ISSA Annual Membership Meeting Webcast Home Site Map Log In Contact
Hot Topics

ISSA E-News

A bi-weekly publication from the ISSA International Board

June 1, 2006

Sponsored By

Advance your career with a Graduate Diploma from Boston University. Featuring cutting-edge opportunities in:

  • Information Systems and Security
  • Project Management

BU Global's Graduate Diploma programs at Boston University are intensive four-month programs that offer focused study in an exciting international environment. Program graduates are eligible for internship opportunities at U.S. companies.

For details, visit www.bu.edu/diploma or call +1 617-353-8429

Now accepting applications for fall 2006 programs.

In this Issue

New ISSA Chapters Recognized

Congratulations to ISSA's newest chapters! The ISSA Central Virginia Chapter is now recognized as an official chapter of the Information Systems Security Association, Inc. We now have 110 official ISSA chapters, in 24 countries.

New chapters and their membership will contribute to the growth, strength, and leadership of the ISSA in enhancing its recognition as "The Global Voice of Information Security".

ISSA Webcasts

Controlling the Cost of IT Compliance: Best Practices in Multi-Regulatory Compliance Management

Sponsored By: Scalable Software, LLC
Presented By: Patrick McBride, Vice President of Compliance Solutions, Scaleable Systems & Colleen Murphy, Director of Compliance Solutions Delivery, Scaleable Systems

The cost of complying with SOX is sapping millions from the typical IT budget, with no relief in sight. And for IT organizations in sectors facing multiple regulatory manDates and standards such as financial services (SOX / GLBA / HIPAA), energy and utilities (SOX / NERC) and health care (SOX / HIPAA), IT organizations and security teams are rapidly becoming overwhelmed. Learn how forward thinking companies are 'killing two birds with one stone' by creating rationalized control frameworks and automating the IT compliance life cycle, enabling them to eliminate the cost and effort associated with redundant and duplicative IT compliance projects.

Learn best practices and approaches for developing a comprehensive compliance and security management program that will help ensure IT compliance eliminate unnecessary and redundant efforts. Learn how to:

  • Create and document a rationalized control framework applicable across multiple regulatory manDates and standards
  • Document the policy and control environment while ensuring awareness
  • Automate key compliance management and testing processes
  • Cost-effectively manage the complete IT compliance lifecycle from understanding manDates to documenting audit evidence

[View Webcast]

The Intelligent Enterprise – Closing the Zero-Hour Gap on Inbound and Outbound Attacks

Sponsored By Proofpoint Inc.
Presented by Rami Habal, Proofpoint

Zero-day vulnerabilities have traditionally been about virus and computer worm exploits. However, in this age of more sophisticated threats, the zero-hour gap includes a range of inbound and outbound threats that can cost your enterprise money and cause severe damage to your networks. The intelligent enterprise can protect itself by anticipating and eliminating these threats before they cause damage.

In this web seminar "The Intelligent Enterprise – Closing the Zero-Hour Gap on Inbound and Outbound Attacks", Proofpoint product expert Rami Habal will discuss zero-hour threats as they relate to an organization's messaging security infrastructure including viruses, spam and content security.

In this webinar you will learn about:

  • The emergence and range of inbound and outbound threats that exploit the zero-hour gap.
  • Today's tools for attackers and negligent employees.
  • How to anticipate threats and minimize your exposure during the zero-hour gap.
  • Actual, recent outbreaks and how zero-hour protection eliminated these threats.
  • How to complement your existing multi-layer defense and your lockdown policies.

Speaker Bio

Rami Habal is Senior Product Manager at Proofpoint, where he is responsible for Proofpoint's flagship messaging security solution, the Proofpoint Protection Server and works closely with the Proofpoint Anti-Spam Research Lab. Prior to Proofpoint, Rami worked at Mohr Davidow Ventures, Cisco Systems, Hughes Electronics, and several startups. He holds a BSEE from UVa. He also holds master's degrees in Business and Public Administration from MIT and Harvard, respectively. [View Webcast]

See Our Archived Webcasts!

