Print to Page   |   Contact Us   |   Report Abuse   |   Sign In   |   Register
ISSA Journal Call for Articles

The ISSA Editorial Advisory Board seeks article submissions from information security professionals throughout the industry. Security experts in the enterprise, academia, and government are encouraged to share their expertise to the advancement of our industry. ISSA members and non-members are welcome to contribute.

Please submit articles to the ISSA Journal Editor, and review in advance the Editorial Guidelines.

We occasionally revisit past topics for inclusion when space permits: see below.

May: Education, Academia, and What’s Happening in Research

The need for qualified information security professionals is ever increasing as we continue to embed Information and Communication Technologies (ICT) into all aspects of our lives. It is virtually impossible to our find a public, private, commercial, governmental, critical infrastructure, or military organization that does not rely upon ICT to achieve its mission. Even in our personal lives, we depend upon ICT for socializing, recreation, and entertainment. The recognition of the risks we incur by our dependence upon ICT has driven the need to educate the next generation of security professionals and conduct research to mitigate our ICT-based risks. We are not producing enough people with the right skills sets to make progress in the cybersecurity domain. Meanwhile, criminals and foreign militaries continue to invest heavily in offensive capabilities. What can we do to improve this situation? We are looking for your input, ideas, experiences, case studies, and observations related to security education and research for the ISSA Journal.

Due Date: NOW

June: The Cloud and Virtualization

The cloud has many different forms, but typically we describe cloud services as public, private, and hybrid. It is almost universally accepted that the security of data, along with the underlying system and network components, is a work in progress. There are both technical as well as legal, regulatory, and governance aspects to the data protection models we strive to achieve. Add to this the use of different virtualization techniques that underly the different cloud forms and the design, architecture, deployment, and management of a cloud becomes very complex.

We are looking for your input, ideas, experience, and observations as to what works, what doesn't, what standards should be applied, and what considerations should a security practitioner keep in mind when deploying a cloud. Avoiding the cloud is not the answer, so what practical solutions do you have to meet the business requirements?

Due Date: May 1, 2013

July: Identity Management

Identity management, commonly referred to as IAM or Identity and Access Management, seems as old as computers themselves; and it’s still a hot topic today? Absolutely. Most of us have multiple identities, or personas, that we manage each day. And in our businesses, application users may have more than one identity, but most certainly have varying roles depending on the task at hand. To make the matter more interesting, IAM isn’t just an "internal” concern any more. As BYOD and cloud-based applications invade the corporate landscape, managing identities and roles takes a front-seat in protecting corporate information. IAM is still a relevant and pervasive concern that, if not architected and managed properly, jeopardizes the integrity and confidentiality of personal and corporate secrets. We would like you to share your IAM experiences with your ISSA peers: effective approaches to IAM, key issues that must be addressed, the future of identities, the cross-pollination of personal and corporate identities, implications of new technologies and directions (e.g. BYOD, cloud).

Due Date: June 1, 2013

August: Convergence of Technologies

Technological convergence is generally defined as the merging together of different technologies such as communications, hardware, media, and applications. This evolution has increased consumer options such as streaming media and on-the-go banking as well as led to new innovations such as the iPhone. It has also opened new frontiers for information security and electronic discovery, which have enhanced the capabilities of computer forensics and investigations. Along with these opportunities, new challenges and concerns have emerged. Individual privacy, ease of dissemination of misinformation via multi-technology channels and cybercrime are just a few. What do you think? Has technological convergence become a blessing or a curse?

Due Date: July 1, 2013

September: Mobile Security/BYOD - Technology/Business/Policy/Law

BYOD (Bring your own device) is sweeping corporate and public organizations with near hurricane force. Unfortunately, and in management's rush to adopt what is thought to be a cost-saving IT measure, information security and litigation potential arising from BYOD usage has been cast into the wind. Without properly drafted and implemented information security policies and procedures put in place prior to BYOD, public and private enterprises expose themselves to both security incident risk and the inevitable litigation (including what is certain to be intrusive but permissible electronic discovery). The ISSA Journal will address and examine the convergence of the info-sec and legal issues arising from BYOD usage in today's enterprise environment.

