ISSA E-News: July 16, 2009

In this Issue

  1. Cast Your Vote Now: International Election Ends Sunday, July 19
  2. ISSA Educational Advisory Council (EAC)
  3. Call for Whitepapers
  4. Call for Articles: Special ISSA Journal Issue on Standards
  5. ISSA and ASIS Partner on Networking and Educational Opportunities
  6. Showcase Your Chapter Photos and Logo at the 25th Anniversary
  7. July Issue of the ISSA Journal: Now Available Online
  8. Industry On-Demand Webcasts
  9. ISSA Events
  10. Industry Events

Sponsors

Identity Lifecycle Management: Bringing Together Security, Identity and Compliance

Streamline IT security environments and compliance processes. Read the white paper: The Role of Security Management in Achieving Continuous Compliance

 

Cast Your Vote Now: International Election Ends Sunday, July 19

If you have not already cast your ballot, vote now for the volunteer leaders who best represent your vision for meeting the professional needs of ISSA members. This year you are electing the chief financial officer, chief operating officer, vice president and four directors.

Credentials were delivered by email to eligible voters from election@issa.org on June 22. If you did not receive credentials, please check your spam folder. If your credentials were not diverted to your spam folder, contact Elections Support or call 1 866 349 5818 within the US, +1 206 388 4584 (international), extension 103, to speak with Dana Paulino.

As in past elections, your credentials were sent from the vendor's server to ensure the confidentiality of your unique username and password. The email appears to come from election@issa.org because it was felt a message from VoteNet would not be recognized and voter credentials would be deleted. So while the sender looks to be election@issa.org, it is actually from votenet@jangomail.com.

To ensure that you receive important announcements during the election, please be sure to whitelist issa.org if you have not already done so and the servers listed at http://www.jangomail.com/senders.asp.

General, CISO Executive, Corporate Organizational, Government Organizational and Lifetime members in good standing as of June 21, 2009 are eligible to vote. Students and temporary members of any kind are not voting members.

Before final submission of the ballot, you will have an opportunity to review your selections and print a receipt. The receipt will include a unique confirmation number, which should be kept confidential. Candidate biographies and the goals they wish to achieve as members of the ISSA Board of Directors can be accessed from the ballot and are also available on our website for your review CLICK HERE. All ballots must be received by midnight US Pacific time on July 19 (7:00 a.m. GMT on July 20).

ISSA Educational Advisory Council (EAC)

ISSA is proud to announce the formation of the Educational Advisory Council (EAC) to assist in designing educational web conferences, whitepapers, research projects and fostering academic partnerships that will be timely, relevant and enhance ISSA members' ability to do their jobs.

Pamela Fusco, a member of the International Board of Directors, will chair the EAC ably assisted by the chairs of three subcommittees and more than a dozen volunteers.

  • Michael Angelo, chair, ISSA Web Conferences, (South Texas Chapter) and his committee will oversee content, topics and identify speakers and panelists for monthly online conferences.
  • Hema Krishnamurthy, chair, Whitepapers, (Phoenix Chapter) and her volunteers will solicit and conduct peer review of pertinent technical and position papers within the field.
  • Vinoth Sivasubramanian, chair, Academic Partnerships, (UK and UAE Chapters) and his colleagues will foster collaborations with academic institutions to create partnerships to train the next generation of security professionals and share cutting edge research.

Call for Whitepapers

In order to be responsive to emerging threats, technological advancements, and influences within information security, one must tap into the experience and expertise of the professional community. ISSA is soliciting whitepaper submissions by information security professionals that look to inform and educate peers and professionals regarding issues and trends in the industry. Articles are reviewed on the basis of relevance (suitability for readership), timeliness (how in sync content is within an ever changing industry), utility (how directly useful it is), credibility (citations and scholarly awareness), and innovation (how uncommon the topic is).

Evaluation

ISSA Educational Advisory Council (EAC) Whitepaper Committee experts will peer-review all industry whitepapers to ensure and validate the quality, accuracy and relevance. An excellent whitepaper:

  • is relevant to a security practitioner, the chief audience (does include C-level)
  • is related to current trends, technologies and industry issues
  • leans toward practical insights rather than general perspectives
  • is a non-commercial article focused on the informational needs of the reader rather than the benefits of the author's products or services
  • carefully cites sources, resources and exhibits knowledge of the work of industry innovators and experts
  • encompasses subject matter that piques the curiosity of ISSA members/readers
  • caters to an international audience
  • includes diagrams and Illustrations

Format

Whitepapers are expected to be 2-6 pages in length. Please include the following:
  • Project Description (including use cases)
  • Relevant or Related Projects
  • Major Technical Considerations
  • People and Organizations (either potential participants or experts that could be consulted for more information)

Submission

Whitepapers are reviewed on an ongoing basis; there are no deadlines. Authors should submit final whitepaper documents to education@issa.org as attached files and please note the following within the subject line: [EAC Whitepaper Submission: Last Name of first author]. Documents are to be submitted as Microsoft Word documents only and must be accompanied by the ISSA whitepaper copyright release form granting authorization to publish.