See more webcasts on our website! Click Here!

NEW! The ISSA Learning Center is Open

ISSA University-SiegeWorks University

ISSA and SiegeWorks are pleased to announce high quality, on demand security education and training courses exclusively for ISSA members!

Local Chapters decide which courses they would like to sponsor for their membership, arrange for the venue and promote the course locally. SiegeWorks University trainers provide onsite training and Trainer the Trainer sessions for Chapters who request it.

Industry leading trainers, security luminaries as guest lecturers and top-quality materials!

Course Number Course Description Number of Days Notes

  • IS1100 CISSP Preparation 5 No Test
  • IS1110 SSCP Preparation 5 No Test
  • IS1201 Wireless Security 5 Lab
  • IS1301 Principles of Security 5 Lab
  • IS1302 Advanced Security Concepts 5 Lab
  • IS1401 Practical Penetration Testing 5 Lab
  • IS1402 Building and Operating a Snort IDS 3 Lab
  • IS1403 Computer Forensics 5 Lab
  • IS1501 Web Application 2 Lab IS1801 Policy Writing 3 None
  • IS1802 Incident Response 3 None
  • CS1901 Sarbanes-Oxley Compliance 2 None
  • CS1902 SB-1386 Compliance 2 None

Interested? Contact your local Chapter President or Education Coordinator to sponsor an ISSA SiegeWorks University course for your local members!

Click here to request more information.

Trusted Learning's ISSA Learning Center

ISSA is working with Interpact, the Security Awareness Company to provide low-cost end-user training on a variety of topics, ranging from Security Awareness 101 to Identity Theft. Individuals can purchase courses or member organizations can open their own private learning centers and choose from a menu of existing courseware or upload proprietary training courses for their employees or customers.

Visit the ISSA homepage and click the link for the ISSA Learning Center, enter the access code (sa101cEn) then register as a student, purchase the courses and then begin taking them immediately. Here is a list of the courses available today:

  • Why Security Awareness? - FREE An overview of the need for Computer Security Awareness. This is targeted toward managers and executives who need the basics or a current upDate.
  • Internet and Computer Ethics for Kids - $3 This Course is based upon Winn Schwartau's hit book by the same name. We teach our kids how to use computers, but not about when and what to do with them. What is right and what is wrong? Parents are too often clueless - the kids know more. What do we do? This Course.
  • SA101 Humorous 2005 - $5 This is a short, non-technical 60 minute overview of Security Awareness - with an emphasis on keeping students entertained.
  • SA101 Corporate 2005 -$5 This is a short, non-technical 60-minute overview of Security Awareness.
  • Email Safety at Home and Work - $5 Learn how to avoid viruses, worms and spyware trying to get into company and home computers through e-mail, Web sites and IM applications.
  • ID Theft - $5 Learn what your identity information is, where it resides, how it gets exposed, how thieves steal and abuse identities and how to protect your identity information from theft.
  • Social Engineering at Work and Home - $5 There are infinite ways scammers convince us to give over private information on the phone, Internet and in person. Learn how to recognize common techniques and antics of these scammers so you won't fall victim to them.
  • SPYWARE - $5 Learn how Spyware gets onto computers and what it does - like logging keystrokes and bogging down computers and networks. Then learn what you can do about it.
  • Viruses Protection at Work and Home - $5This course will show employees how viruses and worms spread, the damage they cause, and the steps they should take to protect their work and home computers from getting infected (and how to remove viruses or worms if they do).

Upcoming Conferences & Discounts

Federal Information Security Conference (FISC) 2006

June 21-22, 2006
Doubletree Hotel
Colorado Springs, CO The Fifth Annual Federal Information Security Conference is designed to provide valuable guidance for the Federal Government, industry, and acadamia. Information security issues will be discussed in the areas of security policies and strategies, use of technologies and securing infrastructure. For more conference information please visit www.fbcinc.com/fisc/. ISSA - Colorado Springs has expanded their role in the Federal Information Security Conference by becoming the events official host and member of the Advisory Committee.

