ISSA E-News: July 30, 2009

In this Issue

  1. Enter Now to Become a Security Star
  2. August Web Conference: The Truth about Securing Mobile Devices
  3. Registration Opens for 25th Anniversary Celebration
  4. Your Organization Can Be a Security Star Too
  5. Call for Whitepapers
  6. Call for Articles: Special ISSA Journal Issue on Standards
  7. ASIS 2009: September 21-24, 2009, Anaheim, CA
  8. PAN Encryption: Yes, We Can Standardize Now - Featured article in the July Issue of the ISSA Journal
  9. Industry On-Demand Webcasts
  10. ISSA Events
  11. Industry Events

Sponsors

Identity Lifecycle Management: Bringing Together Security, Identity and Compliance

Streamline IT security environments and compliance processes. Read the white paper: The Role of Security Management in Achieving Continuous Compliance


Join experts from Imperva and SecureWorks as they discuss how enterprises are satisfying PCI 6.6 and safeguarding their web applications. Register Today for this complimentary webcast.

Enter Now to Become a Security Star

What was your "star moment" as a security professional? Help ISSA chronicle the last 25 years with your most meaningful achievement. Individually and collectively we have established and advanced the knowledge base and practices as the information security industry has evolved. Enter our "Security Stars" contest and add your milestone to the continuum. Stories will be selected to be highlighted in the multi-media presentation during the 25th Anniversary celebration, on the ISSA website, in the ISSA Journal and eNews.

Whether you are a relative newcomer to the profession or a noted industry expert, your contributions make a difference. What stands out in your career? What innovation, strategy or breakthroughs solved a challenging problem or influenced others? What inspired you to focus on information security?

Simply describe your star moment in 85 words or less and the impact it had on your career, your organization's business practices or the industry. There is no limitation on the number of times you may enter as long as your star moments are not duplicated. All contestants will be entered into a random drawing for a $100 VISA gift card and each member whose star moment is featured will receive an ISSA shirt.

Contestants must be ISSA members in good standing. All entries must be received by August 15 at 5:00 p.m. US Pacific Daylight time (Midnight GMT) and should be accompanied by a 1.5 x 2 digital photo @ 300 dpi, 450 x 600 pixels in gif, png, or jpg format.

Let your star shine to celebrate what we have accomplished together over the last quarter century. Enter today.

If you have questions, please contact Dana Paulino, 1 866 349 5818 (toll-free within the US), + 206 388 4584 (international), extension 103.

August Web Conference: The Truth about Securing Mobile Devices

The Truth about Securing Mobile Devices

  • Date: August 11, 2009
  • Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time
  • CPE Credit Available

Web Conference Overview:

Mobile devices are becoming more pervasive and while these devices offer the potential for increased productivity, they also pose many security risks. Join your fellow members as they listen to experts discuss securing mobile devices and what the future holds for mobile computing. Presentations to answer questions such as how feasible is it to fully secure mobile devices, data loss prevention and the potential legal ramifications governing mobile computing devices.

Presentation Includes:

Dr. Pamela Fusco - Director, ISSA International
Web Conference Moderator

Pete Lindstrom - Research Director, Spire Security
Protecting Good Things in Small Packages: Mobile Security
"Small package" mobile devices are no longer personal playthings. They have powerful processors and contain information assets of significant value. It is time to take them seriously. This session discusses the risks associated with mobility - use cases, asset value, and attack surface. It will provide a process for assessing security needs of mobile devices and make recommendations for managing risks.

Joe Gow - Senior Director of Product Management, GuardianEdge
Securing Mobile Devices in the Enterprise
Smartphones and other mobile devices are becoming more pervasive in the enterprise. While these devices offer the potential for increased productivity, they also pose security risks to your organization. Most Smartphones have downloaded emails, and potentially other sensitive data, which may expose organizations to legal liability or competitive disadvantage, if the data falls into the wrong hands. These devices are also an increasing target for malware, which may result in corruption of data on the device, or even worse, sensitive data being sent to others. Additionally, the devices can be used to divulge sensitive information, for example by the camera or the voice recorder. This webcast will show you how you can address these security risks, without interfering with the productivity gains afforded by these devices.

Randy V. Sabett, J.D., CISSP - Partner, Sonnenschein Nath & Rosenthal LLP
Legal Concerns in the Mobile World
Our world has a growing reliance on mobile communications, from slim devices focused on the business needs of the corporate community to flashier devices focused on content and the needs of users focused on entertainment. This increasing mobility brings with it numerous security concerns that raise liability issues for all stakeholders (including the users and producers of the devices, along with those organizations to whose networks these devices connect). This session will focus on several of these issues, including information security liability, export compliance, and issues that arise at the U.S. border.

