no charge to attend this meeting.

Capability Maturity Model, Capability Maturity
Modeling, Carnegie Mellon, CERT, CERT
Coordination Center, and CMM are registered
in the U.S. Patent and Trademark Office.

SM Architecture Tradeoff Analysis Method; ATAM;
CMMI; CMM Integration; CURE; IDEAL; Interim
Profile; OCTAVE; Operationally Critical Threat,
Asset, and Vulnerability Evaluation; Personal
Software Process; PSP; SCAMPI; SCAMPI
Lead Assessor; SCAMPI Lead Appraiser;
SCE; Team Software Process; and TSP are
service marks of Carnegie Mellon University

TM Simplex is a trademark of Carnegie Mellon