Information Security Professionals - earn your NSA certifications. Training so good, we teach the competition!

There’s only ONE WAY to get your NSA certifications, and that’s by attending an NSA sponsored IAM/IEM course. Learn the NSA way of assessing your organizations security posture and conducting security evaluations of networks utilizing hands-on methodologies. ISSA members receive discounts up to $500! *U.S. Citizenship required* Learn more at: http:/www.fountainheadcollege.edu/ia/nsa/

Gartner IT Security Summit 2006

June 5-7, 2006
Washington, D.C.
gartner.com/us/itsecurity Six tracks and more than 100 sessions cover the spectrum of IT security issues ... with actionable guidance from the largest and savviest team of IT security analysts in the word, road-tested best practices, real-world case studies, and an inside look at new and emerging tools and technologies. Members of Information Systems Security Association are entitled to a special $200 discount. Call 1 800 778 1997 and be sure to mention priority code ISSA when you register. Offer not available on the web.

Cornerstones of Trust 2006 Security Conference

June 8th 2006
Foster City, CA

Join Silicon Valley and San Francisco ISSA and the Bay Area InfraGard for our annual Cornerstones of Trust 2006 security conference in Foster City, CA on June 8, 2006. The theme of this year's conference is "Safeguards–what your business should know."

Cornerstones of Trust 2006

This is our greatest conference yet. If you're in the security community, this is the Place to meet top security experts from business, technology, standards and compliance communities; learn about real world solutions; and find out how other companies have built an effective security framework to maintain trust in today's hostile environment.

Keynotes

- John N. Stewart, vice president and chief security officer, Cisco Systems, Inc.
Establishing the Security Culture - Raising Employee Awareness

- Dave Cullinane, chief information security officer, Washington Mutual
Current State of Information Security Legislation" What are the Implications for your Security Program? Sessions

  • Track I TECHNOLOGY Security Technologies - Safeguarding your Business Processes
  • Track II REGULATORY- How Compliance Has Become the Safeguard Driving Security
  • Track III GLOBAL - Safeguarding Business Initiatives in a Global Environment
  • Track IV THE DRILL - In the Petri Dish - Mock Trial & Incident Response Exercise

Earn 8 CPE Credits for CISSP, CISM, etc... when you attend! Exhibitors
30 + Technology Vendors exhibiting the latest Security Solutions Who should attend?

  • CIO's, CSO's & CISO's
  • Information security managers and directors
  • Security specialists and staff
  • IT and network security attorneys
  • Systems analyst

Entertainment

  • Great Food (includes Breakfast, Lunch and Snacks)
  • A kick... End of Conference Reception with drinks and bits 'n bites...to eat that is!
  • Vendor Raffle Prizes
    • iPods, Shuffles, Nano's
    • Satellite radio with 1 year service
    • Memory Stick
    • Binoculars

REGISTER NOW... www.cornerstonesoftrust.com

  • Members $50
  • Non-Members $75
  • Book of Five $300

A Special Thanks to our Diamond Sponsor, Adobe

Brought to you by: Silicon Valley and San Francisco ISSA The Bay Area InfraGard

C3, Corporate & Channel Computing Expo

Compliance World Expo
June 27-29, 2006

The Javits Center - NYC Successfully launched in 2005, C3 brings corporate and channel buyers together with the industry's premier technology manufacturers. More than 8,500 enterprise professionals from the fields of business, finance, government, retail and education attended last year's event in New York City. New for 2006, C3 is joined by ComplianceWorld Expo - the northeast's leading compliance event featuring a comprehensive educational program along with exhibitors who have the know-how to bring genuine solutions to today's IT challenges. For detailed information concerning the security conference and overall conference program please go to www.c3expo.com

Attend CSI NETSEC '06 June 12-14, 2006 in Scottsdale, Arizona at The Phoenician.

