Home Site Map Log In Contact
Hot Topics

ISSA E-News

A bi-weekly publication from the ISSA International Board

May 4, 2006

Sponsored By

Advance your career with a Graduate Diploma from Boston University.

Featuring cutting-edge opportunities in:

  • Information Systems and Security
  • Project Management

BU Global's Graduate Diploma programs at Boston University are intensive four-month programs that offer focused study in an exciting international environment. Program graduates are eligible for internship opportunities at U.S. companies.

For details, visit www.bu.edu/diploma or call +1 617-353-8429

Now accepting applications for fall 2006 programs.

In this Issue

ISSA Webcasts

Controlling the Cost of IT Compliance: Best Practices in Multi-Regulatory Compliance Management

Sponsored By: Scalable Software, LLC
Presented By: Patrick McBride, Vice President of Compliance Solutions, Scaleable Systems & Colleen Murphy, Director of Compliance Solutions Delivery, Scaleable Systems

The cost of complying with SOX is sapping millions from the typical IT budget, with no relief in sight. And for IT organizations in sectors facing multiple regulatory manDates and standards such as financial services (SOX / GLBA / HIPAA), energy and utilities (SOX / NERC) and health care (SOX / HIPAA), IT organizations and security teams are rapidly becoming overwhelmed. Learn how forward thinking companies are 'killing two birds with one stone' by creating rationalized control frameworks and automating the IT compliance life cycle, enabling them to eliminate the cost and effort associated with redundant and duplicative IT compliance projects.

Learn best practices and approaches for developing a comprehensive compliance and security management program that will help ensure IT compliance eliminate unnecessary and redundant efforts. Learn how to:

  • Create and document a rationalized control framework applicable across multiple regulatory manDates and standards
  • Document the policy and control environment while ensuring awareness
  • Automate key compliance management and testing processes
  • Cost-effectively manage the complete IT compliance lifecycle from understanding manDates to documenting audit evidence

[View Webcast]

The Intelligent Enterprise – Closing the Zero-Hour Gap on Inbound and Outbound Attacks

Sponsored By Proofpoint Inc.
Presented by Rami Habal, Proofpoint

Zero-day vulnerabilities have traditionally been about virus and computer worm exploits. However, in this age of more sophisticated threats, the zero-hour gap includes a range of inbound and outbound threats that can cost your enterprise money and cause severe damage to your networks. The intelligent enterprise can protect itself by anticipating and eliminating these threats before they cause damage.

In this web seminar "e;The Intelligent Enterprise - Closing the Zero-Hour Gap on Inbound and Outbound Attacks"e;, Proofpoint product expert Rami Habal will discuss zero-hour threats as they relate to an organization's messaging security infrastructure including viruses, spam and content security.

In this webinar you will learn about:

  • The emergence and range of inbound and outbound threats that exploit the zero-hour gap.
  • Today's tools for attackers and negligent employees.
  • How to anticipate threats and minimize your exposure during the zero-hour gap.
  • Actual, recent outbreaks and how zero-hour protection eliminated these threats.
  • How to complement your existing multi-layer defense and your lockdown policies.

Speaker Bio

Rami Habal is Senior Product Manager at Proofpoint, where he is responsible for Proofpoint's flagship messaging security solution, the Proofpoint Protection Server and works closely with the Proofpoint Anti-Spam Research Lab. Prior to Proofpoint, Rami worked at Mohr Davidow Ventures, Cisco Systems, Hughes Electronics, and several startups. He holds a BSEE from UVa. He also holds master's degrees in Business and Public Administration from MIT and Harvard, respectively. [VIEW WEBCAST] See Our Archived Webcasts!

See more webcasts on our website! Click Here!

Free Subscriptions To Industry Leading Publications!

As a valued member of the Information Systems Security Association, we would like to inform you that we have partnered with Tradepub.com to provide you with free subscriptions to industry leading publications. Each publication is absolutely free and there is no purchase necessary. Publications are ABSOLUTELY FREE to those who qualify!

