ISSA E-News: August 6, 2009

In this Issue

  1. August Issue of the ISSA Journal Now Available Online
  2. A Global Problem: Cyberspace Threats Demand an International Approach - August ISSA Journal Featured Article
  3. August Web Conference: The Truth about Securing Mobile Devices
  4. Congratulations to New International Board Members
  5. Register Now for 25th Anniversary Celebration
  6. Enter Now to Become a Security Star: Deadline August 15
  7. Your Organization Can Be a Security Star Too
  8. ASIS 2009: September 21-24, 2009, Anaheim, CA
  9. Call for Whitepapers
  10. On-Demand ISSA Web Conferences
  11. ISSA Events
  12. Industry Events

Sponsors

Introducing the World's Only FIPS 140-2 Level 3 USB Flash Drive, with AES 256-bit Hardware Encryption


The Leader in Endpoint Data Protection www.guardianedge.com

August Issue of the ISSA Journal Now Available Online

This month's issue of the ISSA Journal is now available online and features peer-reviewed articles on:

  • A Global Problem: Cyberspace Threats Demand an International Approach
  • De-perimeterized Architecture
  • The End of the Edge
  • Why Security Standards?
  • Building PCI DSS Compliant Web Applications
  • The Role of Security in IT GRC and Business Functions

A Global Problem: Cyberspace Threats Demand an International Approach - August ISSA Journal Featured Article

By David Willson - ISSA member, Colorado Springs, USA Chapter

Nation-states defend their borders from outside attack, but cyberattacks against nations know no borders. The author proposes designating certain Internet hubs as international cyberspace so nations can defend themselves from cyberattacks.

In the summer of 2008 the nation-state of Georgia was attacked by hackers, presumably from Russia. The media speculated it was the first "cyberwar," since the attacks were launched on the eve of the ground invasion by Russia into Georgian territory. About a year earlier, Estonia was attacked by hackers, "disabling websites of government ministry, political parties, newspapers, banks, and companies." Many believe the Russian government was also responsible or at least witting in these attacks. More recently, during the Gaza conflict between Israel and Hamas, hackers attacked Israeli websites.

Cyberspace, of which the Internet is a large part, is an amazing technological resource and has literally changed the way people communicate, do business, and relate to each other. It allows for people from opposite sides of the globe to connect instantly. This resource, though, is not without its problems and the "bad guys" have learned to use it for nefarious purposes: identity theft, computer viruses, network intrusions, and child pornography among them. "Businesses are losing some $20 billion a year in productivity due to cyberspace disruptions."4 Some of these issues might be more easily addressed by nations and the world if certain portions of cyberspace were designated "international cyberspace."

To continue reading this and other articles featured in the July ISSA Journal CLICK HERE

If you would like to receive your Journal electronically, simply login to the ISSA website and update your member profile.

August Web Conference: The Truth about Securing Mobile Devices

  • Date: August 11, 2009
  • Start Time: 9am US Pacific /12 noon US Eastern/ 5pm London Time
  • CPE Credit Available

Web Conference Overview:
Mobile devices are becoming more pervasive and while these devices offer the potential for increased productivity, they also pose many security risks. Join your fellow members as they listen to experts discuss securing mobile devices and what the future holds for mobile computing. Presentations to answer questions such as how feasible is it to fully secure mobile devices, data loss prevention and the potential legal ramifications governing mobile computing devices.

Presentation Includes:
Dr. Pamela Fusco - Director, ISSA International
Web Conference Moderator

Pete Lindstrom - Research Director, Spire Security
Protecting Good Things in Small Packages: Mobile Security
"Small package" mobile devices are no longer personal playthings. They have powerful processors and contain information assets of significant value. It is time to take them seriously. This session discusses the risks associated with mobility - use cases, asset value, and attack surface. It will provide a process for assessing security needs of mobile devices and make recommendations for managing risks.

Joe Gow - Senior Director of Product Management, GuardianEdge
Securing Mobile Devices in the Enterprise
Smartphones and other mobile devices are becoming more pervasive in the enterprise. While these devices offer the potential for increased productivity, they also pose security risks to your organization. Most Smartphones have downloaded emails, and potentially other sensitive data, which may expose organizations to legal liability or competitive disadvantage, if the data falls into the wrong hands. These devices are also an increasing target for malware, which may result in corruption of data on the device, or even worse, sensitive data being sent to others. Additionally, the devices can be used to divulge sensitive information, for example by the camera or the voice recorder. This webcast will show you how you can address these security risks, without interfering with the productivity gains afforded by these devices.