The most comprehensive conference in the industry on network security, with 14 tracks and 110 sessions. Tracks on: Attacks & Countermeasures, Management & Governance, Awareness, Risk & Audit, Wireless, Hands-On Tech, Access Management and more. Don't miss this important event, reserve your Place now. Register today at CSINetSec.com
Email: csi@cmp.com

Phone: (415) 947-6320

2006 ISSA e-Symposium Series

The ISSA is delighted to announce the launch of a ground-breaking series of 1-day online conferences, entitled "2006 ISSA e-Symposium Series". The e-Symposia are designed to facilitate the knowledge sharing and gathering amongst our international members and within the global information security community as a whole. Building on the highly successful IT Security e-Symposium, each e-Symposium features interactive, live presentations and round table debates by the world's leading information security experts. Access is free of charge to ISSA members with a special code (see member's area) and anyone with a PC, an internet connection and a soundcard can attend from the convenience of their office.

Other useful tools during the live events include Q&A, web-based chat and a message board. Register Now free of charge your special code: B99731, www.issa.e-symposium.com

Mark your calendars now to avoid disappointment - NEXT - 26 Jul 06: Business Continuity & Disaster Recovery e-Symposium

25 Oct 06: Emerging Threats & Response e-Symposium 24 Jan 07: IT Security e-Symposium

Any questions? Please contact Val-Pierre Genton, vgenton@bright-talk.com.

The e-Symposium series is organized and delivered by BrightTALK, www.bright-talk.com. The Executive Women's Forum on Information Security, Risk Management and Privacy gathers over 200 of the most influential female executives together September 12th-14th , Sheraton Wild Horse Pass & Resort, Phoenix, Arizona to discuss best practices and strengthen their network. Four Women of Influence awards will be co-presented by Alta Associates and CSO Magazine. For more information or to register visit: www.infosecuritywomen.com.

Insider Training – Distance / e-Learning

ISSA members are eligible for special discounts for any public Insider Training live, online certification courses. Insider Training is a premier provider of live, online, instructor-led IT training courses, specializing in security, networking, and programming, certifications. Currently, Insider Training offers public security courses for CISSP, Security+, MCSE: Security, Microsoft Network Security Design and Implementation, and Certified Wireless Network Professional certification training. Unlike traditional training center courses or bootcamp style events, the Insider Training proven system offers expert-led structured programs in a low-stress environment that requires no travel time or additional expenses and allows you to remain productive as you work towards your certification goals. Also, Insider Training does not incur overhead costs typical of traditional training operations, so we can focus on bringing you the best instructor-led training at affordable rates. All classes are taught live over the Internet through your web browser using the WebEx Training Center global platform. These fully interactive, live classes are delivered in flexible two-hour sessions with small class sizes twice per week with class lengths ranging from 4 to 16 weeks. Most courses offer both daytime and evening programs. In addition, all live classes are recorded so you can review 24x7 for up to one year after your class ends, not have to take notes during class, and have the advantage of neither missing class sessions nor losing ground in your training process. "I passed my CISSP exam on the first try! Your optimal training over time and top class instruction was of great value. A boot camp class would not have been beneficial to me. It is just way too much information." IT Security Audit Consultant, Fidelity Integrated Financial Solutions. Industry certifications can be a career changing achievement, but for most people success in mastering the scope of material demands a structured, non-rushed approach with plenty of opportunity for expert instructor feedback. Evening sessions are a great way to keep your billable hours up and still get the training that you need. Insider Training offers an all-inclusive 12-week live, online Certified Information Systems Security Professional (CISSP) training program priced at $2495, which also includes the full cost of the official (ISC)2 exam (currently $499) with your registration. ISSA members receive $100, discounting the course price to $2395

CISSP Course Details:

Date: May 15th - August 16th, 2006
Time: 7pm-9pm ET, 6pm-8pm CT, 5pm-7pm MT, 4pm-6pm PT
Days: Online sessions meet for two hours every Monday and Wednesday over a 12-week period
Study Break: No classes will be held the week of July 3rd-7th