Browse from the extensive list of over 300 titles currently offered and be sure to check back often as we will be adding new titles over the coming weeks and months. Click here to subscribe for free!

Sponsored By

Methodologies & Tools for Web Application Security Assessment

With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Our "e;Methodologies & Tools for Web Application Security Assessment"e; whitepaper, recommends a methodology for web application security assessments, and provides details on how to use automated tools to accelerate the process. Download it today!

NEW! The ISSA Learning Center is Open

ISSA University-SiegeWorks University
ISSA and SiegeWorks are pleased to announce high quality, on demand security education and training courses exclusively for ISSA members!

Local Chapters decide which courses they would like to sponsor for their membership, arrange for the venue and promote the course locally. SiegeWorks University trainers provide onsite training and Trainer the Trainer sessions for Chapters who request it.

Industry leading trainers, security luminaries as guest lecturers and top-quality materials! Course Number Course Description Number of Days Notes IS1100 CISSP Preparation 5 No Test IS1110 SSCP Preparation 5 No Test IS1201 Wireless Security 5 Lab IS1301 Principles of Security 5 Lab IS1302 Advanced Security Concepts 5 Lab IS1401 Practical Penetration Testing 5 Lab IS1402 Building and Operating a Snort IDS 3 Lab IS1403 Computer Forensics 5 Lab IS1501 Web Application 2 Lab IS1801 Policy Writing 3 None IS1802 Incident Response 3 None CS1901 Sarbanes-Oxley Compliance 2 None CS1902 SB-1386 Compliance 2 None

Interested? Contact your local Chapter President or Education Coordinator to sponsor an ISSA SiegeWorks University course for your local members!

Click here to request more information.

Trusted Learning's ISSA Learning Center

ISSA is working with Interpact, the Security Awareness Company to provide low-cost end-user training on a variety of topics, ranging from Security Awareness 101 to Identity Theft. Individuals can purchase courses or member organizations can open their own private learning centers and choose from a menu of existing courseware or upload proprietary training courses for their employees or customers.

Visit the ISSA homepage and click the link for the ISSA Learning Center, enter the access code (sa101cEn) then register as a student, purchase the courses and then begin taking them immediately. Here is a list of the courses available today:

  • Why Security Awareness? - FREE An overview of the need for Computer Security Awareness. This is targeted toward managers and executives who need the basics or a current upDate.
  • Internet and Computer Ethics for Kids - $3 This Course is based upon Winn Schwartau's hit book by the same name. We teach our kids how to use computers, but not about when and what to do with them. What is right and what is wrong? Parents are too often clueless - the kids know more. What do we do? This Course.
  • SA101 Humorous 2005 - $5 This is a short, non-technical 60 minute overview of Security Awareness - with an emphasis on keeping students entertained.
  • SA101 Corporate 2005 -$5 This is a short, non-technical 60-minute overview of Security Awareness.
  • Email Safety at Home and Work - $5 Learn how to avoid viruses, worms and spyware trying to get into company and home computers through e-mail, Web sites and IM applications.
  • ID Theft - $5 Learn what your identity information is, where it resides, how it gets exposed, how thieves steal and abuse identities and how to protect your identity information from theft.
  • Social Engineering at Work and Home - $5 There are infinite ways scammers convince us to give over private information on the phone, Internet and in person. Learn how to recognize common techniques and antics of these scammers so you won't fall victim to them.
  • SPYWARE - $5 Learn how Spyware gets onto computers and what it does - like logging keystrokes and bogging down computers and networks. Then learn what you can do about it.
  • Viruses Protection at Work and Home - $5 This course will show employees how viruses and worms spread, the damage they cause, and the steps they should take to protect their work and home computers from getting infected (and how to remove viruses or worms if they do).

Upcoming Conferences & Discounts

Security Associations Announce Conference and Trade Show

Minneapolis, MN
December 30, 2005

The Upper Midwest Security Alliance (UMSA) has announced "e;Secure360o,"e; the Alliance's inaugural conference and trade show. The event is set for St. Paul's RiverCentre on May 17-18, 2006.