Thank you to GuardianEdge for their generous support of the August ISSA Web Conference

CLICK HERE to register and begin viewing this ISSA Web Conference

Registration Opens for 25th Anniversary Celebration

As an ISSA member you're invited to be our guest for the 25th Anniversary gala and celebrate what we have accomplished together over the last quarter century. Make your plans today to join us on Sunday, September 20 at 4:30 p.m. US Pacific Daylight time (11:30 p.m. GMT) at the Sheraton Park Hotel at the Anaheim Resort in Anaheim, CA, USA,CLICK HERE to register to attend.. Attire is black tie optional.

The festivities coincide with the ASIS 55th Annual Seminars and Exhibits, which includes a new 30-session ISSA information security track. ISSA members will be able to attend the conference at the ASIS member rate, CLICK HERE for more information.

For questions or additional information, please contact Dana Paulino, 1 866 349 5818 (toll-free within the US), +206 388 4584 (international), extension 103.

Your Organization Can Be a Security Star Too

Your company or organization can join a select group of "Security Stars" for its role in the information security community. With a contribution of $2,000, you will not only be supporting the great work of ISSA, you will also be showcased for your role in the advancement of our industry. As a Security Star, you will have the opportunity to feature your organization's most significant security milestone with an 85 word description of a project, innovation or event that had a major influence on professional practices or the community as a whole. These milestones will be highlighted on the website and as part of our 25th anniversary activities. For more information, please contact Tom Bechtold, 1 866 349 5818 (US), +206 388 4584 (international), extension 101.

Call for Whitepapers

In order to be responsive to emerging threats, technological advancements, and influences within information security, one must tap into the experience and expertise of the professional community. ISSA is soliciting whitepaper submissions by information security professionals that look to inform and educate peers and professionals regarding issues and trends in the industry. Articles are reviewed on the basis of relevance (suitability for readership), timeliness (how in sync content is within an ever changing industry), utility (how directly useful it is), credibility (citations and scholarly awareness), and innovation (how uncommon the topic is).

Evaluation

ISSA Educational Advisory Council (EAC) Whitepaper Committee experts will peer-review all industry whitepapers to ensure and validate the quality, accuracy and relevance. An excellent whitepaper:

  • is relevant to a security practitioner, the chief audience (does include C-level)
  • is related to current trends, technologies and industry issues
  • leans toward practical insights rather than general perspectives
  • is a non-commercial article focused on the informational needs of the reader rather than the benefits of the author's products or services
  • carefully cites sources, resources and exhibits knowledge of the work of industry innovators and experts
  • encompasses subject matter that piques the curiosity of ISSA members/readers
  • caters to an international audience
  • includes diagrams and Illustrations

Format

Whitepapers are expected to be 2-6 pages in length. Please include the following:
  • Project Description (including use cases)
  • Relevant or Related Projects
  • Major Technical Considerations
  • People and Organizations (either potential participants or experts that could be consulted for more information)

Submission

Whitepapers are reviewed on an ongoing basis; there are no deadlines. Authors HERE as attached files and please note the following within the subject line: [EAC Whitepaper Submission: Last Name of first author]. Documents are to be submitted as Microsoft Word documents only and must be accompanied by the ISSA whitepaper copyright release form granting authorization to publish.

For questions or assistance, please contact Jen Huber.

Call for Articles: Special ISSA Journal Issue on Standards

Standards are an integral part of our world. They provide a common, comprehensive framework for defining the security, integrity, availability, governance, and compliance requirements demanded of organizations and their information systems. As such, it is important for security professionals to be aware of current standards, how they are formulated, and how to apply them.

An upcoming issue of the ISSA Journal will be devoted to all aspects of standards. To make that issue as meaningful as possible, we would like to hear from those of you in the trenches who must work with standards on a daily basis. We are interested in formal standards at the national and international level, private industry standards such as PCI, and how to apply and use guidelines such as the U.S. NIST 800 series.

Please submit your articles or questions to the Journal Editor. Our publishing guidelines may be found on the ISSA website in the Journal section.

ASIS 2009: September 21-24, 2009, Anaheim, CA

The ASIS International 55th Annual Seminar and Exhibits is the most comprehensive education and networking event in the security industry - and the leading show dedicated to security. This year ASIS International is partnering with ISSA to offer a track of information security sessions as part of the ASIS 2009 program. To learn more about these 30 high-quality sessions, CLICK HERE.

