Home Site Map Log In Contact
Hot Topics

ISSA E-News

A bi-weekly publication from the ISSA International Board

June 29, 2006

Sponsored By

Is your data privacy strategy ready for tomorrow?

New business demands are creating the need for a more "datacentric" approach to securing sensitive information, one which protects the data itself, rather than the underlying infrastructure. Join Voltage and our featured Forrester Research analyst on July 13th to learn more about this new model:

  • The limitations of current approaches to data security
  • The features and advantages of a datacentric model
  • Steps you can take to enable datacentric security in your organization

Click here to register for this free webcast!

In this Issue

Black Hat Offer To ISSA Members

Attend the Black Hat Briefings & Training USA, July 29 - August 3 in Las Vegas, the world's premier technical event for IT security experts. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. ISSA members receive a $100 Briefings discount by inserting BH06USAASSOC in the box marked "Coupon Codes" on the web registration page, shown on the final invoice. www.blackhat.com.

ISSA Webcasts

No Phishing Allowed - Best practices to safeguard your organization

Sponsored By: Mirapoint
Presented By: Bethany Mayer - Mirapoint, & Peter Firstbrook, Research Director, Gartner

Phishing attacks are rapidly spreading as e-commerce and online financial activity among U.S. consumers reaches "critical mass." These attacks are taking a toll on consumer trust in the Internet: 58 percent of those who shop, bank or pay bills online – and 79 percent of phishing attack victims – say they are very concerned about the security of their online information. The rapid growth in e-commerce will diminish as phishing attacks and other online security threats erode consumer confidence in online transactions. This presentation will explore the state of Phishing attacks and its effects on consumer confidence, Sender authentication and other techniques to filter Phishing attacks, and briefly address protective measures to prevent Phishing fraud.

[VIEW WEBCAST]

Controlling the Cost of IT Compliance: Best Practices in Multi-Regulatory Compliance Management

Sponsored By: Scalable Software, LLC
Presented By: Patrick McBride, Vice President of Compliance Solutions, Scaleable Systems & Colleen Murphy, Director of Compliance Solutions Delivery, Scaleable Systems

The cost of complying with SOX is sapping millions from the typical IT budget, with no relief in sight. And for IT organizations in sectors facing multiple regulatory manDates and standards such as financial services (SOX / GLBA / HIPAA), energy and utilities (SOX / NERC) and health care (SOX / HIPAA), IT organizations and security teams are rapidly becoming overwhelmed. Learn how forward thinking companies are 'killing two birds with one stone' by creating rationalized control frameworks and automating the IT compliance life cycle, enabling them to eliminate the cost and effort associated with redundant and duplicative IT compliance projects.

Learn best practices and approaches for developing a comprehensive compliance and security management program that will help ensure IT compliance eliminate unnecessary and redundant efforts. Learn how to:

  • Create and document a rationalized control framework applicable across multiple regulatory manDates and standards
  • Document the policy and control environment while ensuring awareness
  • Automate key compliance management and testing processes
  • Cost-effectively manage the complete IT compliance lifecycle from understanding manDates to documenting audit evidence

[View Webcast]

The Intelligent Enterprise – Closing the Zero-Hour Gap on Inbound and Outbound Attacks

Sponsored By Proofpoint Inc.
Presented by Rami Habal, Proofpoint

Zero-day vulnerabilities have traditionally been about virus and computer worm exploits. However, in this age of more sophisticated threats, the zero-hour gap includes a range of inbound and outbound threats that can cost your enterprise money and cause severe damage to your networks. The intelligent enterprise can protect itself by anticipating and eliminating these threats before they cause damage.

In this web seminar "The Intelligent Enterprise – Closing the Zero-Hour Gap on Inbound and Outbound Attacks", Proofpoint product expert Rami Habal will discuss zero-hour threats as they relate to an organization's messaging security infrastructure including viruses, spam and content security.

In this webinar you will learn about:

  • The emergence and range of inbound and outbound threats that exploit the zero-hour gap.
  • Today's tools for attackers and negligent employees.
  • How to anticipate threats and minimize your exposure during the zero-hour gap.
  • Actual, recent outbreaks and how zero-hour protection eliminated these threats.
  • How to complement your existing multi-layer defense and your lockdown policies.

Speaker Bio

Rami Habal is Senior Product Manager at Proofpoint, where he is responsible for Proofpoint's flagship messaging security solution, the Proofpoint Protection Server and works closely with the Proofpoint Anti-Spam Research Lab. Prior to Proofpoint, Rami worked at Mohr Davidow Ventures, Cisco Systems, Hughes Electronics, and several startups. He holds a BSEE from UVa. He also holds master's degrees in Business and Public Administration from MIT and Harvard, respectively. [View Webcast]

See Our Archived Webcasts!

See more webcasts on our website! Click Here!

NEW! The ISSA Learning Center is Open

ISSA University-SiegeWorks University
ISSA and SiegeWorks are pleased to announce high quality, on demand security education and training courses exclusively for ISSA members!