The UMSA consists of the Minnesota Chapter of ASIS International (MN-ASIS); the Business Continuity Planners Association (BCPA); the Information Systems Audit and Control Association (MN-ISACA); the Information Systems Forensics Association (MN-ISFA); and the Information Systems Security Association (MN-ISSA).

"e;Our five associations have joined together as the UMSA expressly to provide our combined membership with the most comprehensive security conference and trade show possible,"e; said Kelley Archer, spokesperson for the Alliance "e;By combining our resources in one event rather than individual conferences, we'll be able to provide all of our members with the broadest and deepest opportunities for learning, networking and sharing information on all the latest advances in business security solutions and security technology. This will be the most complete and integrated security event in the five-state Upper Midwest area,"e; Archer added.

Archer said that UMSA expects Secure360o to draw more than 100 exhibitors representing products and services for data protection, physical security information systems forensics, audit and control systems, and continuity planning. The conference will offer attendees a range of general and educational sessions as well as access to the two-day trade show.

All MN-ASIS, BCPA, MN-ISAA, MN-ISFA, and MN-ISSA association members will receive details through individual newsletters. Potential event sponsors, exhibitors and speakers will receive a conference invitation and details by January 31, 2006. The public is invited to attend and can find information at www.secure360.org. For more information, contact Kathy Felber, Show Manager, at 952-893-1293, 800-888-1293, or kfelber@equinoxcreative.com.

Cyber Security Summit

May 22-23, 2006
Sawgrass Marriott Resort
Ponte Vedra Beach, FL

The Cyber Security Summit brings together senior-level Information Security executives from leading companies to discuss the hottest topics in the industry including; Convergence of IT and the Law, Converging the Roles of the CSO and the CISO, IT Governance and the Synergy with Information Security and Emerging Technologies and the Policies that TRY to Control Them. The unique format of the summit pairs executives from Solution Provider companies with Information Security executives for one-on-one meeting and gives attendees the opportunity to attend conference sessions, panel discussions, workshops, as well as special networking events. An exciting line-up of speakers participating in this event! To find out more contact Shelly-Ann Hurdle at shelly-annh@marcusevansbb.com visit www.cybersecuritysummit.com. Special Registration Offer Applies to ISSA members who mention this code: CYBER239.

TRISC, Texas Regional Infrastructure Security Conference, 2006 Conference - Houston, TX

May 15 - 17
Sharing Experience and Knowledge to Strengthen Security

Conference Objectives:Provide an annual educational and networking event that will enhance the knowledge, skill, and professional growth of the conference alliance members and other attendees. TRISC involves individuals in: national, state or local governments; institutions of higher education; private and public businesses. The conference offers attendees a unique forum for the discussion of topics that are of mutual interest to security professionals in the areas of information, infrastructure, and facilities.

Tracks:

  • Law & Forensics
  • Cyber Security
  • Business Continuity & Disaster Recovery
  • Risk / Security Management
  • Infrastructure Protection/SCADA
  • Physical Security

Registration Fees Early Registration After April 15 Members $299.00 $399.00 First Responders $3200 $4200 Non Members $399.00 $499.00

For information on registration, exhibits, and sponsorships, contact:
TRISC 2006
c/o Swift Solutions
8701 Bluffstone, #2308
Austin, Texas 78759
Phone (toll-free): (877) 451-8700
Fax: (866) 498-6527
Email: debswift@swift-solutions.org

For on-line information and updates, visit: http:/www.trisc.org/
Hyatt Regency Hotel: http:/www.houstonregency.hyatt.com
(Ask for special TRISC attendee rates)

Information Security Professionals - earn your NSA certifications. Training so good, we teach the competition!

