- Log In
- Renew Online
- Discount Programs
- Membership Card
- Webcasts
- Member Search
- Your Profile
- Support Materials
- ISSA Journal
- E-News
- Volunteer Committees
- Webcast Policies
Upcoming Live Webcasts
eSeminar: The Next Generation of Endpoint Data Protection
Date: Thursday, Dec. 4th, 2008
Time: 11am US Pacific / 2pm US Eastern / 7pm London Time
Sponsored By: GuardianEdge
Register at: http://www.guardianedge.com/eseminar/monthly/invite/ge/eseminar-20081204/
Click here for more information.
Current On-demand Webcasts
Architecting SOA Securely
Tuesday, October 28, 2008
Sponsored by: LAYER 7 TECHNOLOGIES
Description: SOA is not just a methodology for integrating systems and data; it is also a means of integrating diverse legacy security models. It is therefore critical to give security a commanding role in any SOA project. Identity, confidentiality, integrity, audit, key management, and reliability are all critical aspects of SOA that you must consider upfront for the architecture to succeed. This talk is about recognizing that SOA is an opportunity to make distributed computing more secure from the beginning. We will discuss how existing security models can be integrated and adapted, preserving costly investments. You will learn how to apply security design patterns, such as defense-in-depth, to build partitioned zones of trust within a SOA. An examination of how identity federation works in SOA will suggest how you can construct SOAs to accommodate complex and evolving organizational relationships. Finally, we will evaluate the impact of new standards and emerging infrastructure in the modern, secure SOA.
Speaker Biography: K. Scott Morrison is the VP of Engineering and Chief Architect at Layer 7 Technologies, where he is leading a team to develop the next generation of security infrastructure for Web services. An architect and developer of highly scalable, enterprise systems for over 15 years, he has extensive experience across industry sectors as diverse as health, travel and transportation, and financial services. Scott has also been a Director of Architecture and Technology at Infowave Software, a maker of wireless security and acceleration software for mobile devices, and held senior architect positions with IBM. Before shifting to the private sector, he spent a number of years at the world-renowned medical research program of the University of British Columbia, studying neurodegenerative disorders using medical imaging technology. Scott is a dynamic and highly sought-after speaker. He has published over 50 book chapters, magazine articles, and papers in medical, physics, and engineering journals. He is the recent co-author of Java Web Services Unleashed and Professional JMS. Scott is an editor of the WS-I Basic Security Profile, as well as a co-author of the WS-Federation specification. His current interests are in Web services security, secure mobile computing, grid systems, and enterprise system architectures.
How to Defend Your Data by Deploying an Enterprise Encryption Solution
Tuesday, October 28th, 2008
Sponsored by: GuardianEdge
Join a panel of experts in a live discussion sponsored by GuardianEdge. Brenda Gombosky, Program Director for the Kentuckiana Chapter of the ISSA, describes how to evaluate an enterprise security solution. Bring your questions!
View webcast »
ISSA eSymposium: Online Conference on Log Management for e-Discovery, Forensics, Change Management and More: Earn 3 CPE Credits
October 29th, 2008
ISSA is delighted to invite you to their upcoming eSymposium titled "Log Management for e-Discovery, Forensics, Change Management and More" on October 29th, 2008 at 8:00 am PDT/11:00 am EDT/4:00 pm BST
You will hear industry experts Owen O’Connor of Security Careers, Patrick Taylor of Oversight Systems, Sudha Iyer of LogLogic and Seth Leone of Stroz Friedberg speak on the importance of log management, digital forensics and logging financial transactions.
In this online conference, you will learn about:
- What options are available from the ERP vendors, and how you can create a secure audit log of the financial transactions in your general ledger, accounts payable, accounts receivable, and other financial systems.
- How log management solutions can be used to address e-discovery concerns, incident investigations, forensics and more.
- How log files are managed in typical digital forensic investigations.
- Some case examples where the availability or integrity of log files has helped or hurt a digital forensic investigation.