For questions or assistance, please contact Jen Huber.

Call for Articles: Special ISSA Journal Issue on Standards

Standards are an integral part of our world. They provide a common, comprehensive framework for defining the security, integrity, availability, governance, and compliance requirements demanded of organizations and their information systems. As such, it is important for security professionals to be aware of current standards, how they are formulated, and how to apply them.

An upcoming issue of the ISSA Journal will be devoted to all aspects of standards. To make that issue as meaningful as possible, we would like to hear from those of you in the trenches who must work with standards on a daily basis. We are interested in formal standards at the national and international level, private industry standards such as PCI, and how to apply and use guidelines such as the U.S. NIST 800 series.

Please submit your articles or questions to editor@issa.org. Our publishing guidelines may be found on the ISSA website in the Journal section.

ISSA and ASIS Partner on Networking and Educational Opportunities

ASIS International 55th Annual Seminar & Exhibits: ASIS 2009

September 21-24, 2009
Anaheim, CA

ISSA has collaborated with ASIS International to provide members with an extended depth of security expertise. As part of this on-going partnership, ISSA is sponsoring a high-quality information security track at the ASIS International 55th Annual Seminars & Exhibits. We hope that you take advantage of this exceptional educational and networking opportunity, available to ISSA members at the ASIS member price (discount applied at checkout).

ASIS 2009 covers the full spectrum of security—all vertical industries, government and private sector, around the globe. As the world’s leading security event, ASIS pays dividends immediately—and the payoff continues throughout the year. You’ll be armed with—and energized by—the latest knowledge, technology, and strategies to deal with today’s challenges. Details at: www.asisonline.org/ASIS2009

ASIS Keynotes/General Sessions Overview CLICK HERE

Download the Seminar Overview (pdf) CLICK HERE

For ISSA Member discount registration CLICK HERE

Showcase Your Chapter Photos and Logo at the 25th Anniversary

A photo history is being planned for ISSA's 25th Anniversary Celebration in Anaheim, California, USA on Sunday, September 20. The planning committee would like to showcase your chapter photos and logos.

We would love to have a group photo of your chapter members. Also of particular interest are pictures from your more casual, networking or just plain silly events such as golf tournaments, cruises, picnics - anything that will stimulate conversation and humor. Digital photos are preferred, but if you have older photos you would be willing to lend, we will scan and return the originals to you.

Share your memorable moments with us. What is the most significant experience or most meaningful achievement you have had as a member of ISSA and why was it important to you?

Send your photos, memorable moments and logos to Dana Paulino. ISSA's 25th Anniversary Celebration will precede the ASIS International 55th Annual Seminar and Exhibits where ISSA will be sponsoring an information security track. ISSA members may attend the ASIS conference at the ASIS member price.

July Issue of the ISSA Journal: Now Available Online

This month's issue of the ISSA Journal is now available online and features peer-reviewed articles on:

  • Successful Security Control Selection Using NIST SP 800-53
  • Balancing IT Security Compliance, Complexity, and Cost
  • PAN Encryption: Yes, We Can Standardize Now
  • Performing Hardcopy Risk Assessments for Operational Processes Handling PII
  • Mobile Endpoint Security
  • Data Breach Study Reveals Significant Rise in Targeted Attacks

ITS Program Management: Talking the Executive Language

By Marcel Gingras - ISSA member, Ottawa, Canada Chapter

This article discusses communication strategies for IT security program managers reporting to executives who fund their programs.

IT security business cases are hard to make. In most organizations, security is considered an expense. This article discusses communication strategies for IT security program managers reporting to the executives who fund their programs. There are very few businesses where IT security is a line of business with a direct, positive contribution to the organization's mission. Like the human resources program, finance, and IT, the security program is a "horizontal" program, running across multiple business-mission "verticals." It is a necessary cost of doing business. While there are value-added marketing opportunities associated with security, it is rarely the "main event." This is the reality that security program managers face when making business cases for security improvement.

Picture this: You have finally made it to the executive boardroom. It is your opportunity to present your business case for security program improvements. You lead in with a description of your program framework. You move on to your control status lists and immediately eyes are glazing over and thumbs are busy with Blackberries under the table. The fact is, security management frameworks and control lists are of little interest to organization executives. Security people love them, but they do not relate to the interests of most executives. The concepts of security program management do not relate well to the concepts of business program management.

To continue reading this and other articles featured in the July ISSA Journal CLICK HERE

If you would like to receive your Journal electronically, just login to the ISSA website and update your member profile.