Due Date: August 1, 2013

October: Big Data and the Use of Security Controls

Due Date: September 1, 2013

November: Forensics and Analysis

Due Date: October 1, 2013

December: Disaster Recovery/Disaster Planning

It’s become trite to refer to information as today’s business driver. But the consequences when information is destroyed, stolen, or inappropriately changed are often severe and can be catastrophic to a business. Proper preparation and planning is necessary to ensure a company’s ability to recover and survive when such situations occur. Several approaches and alternatives can be employed to effectively recover from disasters. Working alongside business representatives and other IT specialists, information security and risk professionals are in a unique position to support, drive, and potentially own disaster planning activities. Discussions of in-sourcing vs. out-sourcing, internally vs. externally hosted systems and data, tape vs. disk storage, primary vs. secondary storage, globally dispersed workforces, business involvement, business impact analyses, and the pros and cons of periodic DR exercises and tabletop exercise are at the center of this month’s Journal. Disaster recovery/disaster planning is more than just insurance; it’s knowing your business and being ready when extraordinarily catastrophic situations arise. We look forward to your submissions on this vital business subject.

Due Date: November 1, 2013

Past Topics

April: Selling to the C-Suite and the Changing Roles of InfoSec Professionals

Communication and collaboration with the C-suite can be difficult, but are vital to security's effectiveness. The Chief Information Security Officer (CISO) needs to show how security supports organizational initiatives, grows revenue, and controls expenses. For example, what communication and process methods and metrics can build trust and increase C-suite understanding of security? A second issue related to the CISO and business success is the identification, acquisition, utilization, and retention of security professionals with the desired knowledge, skills, perspective, and vision to address current (and future) business needs. How do you hire the right personnel who are trained for the known security issues and functions, and then "grow" those team members' capabilities to address the unknown? In your experiences, what has worked for you? What efforts would you recommend not be used?

March: Legal, Regulatory, Privacy, and Compliance

Mar: Legal, Regulatory, Privacy, and Compliance The dynamics of security and compliance with legal and regulatory mandates can be an extremely difficult area to navigate. While many are no doubt familiar with NIST, ISO, GLBA, SOX, or PCI, it is often very difficult to develop, implement and maintain a governance framework that can address diverse requirements in a comprehensive and coherent manner. Thus, it is often asked if an organization should develop targeted solutions, architectures and governance apparatus for different mandates, or if it is possible to utilize a more integrated approach. We are looking for your input and ideas on legal and regulatory mandates as they affect security, compliance and privacy for the ISSA Journal.

February: Emerging Threats

Our world of information security is forever filled with emerging threats. These are all around us and in a constant state of change, which can make them difficult to identify or detect. Often emerging threats are present yet not recognized because their impact is not widely felt. Some emerging threats may be technology based but not always. They may be based on our perception of the world around us, new threat actors, changing regulations, our expectations of privacy, the volume of data we must deal with, massive interconnectivity, and a wide number of other things. What really identifies an emerging threat is its broad impact to individuals, private organizations, governments, and other entities. We are looking for your input and ideas on emerging threats and look forward to your contributions to the February 2013 ISSA Journal.

January: Risk Analysis / Risk Management

The requirement for Risk based information security decision making is a foregone conclusion. The SEC Disclosure Guidance Topic No. 2: Cybersecurity, November 2011, essentially requires it. But are you doing it? And are you doing it successfully? The information security community would like to know how you are doing risk analysis in your risk management by accurately forecasting the probability and impact of threats in an uncertain IT world and what success you have had. Do you successfully fit your risk management into your employer’s risk management process? We are looking for you experts willing to tell us your experience, methods, and plans and advise us on how to proceed in articles for the January 2013 Journal.

December – Storage: Security and Forensics

Humans are adapting well to the information age. We've transformed our society to consume content, and our appetite for fresh and relevant content is voracious. Just this year alone, analysts estimate that humans will create (or replicate) over 1.8 zettabytes of data, roughly 1,800,000,000,000,000 megabytes! And it is all stored somewhere, throughout a vast infrastructure of interconnected, sometimes isolated, digital media - from HD to CD to SD to DVD to optical to tape, flash drives and beyond.

How is the storage secured and how will it be secured in the future? What techniques do you use to keep the data you lay down to disk safe? What happens when the bad guys get in? How do you perform advanced forensics against this data? How do you keep it clean? The opportunity to hide malware among this data and keep it hidden from security professionals is increasing as the volumes of data increase. Finding the digital needle in the haystack just gets ever more challenging as the haystacks grow at an exponential rate. Are there enough security professionals and time in a day to examine it all?