There’s only ONE WAY to get your NSA certifications, and that’s by attending an NSA sponsored IAM/IEM course. Learn the NSA way of assessing your organizations security posture and conducting security evaluations of networks utilizing hands-on methodologies. ISSA members receive discounts up to $500! *U.S. Citizenship required*

Learn more at: http:/www.fountainheadcollege.edu/ia/nsa/

3rd Annual ID Theft Symposium

Customer Identification & Authentication Management in Financial Services
May 22-23, 2006
Marriott Marquis
New York, NY

Learn from veterans and representatives of the industry. Get an industry upDate for 2006 and learn about fraud and authentication problems directly from bankers. Find out what types of systems bankers and seasoned professionals see as being the most effective in a porous network. Covering all aspects of identity theft, speakers will discuss legal intricacies, ethical views of the industry, and solutions to real problems. For more information, please visit www.srinstitute.com/cf331

Gartner IT Security Summit 2006

June 5-7, 2006
Washington, D.C.
gartner.com/us/itsecurity

Six tracks and more than 100 sessions cover the spectrum of IT security issues ... with actionable guidance from the largest and savviest team of IT security analysts in the word, road-tested best practices, real-world case studies, and an inside look at new and emerging tools and technologies.

Members of Information Systems Security Association are entitled to a special $200 discount. Call 1 800 778 1997 and be sure to mention priority code ISSA when you register. Offer not available on the web.

Cornerstones of Trust 2006 Security Conference

June 8th 2006
Foster City, CA

Join Silicon Valley and San Francisco ISSA and the Bay Area InfraGard for our annual Cornerstones of Trust 2006 security conference in Foster City, CA on June 8, 2006. The theme of this year's conference is "e;Safeguards - what your business should know."e;

This is our greatest conference yet. If you're in the security community, this is the Place to meet top security experts from business, technology, standards and compliance communities; learn about real world solutions; and find out how other companies have built an effective security framework to maintain trust in today's hostile environment.

Keynotes

- John N. Stewart, vice president and chief security officer, Cisco Systems, Inc.
Establishing the Security Culture - Raising Employee Awareness

- Dave Cullinane, chief information security officer, Washington Mutual
Current State of Information Security Legislation" What are the Implications for your Security Program?

Sessions

  • Track I TECHNOLOGY Security Technologies - Safeguarding your Business Processes
  • Track II REGULATORY- How Compliance Has Become the Safeguard Driving Security
  • Track III GLOBAL - Safeguarding Business Initiatives in a Global Environment
  • Track IV THE DRILL - In the Petri Dish - Mock Trial & Incident Response Exercise

Earn 8 CPE Credits for CISSP, CISM, etc... when you attend!

Exhibitors

30 + Technology Vendors exhibiting the latest Security Solutions

Who should attend?

  • CIO's, CSO's & CISO's
  • Information security managers and directors
  • Security specialists and staff
  • IT and network security attorneys
  • Systems analyst

Entertainment

  • Great Food (includes Breakfast, Lunch and Snacks)
  • A kick... End of Conference Reception with drinks and bits 'n bites...to eat that is!
  • Vendor Raffle Prizes
    • iPods, Shuffles, Nano's
    • Satellite radio with 1 year service
    • Memory Stick
    • Binoculars

REGISTER NOW... www.cornerstonesoftrust.com

  • Members $50
  • Non-Members $75
  • Book of Five $300

A Special Thanks to our Diamond Sponsor, 2006 ISSA e-Symposium Series

Brought to you by:

  • Silicon Valley and San Francisco ISSA
  • The Bay Area InfraGard

C3, Corporate & Channel Computing Expo

Compliance World Expo
June 27-29, 2006

The Javits Center - NYC

Successfully launched in 2005, C3 brings corporate and channel buyers together with the industry's premier technology manufacturers. More than 8,500 enterprise professionals from the fields of business, finance, government, retail and education attended last year's event in New York City. New for 2006, C3 is joined by ComplianceWorld Expo - the northeast's leading compliance event featuring a comprehensive educational program along with exhibitors who have the know-how to bring genuine solutions to today's IT challenges.