Randy V. Sabett, J.D., CISSP - Partner, Sonnenschein Nath & Rosenthal LLP
Legal Concerns in the Mobile World
Our world has a growing reliance on mobile communications, from slim devices focused on the business needs of the corporate community to flashier devices focused on content and the needs of users focused on entertainment. This increasing mobility brings with it numerous security concerns that raise liability issues for all stakeholders (including the users and producers of the devices, along with those organizations to whose networks these devices connect). This session will focus on several of these issues, including information security liability, export compliance, and issues that arise at the U.S. border.

Thank you to GuardianEdge for their generous support of the August ISSA Web Conference

CLICK HERE to register.

Congratulations to New International Board Members

The 2009 election for the ISSA International Board of Directors is complete. The Nominating and Election Committee would like to thank each of you who took the time to participate in the election and cast your vote for those leaders you feel will best represent your vision for ISSA. We extend our congratulations to your new Board representatives and our heartfelt appreciation to all of the candidates. It is an honor to be nominated and a tribute to their dedication and commitment to our profession.

The ballots have been counted and certified and we are pleased to announce your newly-elected Board members:

Vice President: Kevin Richards
Chief Financial Officer: Pamela Fusco
Secretary/Chief Operating Officer: Pete Lindstrom
Directors:

  • Candy Alexander
  • Andrea Hoy
  • Brian Schultz
  • Ira Winkler

The formal announcement and installation of officers will take place at ISSA's 25th Anniversary on 20 September at 4:30 p.m. U.S. Pacific Daylight Time (11:30 p.m. GMT) at the Sheraton Park Hotel at the Anaheim Resort in Anaheim, CA, USA.

It is a privilege to serve as the chairman of the Nominating and Elections Committee. I was ably assisted by a hard-working group of volunteers: Rinaldi Rampen, CISSP, QSA, (Delaware Valley); Paul Levy, CISSP, (United Kingdom); Kevin Spease, CISSP-ISSEP, (Sacramento Valley); Jeffrey Sweet, CISSP, ITIL, (Central Ohio); and Bart Moerman, CISSP, CISM, (Brussels European).

Sincerely,
William Tompkins, CISSP, CBCP
Chairman, ISSA Nominating and Election Committee

Register Now for 25th Anniversary Celebration

As an ISSA member you're invited to be our guest at the 25th Anniversary gala, as we celebrate what we have accomplished together over the last quarter century. Make plans today to join us on Sunday, September 20 at 4:30 p.m. US Pacific Daylight time at the Sheraton Park Hotel in Anaheim, CA, USA. Attire is black tie optional. CLICK HERE to register to attend.

The festivities coincide with the ASIS 55th Annual Seminars and Exhibits, which includes a new 30-session ISSA information security track. ISSA members will be able to attend the conference at the ASIS member rate, CLICK HERE to register.

For questions or additional information, please contact Dana Paulino, 1 866 349 5818 (toll-free within the US), +206 388 4584 (international), extension 103.

Enter Now to Become a Security Star - Deadline August 15

What was your "star moment" as a security professional? Help ISSA chronicle the last 25 years by showcasing your proudest achievement. Individually and collectively we have established and advanced the knowledge and practices as the information industry has evolved. Enter our "Security Stars" contest and add your milestone to the continuum. The stories that are selected will be incorporated into the 25th Anniversary celebration multi-media presentation, the ISSA website, in the ISSA Journal and in E-News.

CLICK HERE to share your shining star moment.

All contestants will be entered into a random drawing for a $100 VISA gift card and each member whose star moment is featured will receive an embroidered ISSA polo shirt.

If you have questions, please contact Dana Paulino, 1 866 349 5818 (toll-free within the US), + 206 388 4584 (international), extension 103.

Your Organization Can Be a Security Star Too

Your company or organization can join a select group of "Security Stars" for its role in the information security community. With a contribution of $2,000, you will not only be supporting the great work of ISSA, you will also be showcased for your role in the advancement of our industry. As a Security Star, you will have the opportunity to feature your organization's most significant security milestone with an 85 word description of a project, innovation or event that had a major influence on professional practices or the community as a whole. These milestones will be highlighted on the website and as part of our 25th anniversary activities. For more information, please contact Tom Bechtold, 1 866 349 5818 (US), +206 388 4584 (international), extension 101.

ASIS 2009: September 21-24, 2009, Anaheim, CA

The ASIS International 55th Annual Seminar and Exhibits is the most comprehensive education and networking event in the security industry - and the leading show dedicated to security. This year ASIS International is partnering with ISSA to offer a track of information security sessions as part of the ASIS 2009 program. To learn more about these 30 high-quality sessions, CLICK HERE.