November – Black Hats, Malware, Organized Crime and What This Means to Security Professionals

Welcome to the ubiquitous age of hand-held, wireless computing and communication. Today we carry around cell phones, iPads, Kindles, and PDAs that have more computing power than was designed into the Space Shuttle. Users visit traditional websites (e.g., Google, Facebook, LinkedIn, ESPN, CNN), check and send emails, and conduct all forms of business from their mobile devices as easily as if they were at home. As such, these mobile platforms are especially attractive targets for malware creators who can entice users to download the "hot” application of the day that has value added features (or at least to the hacker). The prevalence of mobile device hacking toolkits available from the Internet continues to grow offering even newbees the ability to target these devices. Many of the same techniques used for spreading malware on desktops translate well to mobile devices. For example, piggbacking on legitimate applications, changing the upgrade mechanism of a legitimate application to download and upgrade to a malicious version, or loading additional applications without the user’s knowledge. All of these attack vectors (and more) are an incredibly profitable mechanism for traditional cyber criminals. In addition, these attack vectors can be used for corporate espionage to steal your organizations intellectual property or create opportunities for blackmail.

We are soliciting articles on all aspects of malware, black hat strategies, detection techniques, case studies in effective and ineffective mitigation strategies, and all other aspects of malware and crime in the enterprise.

October – Risk Analysis / Risk Management

We all need to know facts and about real experience from credentialed qualified experts to back up their advice that we are currently being given in Journal articles. This applies particularly to how to do risk analysis and risk management in which we must invest significant resources and our reputations as increasingly required by government regulations, auditors, and contracts. Our jobs are on the line. The current writings of advice on these subjects are bereft of such information. Somebody with unknown credentials writes an article telling us to do this or do that, use FAIR, use Octave, etc. And it requires a great commitment of resources and reputation with no assurance that a qualified writer or others have done it successfully or not.

This type of factual information and real experience are usually highly confidential to our employers, but they must be sanitized, made anonymous, aged, and reported nevertheless. We are looking for you real experts willing to supply your credentials and tell us the facts and real experience in articles for the We all need to know facts and about real experience from credentialed qualified experts to back up their advice that we are currently being given in Journal articles. This applies particularly to how to do risk analysis and risk management in which we must invest significant resources and our reputations as increasingly required by government regulations, auditors, and contracts. Our jobs are on the line. The current writings of advice on these subjects are bereft of such information. Somebody with unknown credentials writes an article telling us to do this or do that, use FAIR, use Octave, etc. And it requires a great commitment of resources and reputation with no assurance that a qualified writer or others have done it successfully or not. This type of factual information and real experience are usually highly confidential to our employers, but they must be sanitized, made anonymous, aged, and reported nevertheless. We are looking for you real experts willing to supply your credentials and tell us the facts and real experience in articles for the Journal.

September – History of Information Security

The Charles Babbage Institute Center for the History of Computer Technology (CBI) at the University of Minnesota has a new project funded by the National Science Foundation to document the history of information security. It is well known that history plays an important part in the advancement of any subject - ours included. Many of you information security seniors have locked up in your minds and papers a rich and extensive knowledge of what worked and didn’t work. Current security information of this nature is usually confidential to your employers, but lasting techniques, practices, and experience from the past should be sanitized and added to our open literature. We need to know the history of such things as the Rainbow Series, risk and threat analysis methods, awareness, passwords, crypto usage, policies, organization, management, loss events and outcomes, hacking, spam, viruses, denial of access methods, etc.

You seniors have a responsibility to convey to the current generation of security professionals the truths and experiences of the past and how we arrived at where we are. Here is your opportunity to submit history articles to the Journal.

June – Crypto Update – What’s New and on the Horizon?

Cryptography is the pillar of information security that keeps prying eyes out of whatever data we wish to secure, be it email, financial transactions, secret recipes, sensitive and personal information, intellectual property – information at rest, on the move, and buried in repositories for perpetuity – providing confidentiality, integrity, non-repudiation, and supporting authentication, securing audit trails, and more. What's working? What is not? What's new on the horizon? What is your organization doing to optimize its use of cryptography? What are you doing to stay ahead? Are you planning to migrate to new cryptosystems or is your current implementation good enough? What type of fall-back plan do you have in place in the event that a new attack makes your cryptosystem unreliable?