For detailed information concerning the security conference and overall conference program please go to www.c3expo.com

Attend CSI NETSEC '06 June 12-14, 2006 in Scottsdale, Arizona at The Phoenician. The most comprehensive conference in the industry on network security, with 14 tracks and 110 sessions. Tracks on: Attacks & Countermeasures, Management & Governance, Awareness, Risk & Audit, Wireless, Hands-On Tech, Access Management and more. Don't miss this important event, reserve your Place now.

Register today at CSINetSec.com
Email: csi@cmp.com
Phone: (415) 947-6320

The ISSA is delighted to announce the launch of a ground-breaking series of 1-day online conferences, entitled "2006 ISSA e-Symposium Series".

The e-Symposia are designed to facilitate the knowledge sharing and gathering amongst our international members and within the global information security community as a whole. Building on the highly successful IT Security e-Symposium, each e-Symposium features interactive, live presentations and round table debates by the world's leading information security experts. Access is free of charge to ISSA members with a special code (see member's area) and anyone with a PC, an internet connection and a soundcard can attend from the convenience of their office. Other useful tools during the live events include Q&A, web-based chat and a message board.

Register Now free of charge your special code: B99731, www.issa.e-symposium.com

Mark your calendars now to avoid disappointment -

NEXT - 26 Jul 06: Business Continuity & Disaster Recovery e-Symposium
25 Oct 06: Emerging Threats & Response e-Symposium 24 Jan 07: IT Security e-Symposium

Any questions? Please contact Val-Pierre Genton, vgenton@bright-talk.com. The e-Symposium series is organized and delivered by BrightTALK, www.bright-talk.com.

The Executive Women's Forum on Information Security, Risk Management and Privacy gathers over 200 of the most influential female executives together September 12th-14th , Sheraton Wild Horse Pass & Resort, Phoenix, Arizona to discuss best practices and strengthen their network. Four Women of Influence awards will be co-presented by Alta Associates and CSO Magazine. For more information or to register visit: www.infosecuritywomen.com. Top

Articles Wanted!

The ISSA Journal, the official publication of the ISSA, is looking for information security articles on a variety of topics concerning the information security practitioner.

Possible topics:

  • e-mail security
  • the latest threats
  • certifications
  • legislation
  • security for mobile devices
  • social engineering
  • international legislation
  • policy enforcement

Word count: 1,500 to 3,000 words.

Please send over a short summary of what the article will cover. Any questions? Contact Jenny Kasza, the editor of The ISSA Journal, at theeditor@issa.org for more details.

SecureWorld Expo 2006 Series Begins with Success

- Candy Alexander, CISSP CISM - VP Education - ISSA International

I am very pleased to announce that the SecureWorld Expo 2006 series began in Boston on March 15th with a huge success, breaking attendance records in both the conference attendee and vendor participation areas. We were very fortunately to have the New England ISSA Chapter host a luncheon with Howard Schmidt (first US Cybersecurity Czar and former ISSA International President).

ISSA had entered a partnership with SecureWorld Expo last year, to deliver regional conferences at a nominal cost to participants and more importantly, an ISSA member discount. SecureWorld Expo solicits guidance from our local ISSA chapters through the Conference Steering Committees to ensure that the topics delivered are of interest to the local information security community.

Seven more cities throughout the US will host SecureWorld Expos with ISSA chapter assistance and guidance (see list below). Be sure to attend the conference in your region and send me a note with your feedback. I welcome any comments you might have on any of these conferences. It is important that I understand your needs and continue to work to deliver education opportunities that fit those needs!

  • Philadelphia - April 19-20, 2006
  • Atlanta - May 2-3, 2006
  • Chicago - May 24-25, 2006
  • Detroit - September 19-20, 2006
  • Seattle - October 10-11, 2006
  • San Francisco - November 1-2, 2006
  • Dallas - December 6-7, 2006

For details and registration info, visit the SecureWorld Expo website.