Industry On-Demand Webcasts

Security Log Management for Compliance

    Sponsored by: CA
The Transformation of Security Organizations into Business Enablers – and How You Can Use the Web to Accelerate This
    Sponsored by: CA
How to Ensure Data Privacy and Security
    Sponsored by: IBM
Identity-Centric DLP: A New Partnership for Data Security
The union of identity management and data loss prevention solutions
    Sponsored by: CA

Security Stimulus - Information Security Budgets & Priorities in a Down Economy

ISSA Events

Magnify Your Security - GA ISSA Annual Meeting

Metro Atlanta Chapter of ISSA
  • October 14, 2009
  • Loudermilk Convention Center
  • Atlanta, GA, USA

Cost: ISSA Members - $65.00, Student ISSA Members - $59.00, Non-ISSA Members - $100.00, Student Non-ISSA Members - $75.00
Discount to ISSA Members: $20.00 off of the $65.00 which = $45.00 - ends July 31
Discount Code: 2009earlybirdspecialmember

For event details CLICK HERE

For event registration CLICK HERE

ISSA 25th Anniversary Celebration

ISSA International
  • Sunday, September 20, 2009
  • 4:30 p.m. US Pacific Time
  • Anaheim, CA, USA

ISSA CISO Executive Forum

*CISO Forum dates and locations are subject to change.
Anaheim, CA September 19 - 20, 2009
Theme: Cyber Crime
Las Vegas, NV November 12 - 13, 2009
Theme: Looking forward; What the CISO Will Need to Know in The Next Decade

For details on the CISO Forum please visit http://ciso.issa.org.

*CISO Executive Memberships are subject to approval. Applicants and guests must be executive level information security professionals; reporting directly to the CEO, CFO, CIO, and be responsible for internal security for their organization. Complete membership criteria is available at: http://ciso.issa.org/Membership/Membership-Criteria.html

Industry Events

SECUREWORLD SPOTLIGHT

August 20, 2009

ISSA MEMBERS are offered a $20 discount off the $95 conference pass which includes access to the Conference Sessions, Exhibits, Lunch and 5 CPE credits. Register on-line using code MAISSA.

For event details and registration CLICK HERE

SECUREWORLD EXPO

September 16 - 17, 2009

September 29 - 30, 2009 October 28 - 29, 2009 November 4 - 5, 2009

ISSA MEMBERS are offered a $100 discount off the $245 conference pass which includes access to the Conference Sessions, Conference Breakfast Keynote, Exhibits & Open Sessions (Includes Lunch) and 12 CPE credits. Register on-line using code ISSNWS9.

SecureWorld+  Extended Training 2009 includes 4+ hours of intense training worth 16 CPE credits and full access to the complete SecureWorld conference program. SecureWorld+ Pass is only $495 with special ISSA member discount, register using code ISSNWS9.

For event details and registration CLICK HERE

Hacker Halted USA 2009

  • September 20 - 24, 2009
  • Hilton Miami Downtown
  • Miami, FL, USA
Cost: Early Bird ($699, ends May 31, 2009)
Normal ($899, from June 1, 2009) Discount to ISSA Members: 10%
Discount Code: HH-SP-ISSA

For event details and registration CLICK HERE

ASIS International 55th Annual Seminar & Exhibits

  • September 21 - 24, 2009
  • Anaheim, CA, USA

For event details CLICK HERE

Discount to ISSA Members: Receive the ASIS member price

For discounted event registration CLICK HERE

Securecon

  • October 4 - 7, 2009
  • JW Marriott Hotel
  • Dubai, UAE

Cost: US$ 2,599.00
Discount to ISSA Members: US$ 1,899.00
Discount Code: A1029ISSA

For event details and registration CLICK HERE

SC World Congress

  • October 13 -14, 2009
  • Sheraton New York Hotel & Towers
  • New York, NY, USA

Discount to ISSA Members:  $200 off the prevailing rate at time of registration (2 day conference pass only) and/or free exhibits admission
Discount Code: ISSA

For event details and registration CLICK HERE

DeepSec In-Depth Security Conference (IDSC)

  • November 17 - 20, 2009
  • The Imperial Riding School Vienna - A Renaissance Hotel
  • Ungargasse 60, Vienna 1030
  • Vienna, Austria

Cost: Conference Early Bird Booking (L)595, Regular Booking (L)645, On-Site Registration (November 19-20) (L)695; workshops Early Bird Booking (L)1295, Regular Booking (L)1495, On-Site Registration (November 17) (L)1695; package conference + workshops Early Bird Booking (L)1595, Regular Booking (L)1795, On-Site Registration (November 17) (L)1995
Discount to ISSA Members: 20%
Discount Code: issa-Xieph9

For event details and registration CLICK HERE