Discount to ISSA Members: Receive ASIS member pricing. CLICK HERE to register.
(The ISSA branded registration form ensures you receive member pricing before you submit payment.)

See hundreds of leading-edge technologies, products, and services at the ASIS Expo.
FREE Expo Pass registration, CLICK HERE

PAN Encryption: Yes, We Can Standardize Now - Featured article in the July Issue of the ISSA Journal

This month's issue of the ISSA Journal is now available online and features peer-reviewed articles on:

  • Successful Security Control Selection Using NIST SP 800-53
  • ITS Program Management: Talking the Executive Language
  • Balancing IT Security Compliance, Complexity and Cost
  • Performing Hardcopy Risk Assessments for Operational Processes Handling PII
  • Mobile Endpoint Security
  • Data Breach Study Reveals Significant Rise in Targeted Attacks

PAN Encryption: Yes, We Can Standardize Now

By Jason Way - ISSA member, Northern Virginia, USA Chapter

The purpose of this article is to suggest a PAN encryption solution utilizing existing technology in a manner that is both standardized and interoperable.

Abstract

Following up on an article addressing Personal Account Number (PAN) encryption, this submission expands on some of today's common practices related to payment card industry encryption techniques. While most articles are written explaining the need for PAN encryption or the challenges associated with doing so, this article draws light to existing methodologies that can be utilized to encrypt the PAN. The purpose of this article is to suggest a solution utilizing existing technology in a manner that is both standardized and interoperable. Moreover, if these techniques were employed, the industry could begin encrypting the PAN in a matter of months, not years.

To continue reading this and other articles featured in the July ISSA Journal CLICK HERE

If you would like to receive your Journal electronically, simply login to the ISSA website and update your member profile.

Industry On-Demand Webcasts

Security Log Management for Compliance

    Sponsored by: CA
The Transformation of Security Organizations into Business Enablers – and How You Can Use the Web to Accelerate This
    Sponsored by: CA
How to Ensure Data Privacy and Security
    Sponsored by: IBM
Identity-Centric DLP: A New Partnership for Data Security
The union of identity management and data loss prevention solutions
    Sponsored by: CA

Security Stimulus - Information Security Budgets & Priorities in a Down Economy

ISSA Events

Raleigh August Chapter Meeting

Raleigh Chapter of ISSA
  • Thursday, August 6, 2009
  • 6:00 p.m.
  • NCSU McKimmon Center

Cost: Guests: $10, ISSA Members: Free

For event details CLICK HERE or RSVP

ISSA 25th Anniversary Celebration

ISSA International
  • Sunday, September 20, 2009
  • 4:30 p.m. US Pacific Time
  • Anaheim, CA, USA

For event registration CLICK HERE

Magnify Your Security - GA ISSA Annual Meeting

Metro Atlanta Chapter of ISSA
  • October 14, 2009
  • Loudermilk Convention Center
  • Atlanta, GA, USA

Cost: ISSA Members - $65.00, Student ISSA Members - $59.00, Non-ISSA Members - $100.00, Student Non-ISSA Members - $75.00
Discount to ISSA Members: $20.00 off of the $65.00 which = $45.00 - ends July 31
Discount Code: 2009earlybirdspecialmember

For event details CLICK HERE

For event registration CLICK HERE

2009 Triangle InfoSeCon

Raleigh Chapter of ISSA
  • Thursday, October 15, 2009
  • 7:30 a.m. to 4:30 p.m.
  • North Carolina St Univ, McKimmon Conference Center
  • Raleigh, NC, USA

Cost: ISSA Members $30, Standard Registration $85

For event registration CLICK HERE

Check us out...Reserve your sponsorship slot or register now!

2009 Triangle InfoSeCon Call for Papers

Paper submissions due July 30, CLICK HERE to submit online.

ISSA CISO Executive Forum

*CISO Forum dates and locations are subject to change.
Anaheim, CA September 19 - 20, 2009
Theme: Cyber Crime
Las Vegas, NV November 12 - 13, 2009
Theme: Looking forward; What the CISO Will Need to Know in The Next Decade

For details on the CISO Forum please visit http://ciso.issa.org.