Local Chapters decide which courses they would like to sponsor for their membership, arrange for the venue and promote the course locally. SiegeWorks University trainers provide onsite training and Trainer the Trainer sessions for Chapters who request it.

Industry leading trainers, security luminaries as guest lecturers and top-quality materials!

Course Number Course Description Number of Days Notes

  • IS1100 CISSP Preparation 5 No Test
  • IS1110 SSCP Preparation 5 No Test
  • IS1201 Wireless Security 5 Lab
  • IS1301 Principles of Security 5 Lab
  • IS1302 Advanced Security Concepts 5 Lab
  • IS1401 Practical Penetration Testing 5 Lab
  • IS1402 Building and Operating a Snort IDS 3 Lab
  • IS1403 Computer Forensics 5 Lab
  • IS1501 Web Application 2 Lab IS1801 Policy Writing 3 None
  • IS1802 Incident Response 3 None
  • CS1901 Sarbanes-Oxley Compliance 2 None
  • CS1902 SB-1386 Compliance 2 None

Interested? Contact your local Chapter President or Education Coordinator to sponsor an ISSA SiegeWorks University course for your local members!

Click here to request more information.

Trusted Learning's ISSA Learning Center

ISSA is working with Interpact, the Security Awareness Company to provide low-cost end-user training on a variety of topics, ranging from Security Awareness 101 to Identity Theft. Individuals can purchase courses or member organizations can open their own private learning centers and choose from a menu of existing courseware or upload proprietary training courses for their employees or customers.

Visit the ISSA homepage and click the link for the ISSA Learning Center, enter the access code (sa101cEn) then register as a student, purchase the courses and then begin taking them immediately. Here is a list of the courses available today:

  • Why Security Awareness? - FREE An overview of the need for Computer Security Awareness.
    This is targeted toward managers and executives who need the basics or a current upDate.
  • Internet and Computer Ethics for Kids - $3
    This Course is based upon Winn Schwartau's hit book by the same name. We teach our kids how to use computers, but not about when and what to do with them. What is right and what is wrong? Parents are too often clueless - the kids know more. What do we do? This Course.
  • SA101 Humorous 2005 - $5
    This is a short, non-technical 60 minute overview of Security Awareness - with an emphasis on keeping students entertained.
  • SA101 Corporate 2005 -$5
    This is a short, non-technical 60-minute overview of Security Awareness.
  • Email Safety at Home and Work - $5
    Learn how to avoid viruses, worms and spyware trying to get into company and home computers through e-mail, Web sites and IM applications.
  • ID Theft - $5
    Learn what your identity information is, where it resides, how it gets exposed, how thieves steal and abuse identities and how to protect your identity information from theft.
  • Social Engineering at Work and Home - $5
    There are infinite ways scammers convince us to give over private information on the phone, Internet and in person. Learn how to recognize common techniques and antics of these scammers so you won't fall victim to them.
  • SPYWARE - $5
    Learn how Spyware gets onto computers and what it does - like logging keystrokes and bogging down computers and networks. Then learn what you can do about it.
  • Viruses Protection at Work and Home - $5
    This course will show employees how viruses and worms spread, the damage they cause, and the steps they should take to protect their work and home computers from getting infected (and how to remove viruses or worms if they do).

Upcoming Conferences & Discounts

Information Security Professionals - earn your NSA certifications. Training so good, we teach the competition!

There’s only ONE WAY to get your NSA certifications, and that’s by attending an NSA sponsored IAM/IEM course. Learn the NSA way of assessing your organizations security posture and conducting security evaluations of networks utilizing hands-on methodologies. ISSA members receive discounts up to $500! *U.S. Citizenship required*

Learn more at: http:/www.fountainheadcollege.edu/ia/nsa/

The ISSA is delighted to announce the launch of a ground-breaking series of 1-day online conferences, entitled "2006 ISSA e-Symposium Series". The e-Symposia are designed to facilitate the knowledge sharing and gathering amongst our international members and within the global information security community as a whole. Building on the highly successful IT Security e-Symposium, each e-Symposium features interactive, live presentations and round table debates by the world's leading information security experts. Access is free of charge to ISSA members with a special code (see member's area) and anyone with a PC, an internet connection and a soundcard can attend from the convenience of their office. Other useful tools during the live events include Q&A, web-based chat and a message board.

Register Now free of charge your special code: B99731, www.issa.e-symposium.com

Mark your calendars now to avoid disappointment:

  • NEXT - 26 Jul 06: Business Continuity & Disaster Recovery e-Symposium
  • 25 Oct 06: Emerging Threats & Response e-Symposium
  • 24 Jan 07: IT Security e-Symposium

Any questions? Please contact Val-Pierre Genton, vgenton@bright-talk.com.

The e-Symposium series is organized and delivered by BrightTALK, www.bright-talk.com.

