Projects
2008
- ISACA: Mapping FFIEC Framework With COBIT 4.1 (Reviewer)
- ISACA Spring Conference talk on Web Services Security
Abstract: The Service Oriented Architectures train will inevitably force
security professionals to board and ride to XML land. Security
markup languages promise to deliver new capabilities in Digital
Rights Management (DRM), Single-Sign-On and federation.
The difficulty is in, however, understanding the potpourri
of standards that exist in the space (e.g., XML-ENC, XMLSIG,
XKMS, SAML, XACML, XrML, P3P, EPAL, and ORDL).
Businesses must carefully choose the right technology to
mitigate the risk of investing resources in standards that
have not achieved a critical mass, technologies that are not
interoperable, and languages that have unfavorable
licensing terms.
ISACA Spring Conference 2008 [website] [brochure]
2007
- FFIEC Guidance on Authentication. See publications.
- Worm Calendar System (WCS) Master’s thesis
Due to intellectual property issues this work is complete but will not be formally published.
2006
- ShortcutGuide (Online utility)
We use many applications (both desktop and online) on a daily basis and perform repetitive tasks without knowing many of the common keyboard shortcuts associated with them. We can use shortcuts to digitally sign messages, move graphics, change window panes, create documents and messages, and much more; however, all too often we anchor ourselves to the mouse because we are not aware of these time saving methods.
My colleague and good friend Eric Doversberger and I decided to work on a project that would centralize shortcuts for all applications. The Flash interface allows users to learn shortcuts by hovering their mouse over different keys . Additionally, we created an XML specification that anyone could use to upload shortcuts for their application. The site was going to be monetized by advertising, however, we did not properly calculate the market demand for this offering.
- RedOpal (E-commerce)
A new concept in e-commerce that allows users to find products based on digested user reviews. Suppose you want to find a book on politics–you might be interested in how “judgmental” or “agnostic” the author is rather than the page length or date it was published. Similarly, when looking to purchase a new gadget you might be inclined to see how “usable” it is, more than how many features it has. Authors, retailers, and manufacturers don’t provide this type of information, but consumers do. RedOpal uses composite user reviews, mining them for information to construct popular product attributes.
The project team: Christopher Scaffidi, Kevin Bierhoff, Eric Chang, Mikhael Felker, Herman Ng and Chun Jin