*CISO Executive Memberships are subject to approval. Applicants and guests must be executive level information security professionals; reporting directly to the CEO, CFO, CIO, and be responsible for internal security for their organization. Complete membership criteria is available at: http://ciso.issa.org/Membership/Membership-Criteria.html

Industry Events

Zscaler IDC Webcast

  • August 11, 2009
  • Live Online Webcast Event

Cost: Free

For event registration CLICK HERE

SECUREWORLD SPOTLIGHT

August 20, 2009

ISSA MEMBERS are offered a $20 discount off the $95 conference pass which includes access to the Conference Sessions, Exhibits, Lunch and 5 CPE credits. Register on-line using code MAISSA.

For event details and registration CLICK HERE

SECUREWORLD EXPO

September 16 - 17, 2009

September 29 - 30, 2009 October 28 - 29, 2009 November 4 - 5, 2009

ISSA MEMBERS are offered a $100 discount off the $245 conference pass which includes access to the Conference Sessions, Conference Breakfast Keynote, Exhibits & Open Sessions (Includes Lunch) and 12 CPE credits. Register on-line using code ISSNWS9.

SecureWorld+  Extended Training 2009 includes 4+ hours of intense training worth 16 CPE credits and full access to the complete SecureWorld conference program. SecureWorld+ Pass is only $495 with special ISSA member discount, register using code ISSNWS9.

For event details and registration CLICK HERE

Hacker Halted USA 2009

  • September 20 - 24, 2009
  • Hilton Miami Downtown
  • Miami, FL, USA
Cost: $899
Discount to ISSA Members: 10%
Discount Code: HH-SP-ISSA

For event details and registration CLICK HERE

ASIS International 55th Annual Seminar & Exhibits

  • September 21 - 24, 2009
  • Anaheim, CA, USA

Discount to ISSA Members: Receive the ASIS member price
Event details at: www.asisonline.org/ASIS2009

ASIS Keynotes/General Sessions Overview CLICK HERE

Download the Seminar Overview (pdf) CLICK HERE

For ISSA Member discount registration CLICK HERE

Securecon

  • October 4 - 7, 2009
  • JW Marriott Hotel
  • Dubai, UAE

Cost: US$ 2,599.00
Discount to ISSA Members: US$ 1,899.00
Discount Code: A1029ISSA

For event details and registration CLICK HERE

SC World Congress

  • October 13 -14, 2009
  • Sheraton New York Hotel & Towers
  • New York, NY, USA

Discount to ISSA Members:  $200 off the prevailing rate at time of registration (2 day conference pass only) and/or free exhibits admission
Discount Code: ISSA

For event details and registration CLICK HERE

Cornerstones of Trust 2009 Conference

Meeting Security Challenges in Changing Times

San Francisco Bay Chapter of ISSA
Silicon Valley Chapter of ISSA

  • October 14, 2009
  • The Crowne Plaza Hotel
  • Foster City, CA, USA

Cost: $60 Members, $90 Associate Members, $120 Non-Members if you register on-line, an extra $10 at the door.

For event details and sponsorship opportunities CLICK HERE

DeepSec In-Depth Security Conference (IDSC)

  • November 17 - 20, 2009
  • The Imperial Riding School Vienna - A Renaissance Hotel
  • Ungargasse 60, Vienna 1030
  • Vienna, Austria

Cost: Conference Early Bird Booking (L)595, Regular Booking (L)645, On-Site Registration (November 19-20) (L)695; workshops Early Bird Booking (L)1295, Regular Booking (L)1495, On-Site Registration (November 17) (L)1695; package conference + workshops Early Bird Booking (L)1595, Regular Booking (L)1795, On-Site Registration (November 17) (L)1995
Discount to ISSA Members: 20%
Discount Code: issa-Xieph9

For event details and registration CLICK HERE

International Conference on Cloud Computing and Virtualization 2009

  • November 25 - 26, 2009
  • Suntec International Convention and Exhibition Centre
  • Singapore

Cost: S$1499 (Regular Fee) and S$1299 (Early Bird Fee)
Discount to ISSA Members: 10%
Discount Code: ISSA

For event details and registration CLICK HERE
Or contact Gynn Ho at: + 65 6327 0166, or by Email

CeBIT Security World

  • March 2 - 6, 2010
  • Hannover, Germany

Discount to ISSA Members: Discounts vary according to exhibitors' stand selection (i.e. row/corner booth, raw space/turnkey exhibit package). Hannover Fairs offers a "Newcomer special" for companies that have not exhibited at CeBIT in 2009 - this discount is also available for ISSA members. For 2010, we have reduced our pricing to (starting from) (Euro) 244.00/sqm + (Euro) 300 processing fee (excluding 19% reclaimable German VAT), with no additional fees. (Fee provided above in Euros, since the US Dollar exchange rate is subject to change)

For event details and registration CLICK HERE