The Executive Women's Forum on Information Security, Risk Management and Privacy gathers over 200 of the most influential female executives together September 12th-14th , Sheraton Wild Horse Pass & Resort, Phoenix, Arizona to discuss best practices and strengthen their network. Four Women of Influence awards will be co-presented by Alta Associates and CSO Magazine. For more information or to register visit: www.infosecuritywomen.com. Top

Insider Training – Distance / e-Learning

ISSA members are eligible for special discounts for any public Insider Training live, online certification courses. Insider Training is a premier provider of live, online, instructor-led IT training courses, specializing in security, networking, and programming, certifications. Currently, Insider Training offers public security courses for CISSP, Security+, MCSE: Security, Microsoft Network Security Design and Implementation, and Certified Wireless Network Professional certification training.

Unlike traditional training center courses or bootcamp style events, the Insider Training proven system offers expert-led structured programs in a low-stress environment that requires no travel time or additional expenses and allows you to remain productive as you work towards your certification goals. Also, Insider Training does not incur overhead costs typical of traditional training operations, so we can focus on bringing you the best instructor-led training at affordable rates.

All classes are taught live over the Internet through your web browser using the WebEx Training Center global platform. These fully interactive, live classes are delivered in flexible two-hour sessions with small class sizes twice per week with class lengths ranging from 4 to 16 weeks. Most courses offer both daytime and evening programs. In addition, all live classes are recorded so you can review 24x7 for up to one year after your class ends, not have to take notes during class, and have the advantage of neither missing class sessions nor losing ground in your training process.

"I passed my CISSP exam on the first try! Your optimal training over time and top class instruction was of great value. A boot camp class would not have been beneficial to me. It is just way too much information." IT Security Audit Consultant, Fidelity Integrated Financial Solutions.

Industry certifications can be a career changing achievement, but for most people success in mastering the scope of material demands a structured, non-rushed approach with plenty of opportunity for expert instructor feedback. Evening sessions are a great way to keep your billable hours up and still get the training that you need.

Insider Training offers an all-inclusive 12-week live, online Certified Information Systems Security Professional (CISSP) training program priced at $2495, which also includes the full cost of the official (ISC)2 exam (currently $499) with your registration. ISSA members receive $100, discounting the course price to $2395

CISSP Course Details:

Date: May 15th - August 16th, 2006
Time: 7pm-9pm ET, 6pm-8pm CT, 5pm-7pm MT, 4pm-6pm PT
Days: Online sessions meet for two hours every Monday and Wednesday over a 12-week period
Study Break: No classes will be held the week of July 3rd-7th

This CISSP course includes: (24) 2-hour live, online instructor-led training classes, 24x7 access to all live class recordings, (1) All-in-One CISSP reference book, (1) Transcender CISSP test preparation software package, (1) Official (ISC)2 Guide to the CISSP Exam, (1) CISSP test voucher, unlimited instructor e-mail mentoring, and additional self-paced recordings. Students even have access to their recorded class sessions and instructor mentoring for up to 6 months after the live training ends.

Additional Security Courses: Security+:

This 4-week program prepares the student to pass the CompTIA Security+ certification.

ISSA Discount Price: $995

Date: June 12th - July 13th, 2006
Time: 5pm-7pm EST • 4pm-6pm CST • 3pm-5pm MST • 2pm-4pm PST
Days: Online sessions meet for two hours every Monday and Wednesday for a four week period

This course includes: (8) 2-hour live online classes, 24x7 access to all class recordings, (1) Microsoft Press books, (1) Transcender test preparation packages, Insider Training study guide, unlimited instructor e-mail mentoring, additional self-paced recordings, access to Insider Training lab system, and our certification guarantee.

MCSE:Security

Date: May 15th - September 20th, 2006
Time: 7pm-9pm EST • 6pm-8pm CST • 5pm-7pm MST • 4pm-6pm PST
Days: Online sessions meet for two hours every Monday and Wednesday over a sixteen week period

This course combines a 16-week Microsoft Certified Systems Engineer program with a 4-week Security+ course to achieve Microsoft's elite networking and security certification.

ISSA Discount Price: $2995

This course includes: (32) 2-hour live online classes, 24x7 access to all class recordings, (7) Microsoft Press books, (7) Transcender test preparation packages, Insider Training study guides, unlimited instructor e-mail mentoring, additional self-paced recordings, access to Insider Training lab system, and our certification guarantee.

Certified Wireless Network Administrator (CWNA)

This certification is required before you can register to take the elite Certified Wireless Security Professional (CWSP) exam.

Date: May 8th - May 12th, 2006
Time: 7pm-10pm EST • 6pm-9 pm CST • 5pm-8pm MST• 4pm-7pm PST
Days: Online sessions meet for three hours every day, Monday through Friday, for a one week period

ISSA Discount Price: $995

This course includes: (5) 3-hour live, instructor-led training sessions, 24x7 access to class recordings for 6 months, Official CWNA Course Book, Official CWNA Study Guide, Official CWNA Practice Test, instructor e-mail mentoring, and the Insider Training study guide.