The other side of the cryptosecurity coin is key management. Many would argue that while proof of concept attacks have been demonstrated, the reality is that today’s algorithms are feasibly unbreakable. Today, the most practical vector is attacking the keys and where they reside. Until we learn how to do key management well, it will be harder than it needs to be to protect data. Do you have any stories or experiences that describe key management challenges and how they have been met? If so, tell us.

July – Standards, Compliance, and Governance

Governance is the framework by which executive management manages and controls organizational activities to achieve goals and objectives as well as comply with relevant laws and regulations. Implementing a framework is a challenging task since there is no "one-size-fits-all" approach, and each organization must incorporate IT and Security into its organizational governance approach. The framework is reflected in leadership styles, organizational structures, supporting processes and standards, industries, and accountability for the actions taken.

Here are specific examples of governance concepts in action:

  • Governance Domains: Strategic planning and alignment, value delivery, risk management, resource management, and performance measurement
  • Governance Principles: Clear expectations, responsible and clear handling of operations, proactive change management, timely and accurate disclosures, independent review, and continuous improvement
  • Key Strategic Planning and Alignment Domain Elements: Organizational reporting structures, roles and responsibilities, strategy and steering committees, architecture review board, and network connectivity review board
  • Key Value Delivery Elements: Network operations, computer operations, computer center management, and application development
  • Key Risk Management Elements: Areas to be evaluated and methodology implemented
  • Key Resource Management Elements: Asset inventory, capital budget, operating budget, resource allocation and planning, project tracking, contract management
  • Key Performance Management Elements: Regulatory compliance, policies, standards, processes and procedures, quality assurance, metrics

The ISSA Journal is interested in hearing from you on this topic. What approach has your organization taken in implementing its governance strategy, e.g., ISO, COBIT, ITIL, NIST? What "lessons learned" have you encountered along the way, and what would you have done differently?

August – Mobile Security

It's 10PM. Do you know where your data is? Or better still, do you know where all the copies are and if they're all safe? Today's data landscape is as wide as a desert sky and as diverse as a jungle ecosystem. The tools used in business and our personal lives today are at our fingertips wherever we are. Our data moves with us. It's on our phones, laptops, tablets, hosted in Internet-accessible datacenters, in corporate datacenters, on backup tapes somewhere between a datacenter and a storage facility. Let's face it – our data is constantly moving. And, data continues to multiply. Not only are we creating new data every day but we are also making multiple copies of this data as we back it up, share it with others, and slice it up for review and analysis. Now, back to the original question: do you know where your data is?

Maintaining the confidentiality, integrity, availability, and control of business data is a very difficult proppostition. Smartphones, laptops, and tablets are enticing targets for theft. Concerns swirl around inappropriate data sharing on social networking sites, instant messaging, and file sharing sites. Web-based storage has made it very easy and inexpensive to drop data for later retrieval. But, how trustworthy and secure are these sites? Can we trust employees to "do the right thing" in order to safeguard data? As we expand the use of new technologies (mobile devices) and business models (cloud, etc.), how does a company identify and track important information during its life? How do you balance business and data protection as you develop your mobile security strategies? What can be done to capitalize on the business enabling capabilities of this "data freedom" without sacrificing the business' future or someone's personal information?

January - Legal and Privacy Issues

Like technology and security challenges, the legal environment impacting data security professionals is in constant flux. New laws are passing and being proposed at every level of government on a worldwide basis. Organizations of all sizes may be subject to legal requirements in multiple jurisdictions across the country and the globe. Now more than ever the decisions that security professionals make impact the legal risk faced by the organization. In this issue we explore the legal environment of information security and privacy and the role of security professionals in understanding, collaborating on, and addressing legal risks and compliance matters.

December – IT & Security Governance

Governance is the framework by which executive management manages and controls the organizational activities to achieve goals and objectives - adding value while balancing risk with return on investment. There is no "one-size-fits-all" approach, and each organization must incorporate IT and Security into its organizational governance approach. The framework is reflected in leadership styles, organizational structures, processes, and accountability for the actions taken.