Discount to ISSA Members: Receive ASIS member pricing. CLICK HERE to register.
(The ISSA branded registration form ensures you receive member pricing before you submit payment.)

See hundreds of leading-edge technologies, products, and services at the ASIS Expo.
FREE Expo Pass registration, CLICK HERE

Call for Whitepapers

In order to be responsive to emerging threats, technological advancements, and influences within information security, one must tap into the experience and expertise of the professional community. ISSA is soliciting whitepaper submissions by information security professionals that look to inform and educate peers and professionals regarding issues and trends in the industry. Articles are reviewed on the basis of relevance (suitability for readership), timeliness (how in sync content is within an ever changing industry), utility (how directly useful it is), credibility (citations and scholarly awareness), and innovation (how uncommon the topic is).

Evaluation

ISSA Educational Advisory Council (EAC) Whitepaper Committee experts will peer-review all industry whitepapers to ensure and validate the quality, accuracy and relevance. An excellent whitepaper:

  • is relevant to a security practitioner, the chief audience (does include C-level)
  • is related to current trends, technologies and industry issues
  • leans toward practical insights rather than general perspectives
  • is a non-commercial article focused on the informational needs of the reader rather than the benefits of the author's products or services
  • carefully cites sources, resources and exhibits knowledge of the work of industry innovators and experts
  • encompasses subject matter that piques the curiosity of ISSA members/readers
  • caters to an international audience
  • includes diagrams and Illustrations

Format

Whitepapers are expected to be 2-6 pages in length. Please include the following:
  • Project Description (including use cases)
  • Relevant or Related Projects
  • Major Technical Considerations
  • People and Organizations (either potential participants or experts that could be consulted for more information)

Submission

Whitepapers are reviewed on an ongoing basis; there are no deadlines. Authors should submit HERE as attached files and please note the following within the subject line: [EAC Whitepaper Submission: Last Name of first author]. Documents are to be submitted as Microsoft Word documents only and must be accompanied by the ISSA whitepaper copyright release form granting authorization to publish.

For questions or assistance, please contact Jen Huber.

On-Demand ISSA Web Conferences

ISSA Web Conferences offer education on today's most important issues.
CPE Credit Available: ISSA Members will be eligible for a certificate of attendance, after successful completion of a post event quiz, to submit CPE credits for various certifications. ISSA Web Conference presentation slides have also been made available HERE (ISSA Member Login Required).

Non Repudiation of Data: Maintaining the Integrity of Data and Information

July 14, 2009
Sponsored by: Websense, Inc.

CLICK HERE to register and begin viewing the July ISSA Web Conference

Preparing for Investigation: Forensics and eDiscovery

April 28, 2009
Sponsored by: Google Enterprise

CLICK HERE to register and begin viewing the April ISSA Web Conference

Supporting New Technologies: Cloud Computing and Virtualization

February 17, 2009
Sponsored by: Google Enterprise

CLICK HERE to register and begin viewing the February ISSA Web Conference

ISSA Events

ISSA 25th Anniversary Celebration

ISSA International
  • Sunday, September 20, 2009
  • 4:30 p.m. US Pacific Time
  • Anaheim, CA, USA

For event details CLICK HERE

For event registration CLICK HERE

Cornerstones of Trust 2009 Conference

"Meeting Security Challenges in Changing Times"
San Francisco Bay Chapter of ISSA
Silicon Valley Chapter of ISSA

  • October 14, 2009
  • The Crowne Plaza Hotel
  • Foster City, CA, USA

Cost: $60 Members, $90 Associate Members, $120 Non-Members if you register on-line, an extra $10 at the door.

For event details and sponsorship opportunities CLICK HERE

2009 Triangle InfoSeCon

Raleigh Chapter of ISSA
  • Thursday, October 15, 2009
  • 7:30 a.m. to 4:30 p.m.
  • North Carolina St Univ, McKimmon Conference Center
  • Raleigh, NC, USA

Cost: ISSA Members $30, Standard Registration $85

For event registration CLICK HERE

Check us out...Reserve your sponsorship slot or register now!

Magnify Your Security - GA ISSA Annual Meeting

Metro Atlanta Chapter of ISSA
  • Tuesday, November 11, 2009
  • 7:00 a.m. to 5:00 p.m.
  • Loudermilk Convention Center
  • Atlanta, GA, USA

Cost: ISSA Members - $65.00, Student ISSA Members - $59.00, Non-ISSA Members - $100.00, Student Non-ISSA Members - $75.00

For event details CLICK HERE

For event registration CLICK HERE

ISSA CISO Executive Forum

*CISO Forum dates and locations are subject to change.
Anaheim, CA September 19 - 20, 2009
Theme: Cyber Crime
Las Vegas, NV November 12 - 13, 2009
Theme: Looking forward; What the CISO Will Need to Know in The Next Decade

For details on the CISO Forum please visit http://ciso.issa.org.