This CISSP course includes: (24) 2-hour live, online instructor-led training classes, 24x7 access to all live class recordings, (1) All-in-One CISSP reference book, (1) Transcender CISSP test preparation software package, (1) Official (ISC)2 Guide to the CISSP Exam, (1) CISSP test voucher, unlimited instructor e-mail mentoring, and additional self-paced recordings. Students even have access to their recorded class sessions and instructor mentoring for up to 6 months after the live training ends. Additional Security Courses: Security+: This 4-week program prepares the student to pass the CompTIA Security+ certification.

ISSA Discount Price: $995

Date: June 12th - July 13th, 2006
Time: 5pm-7pm EST • 4pm-6pm CST • 3pm-5pm MST • 2pm-4pm PST
Days: Online sessions meet for two hours every Monday and Wednesday for a four week period

This course includes: (8) 2-hour live online classes, 24x7 access to all class recordings, (1) Microsoft Press books, (1) Transcender test preparation packages, Insider Training study guide, unlimited instructor e-mail mentoring, additional self-paced recordings, access to Insider Training lab system, and our certification guarantee. MCSE: Security

Date: May 15th - September 20th, 2006
Time: 7pm-9pm EST • 6pm-8pm CST • 5pm-7pm MST • 4pm-6pm PST
Days: Online sessions meet for two hours every Monday and Wednesday over a sixteen week period

This course combines a 16-week Microsoft Certified Systems Engineer program with a 4-week Security+ course to achieve Microsoft's elite networking and security certification.

ISSA Discount Price: $2995

This course includes: (32) 2-hour live online classes, 24x7 access to all class recordings, (7) Microsoft Press books, (7) Transcender test preparation packages, Insider Training study guides, unlimited instructor e-mail mentoring, additional self-paced recordings, access to Insider Training lab system, and our certification guarantee. Certified Wireless Network Administrator (CWNA)

This certification is required before you can register to take the elite Certified Wireless Security Professional (CWSP) exam.

Date: May 8th - May 12th, 2006
Time: 7pm-10pm EST • 6pm-9 pm CST • 5pm-8pm MST• 4pm-7pm PST
Days: Online sessions meet for three hours every day, Monday through Friday, for a one week period

ISSA Discount Price: $995

This course includes: (5) 3-hour live, instructor-led training sessions, 24x7 access to class recordings for 6 months, Official CWNA Course Book, Official CWNA Study Guide, Official CWNA Practice Test, instructor e-mail mentoring, and the Insider Training study guide.

6. SecureWorld Expo 2006 Series Begins with Success

- Candy Alexander, CISSP CISM – VP Education – ISSA International I am very pleased to announce that the SecureWorld Expo 2006 series began in Boston on March 15th with a huge success, breaking attendance records in both the conference attendee and vendor participation areas. We were very fortunately to have the New England ISSA Chapter host a luncheon with Howard Schmidt (first US Cybersecurity Czar and former ISSA International President). ISSA had entered a partnership with SecureWorld Expo last year, to deliver regional conferences at a nominal cost to participants and more importantly, an ISSA member discount. SecureWorld Expo solicits guidance from our local ISSA chapters through the Conference Steering Committees to ensure that the topics delivered are of interest to the local information security community. Seven more cities throughout the US will host SecureWorld Expos with ISSA chapter assistance and guidance (see list below). Be sure to attend the conference in your region and send me a note with your feedback. I welcome any comments you might have on any of these conferences. It is important that I understand your needs and continue to work to deliver education opportunities that fit those needs!

  • Philadelphia – April 19-20, 2006
  • Atlanta – May 2-3, 2006
  • Chicago – May 24-25, 2006
  • Detroit – September 19-20, 2006
  • Seattle – October 10-11, 2006
  • San Francisco – November 1-2, 2006
  • Dallas – December 6-7, 2006

For details and registration info, visit the SecureWorld Expo website.