Shown below are specific examples of governance concepts in action:

  • Governance Domains: Strategic planning and alignment, value delivery, risk management, resource management, and performance measurement
  • Governance Principles: Clear expectations, responsible and clear handling of operations, proactive change management, timely and accurate disclosures, independent review, and continuous improvement
  • Key Strategic Planning and Alignment Domain Elements: Organizational reporting structures, roles and responsibilities, strategy and steering committees, architecture review board, and network connectivity review board
  • Key Value Delivery Elements: Network operations, computer operations, computer center management, and application development
  • Key Risk Management Elements: Areas to be evaluated and methodology implemented
  • Key Resource Management Elements: Asset inventory, capital budget, operating budget, resource allocation and planning, project tracking, contract management
  • Key Performance Management Elements: Regulatory compliance, policies, standards, processes and procedures, quality assurance, metrics.

How does your organization implement its governance strategy? What resources do you use when implementing "governance" in your organization? ISO? ITIL? NIST? What works for you? What pitfalls did you have to address? What would you "do over"?

November - Risk management: Making Theory Work in Business

Risk management has become popular and accepted in business and government and required by legislation and standards. This has encouraged many of us in information security to apply risk management to make informed security decisions. We are motived by trying to provide management with what they believe they want. How do we accomplish this? We suggest that you first readThe Failure of Risk Management and How to fix It(D. W. Hubbard, Wiley & Sons, 2009),The Black Swan(N. N. Taleb, Random House, 2010,) and relevantISSA Journalarticles (February 2011, December 2010, January 2008) to be up-to-date on the pertinent literature.

What is your experience with methods used to justify and prioritize difficult security decisions? Did you quantify or qualitatively determine security risk, and how did you do it and trust it isn't wrong? Have you validated past risk forecasts against actual outcomes? Are there other ways to successfully justify and prioritize good security solutions when costs of security and adversity impacts are high, frequencies are low, and uncertainty prevails? Where and how do you get valid adversity frequency and impact and expert opinion data? How do you meet the legal, regulatory, and audit requirements to perform security risk management?

October – The Cloud / Virtualization

The ISSA Journal is looking for articles related to cloud computing and virtualization for our October issue.

Information technology is transforming to a service-based, scalable infrastructure, and your choice to embrace it as a security professional will define your career going forward. No longer do we point to a machine in a data center and say, "Yep, that application runs there.” Virtualization ended that ability.

You can’t stop the transformation – the economics around cloud and virtualization are too compelling. Resisting will leave you behind. Embracing on-demand IT will make you valuable if you can do it securely. How have you met these challenges in your industry or company? What pressures do you face and how have you responded to those pressures? How has virtualization and cloud changed how you secure your enterprise, and what advice can you give to others?

September – High Assurance Systems

Assurance (according to NIST 800-53) is the level of confidence that the security controls implemented within an information system are effective. The term high assurance may be associated with applications, platforms, and information systems. For example, the NSA has initiated the High Assurance Platform Program for secure computing platforms that will incorporate COTS technologies and techniques; NASA has implemented high assurance systems to protect the lives of their astronauts throughout the space program.

But the concept of high assurance applies to many other environments and organizational functions, and may address confidentiality, integrity, and availability in systems that protect people, data, equipment, and facilities. Have you had to design, create, build, implement, or acquire a high assurance system? What kind? What processes did you use to ensure that you had the desired system? Please share with the readers by submitting articles for publication in the September ISSA Journal. Your experiences may be the stepping stone for readers who need that boost as part of the high assurance programs they are working on – or will be in the future.

August – Security Architecture: Practices and principles

Designing and deploying a comprehensive security solution involves more that understanding information security policy, firewall rules, access control lists, and hardening operating systems, to name but a few. Developing a holistic security solution typically involves the elaboration of a security architecture that functions as a framework for engineering and implementing various security controls. This is often a risk analysis-based process that considers the business and technical requirements that an organization must address, in conjunction with evaluating threats, risks, and vulnerabilities that may exist. Often formalized methods are used to develop a security architecture. The ISO 27001 and ISO 27002 standards, for example, provide guidance on how to create an Information Security Management System using different security control objectives; NIST 800-53 takes a similar approach.

The ISSA Journal Editorial Advisory Board would like to hear from you regarding your experience with security architecture. What approach is the most successful in your environment? What methodology do you use? Do you use a risk-based approach or something else? How do you measure the success of your security architecture? What works? What doesn't?