*CISO Executive Memberships are subject to approval. Applicants and guests must be executive level information security professionals; reporting directly to the CEO, CFO, CIO, and be responsible for internal security for their organization. Complete membership criteria is available at: http://ciso.issa.org/Membership/Membership-Criteria.html

Industry Events

Zscaler IDC Webcast

  • August 11, 2009
  • Live Online Webcast Event

Cost: Free

For event registration CLICK HERE

SECUREWORLD SPOTLIGHT

August 20, 2009


ISSA MEMBERS are offered a $20 discount off the $95 conference pass which includes access to the Conference Sessions, Exhibits, Lunch and 5 CPE credits. Register on-line using code MAISSA.

For event details and registration CLICK HERE

SECUREWORLD EXPO

September 16 - 17, 2009

September 29 - 30, 2009 October 28 - 29, 2009 November 4 - 5, 2009

ISSA MEMBERS are offered a $100 discount off the $245 conference pass which includes access to the Conference Sessions, Conference Breakfast Keynote, Exhibits & Open Sessions (Includes Lunch) and 12 CPE credits. Register on-line using code ISSNWS9.

SecureWorld+  Extended Training 2009 includes 4+ hours of intense training worth 16 CPE credits and full access to the complete SecureWorld conference program. SecureWorld+ Pass is only $495 with special ISSA member discount, register using code ISSNWS9.

For event details and registration CLICK HERE

Hacker Halted USA 2009

  • September 20 - 24, 2009
  • Hilton Miami Downtown
  • Miami, FL, USA
Cost: $899
Discount to ISSA Members: 10%
Discount Code: HH-SP-ISSA

For event details and registration CLICK HERE

ASIS International 55th Annual Seminar & Exhibits

  • September 21 - 24, 2009
  • Anaheim, CA, USA

Discount to ISSA Members: Receive the ASIS member price
Event details at: www.asisonline.org/ASIS2009

ASIS Keynotes/General Sessions Overview CLICK HERE

Download the Seminar Overview (pdf) CLICK HERE

For ISSA Member discount registration CLICK HERE

Securecon

  • October 4 - 7, 2009
  • JW Marriott Hotel
  • Dubai, UAE

Cost: US$ 2,599.00
Discount to ISSA Members: US$ 1,899.00
Discount Code: A1029ISSA

For event details and registration CLICK HERE

SC World Congress

  • October 13 -14, 2009
  • Sheraton New York Hotel & Towers
  • New York, NY, USA

Discount to ISSA Members:  $200 off the prevailing rate at time of registration (2 day conference pass only) and/or free exhibits admission
Discount Code: ISSA

For event details and registration CLICK HERE

DeepSec In-Depth Security Conference (IDSC)

  • November 17 - 20, 2009
  • The Imperial Riding School Vienna - A Renaissance Hotel
  • Ungargasse 60, Vienna 1030
  • Vienna, Austria

Cost: Conference Early Bird Booking (L)595, Regular Booking (L)645, On-Site Registration (November 19-20) (L)695; workshops Early Bird Booking (L)1295, Regular Booking (L)1495, On-Site Registration (November 17) (L)1695; package conference + workshops Early Bird Booking (L)1595, Regular Booking (L)1795, On-Site Registration (November 17) (L)1995
Discount to ISSA Members: 20%
Discount Code: issa-Xieph9

For event details and registration CLICK HERE

International Conference on Cloud Computing and Virtualization 2009

  • November 25 - 26, 2009
  • Suntec International Convention and Exhibition Centre
  • Singapore

Cost: S$1499 (Regular Fee) and S$1299 (Early Bird Fee)
Discount to ISSA Members: 10%
Discount Code: ISSA

For event details and registration CLICK HERE
Or contact Gynn Ho at: + 65 6327 0166, or by Email

CeBIT Security World

  • March 2 - 6, 2010
  • Hannover, Germany

Discount to ISSA Members: Discounts vary according to exhibitors' stand selection (i.e. row/corner booth, raw space/turnkey exhibit package). Hannover Fairs offers a "Newcomer special" for companies that have not exhibited at CeBIT in 2009 - this discount is also available for ISSA members. For 2010, we have reduced our pricing to (starting from) (Euro) 244.00/sqm + (Euro) 300 processing fee (excluding 19% reclaimable German VAT), with no additional fees. (Fee provided above in Euros, since the US Dollar exchange rate is subject to change)

For event details and registration CLICK HERE