July – Managing the Security Function: How do you run security successfully in the business?

Do you and your leadership team manage security in your organization or does it manage you? What are key characteristics of your approach to security that can be shared with our readers? It is understood that "one size does not fit all,” but we are interested in demonstrating examples of people (business roles), poicies, processes, procedures, pitfalls [and the associated resolutions],and other variables that have enabled you to reduce the instabilities and vulnerabilities in your organization and promote security in the fulfillment of your organizational mission, including profit (where applicable).

June – The Changing Face of Malware

 

Over the last decade, malware has become the predominate source of malicious cyber activity. Malware comes in many forms and encompasses many behaviors, such as scanning, denial-of-service attacks (DOS and DDOS), and directed attacks (e.g., STUXNET). Bots are unique when compared to other types of malware because they establish a command and control channel through which they can be dynamically updated and directed. Botnets, a collection of zombie computing assets, have been employed for a variety of illicit activities – information and computing resource theft, SPAM production, hosting phishing attacks – or for mounting DOS and DDOS attacks. Botnets have become the cyber criminal tool of choice and contribute to a large portion of the total internet traffic which adversely affects all internet users. The recent STUXNET worm has demonstrated that directed attacks are an effective tool for attacking physical assets from the cyber domain.

We are soliciting articles on all aspects of malware, including defense strategies, detection techniques, case studies in effective and ineffective mitigation strategies, and other aspects of malware in the enterprise.

May - How Security is Changing But Not Changing

Security threat vectors keep changing. Attackers maximize on security gaps within new technologies such as Web 2.0 and social networking tools. Likewise, it has become incredibly more difficult for enterprises to protect their information assets. Or has it? Is it not a case that information security is still really about protecting the confidentiality, integrity, and availability of information assets? If so, why do we still have to deal with major security incidents (e.g., TJX, Heartland, or Hannaford), and what lessons can be learned once and for all to pro-actively protect ourselves?Along with changing threat vectors, technologies likewise change. For example, with the convergence of various technologies we have seen the rise of cloud computing. But how significant are those changes? Do new technologies function as a catalyst for the definition of new security requirements, guidelines, and implementation processes? Are new technologies able to keep up with new threats?

Finally, when we get right down to basics, have the fundamentals that we have used throughout our careers really changed? Do we not use the same risk analysis and security architectural methodologies that we have always used, but simply apply them to new threat vectors and new technologies?So we ask, how have security fundamentals changed or not? How have threats changed or not? How have security technologies changed or not?

April - Operational Management

Modern organizations have embedded information technologies into their core processes to increase operational efficiency, improve decision quality, and reduce costs. However, this dependence can place the organizational mission at risk when the loss of the confidentiality, integrity, availability, non-repudiation, or authenticity of a critical information resource occurs. The need to mitigate risks, coupled with new laws and regulations, has highlighted the need for efficient Security Operations Management that assures organizational governance, security, and transparency.

Topics of interest include data loss prevention, configuration management, risk management, software-as-a-service (SaaS), network access control, managed hosting, physical security, automation, and forensics.

March - Consumerization of the Workplace

We love gadgets! And today’s gadgets can be incredible productivity tools. Consumer technology has entered the board rooms, executive offices, factories, retail centers, and office cubicles. And, it has the chance to enhance both our personal and business lives. Consider how mobile devices, social media, and online collaboration tools have impacted you. More of our data and connectivity is moving to consumer-centric tools. How do we manage and protect business data and the connections to our networks via the Cloud or from airports, living rooms, and restaurants? How do we respond to our changing users and business processes that depend on these tools?
Community Search
Sign In

Username
Password

Forgot your password?

Haven't registered yet?

more
Calendar

5/21/2013
5th Annual Information Security Summit - The Growing Cyber Threat: Protect Your Business

5/21/2013
ISSA Bluegrass Chapter Quarterly Meeting

5/22/2013 » 5/23/2013
2013 Rocky Mountain Information Security Conference

6/6/2013
5th Annual North Alabama Cyber Security Summit

6/18/2013
Cornerstones of Trust 2013: Securing Ubiquity and Protecting the Enterprise of Things
ISSA Sponsor Advertisement

ISSA Sponsor Advertisement


JoinAssociationMembersChaptersContactFeedbackSponsorship
Copyright © 2012, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information