Speakers will present live online, giving you the opportunity to interact in real-time from the convenience of your desk.
This online event is hosted by ISSA (http://issa.brighttalk.com) and powered by BrightTALK (www.brighttalk.com).
Key Components of a Risk-Based Security Plan: Creating a Plan That Works
September 23rd, 2008
Sponsored by: Foundstone Professional Services (a division of McAfee)
Webcast Description:
Strict enforcement of information security-related regulations and compliance requirements are gaining the attention of executive management and also generating the need for a separate information security team and budget. But before approving an organizational and budgetary change, the executive management is asking for a long-term strategy that addresses the core security challenges faced by the organization instead of simply tackling the day-to-day tactical security issues.
Sounds easy right? Not really! Many security budgets are based on a vulnerability assessment, which is extremely technical in nature and focused only on a few critical systems and applications. Therefore the vulnerabilities identified are primarily related to Technology and don't do a good job of identifying vulnerabilities related to People and Processes.
This Webcast will present a more effective alternative approach: a Risk-Based Security Plan. We'll review the three important stages of developing a risk-based security plan that will not only be more effective, but will also be more readily accepted by executive management:
Stage 1 - Information Security Risk Assessment: An information security risk assessment identifies, measures, and prioritizes the risks based on several factors such as impact, likelihood, affected IT assets, etc. Once the risks are identified, appropriate recommendations (strategic as well as tactical) are drawn up to effectively address these risks.
Stage 2 - Security Plan: The security roadmap recommendations as well as the overall strategic, tactical, and operational goals of the organization serve as the input to the security plan. The security plan translates these recommendations (prioritized by risk and overall organizational goals) into actionable activities, outlining the specific projects needed to address these recommendations, resource requirements for each project, and suggested timelines.
Stage 3 - Security Budget: Once the information from Stage 2 is available, you can proceed to drawing up an information security budget that is relatively straightforward and effortless.
Join us for this informative Webcast and be on your way to creating a strategic security plan that can get you the budget and resources you need.
Speaker Biography:
Jason Bevis
Director of Consulting
Foundstone Professional Services
As Director of Consulting for Foundstone, Jason Bevis leads the Foundstone Professional Services Northeastern region. Jason is a mentor to consultants, assists in the sales process, and oversees client projects to ensure that quality and excellence are provided from start to finish. Jason is also responsible for developing new business in the region, growing the practice, and providing cutting-edge risk management and security planning services to Foundstone's clients.
Jason's security expertise includes development and implementation of programs for security management and governance, awareness, incident response, security policies, business continuity, and disaster recovery planning. He has tactical experience in architecting, designing, and implementing security controls for large-scale infrastructure environments including IDS/IPS, identity management, single sign-on, and vulnerability assessments. He is also very versed in ISO 27001, SOX, HIPAA, COBIT, ITIL, PHIN, FFIEC, and other compliance regulations and standards.
ISSA/ISACA Webinar-DNS Security: New Threats, Immediate Responses, Long Term Outlook
August 7th, 2008
Webcast Description:
Details of a recent exploit of known DNS vulnerabilities were revealed on 21 July 2008, with the potential to impact nearly all of the 11 million DNS servers on the Internet. The exploit enables an attacker, in less than a minute, to redirect an organization's web traffic to rogue sites and steal account names, passwords and other sensitive data without detection. It is critical for all organizations to respond to this threat immediately. DNS has other known vulnerabilities, and additional exploits are expected. This means that managing DNS security is going to require a consistent, long-term process.
In this webinar, DNS expert Cricket Liu, author of O'Reilly's DNS and BIND will join Dan Kaminsky - the security researcher who discovered the DNS exploit - to discuss the role of DNS in modern networks, the current DNS exploit, as well as additional DNS threats and ways to mitigate them. They will also present a checklist and tools that can be used to audit DNS infrastructures.
Roles Based Access Governance: Best practices for Practitioners
July 22nd, 2008
Sponsored by: Aveksa
Webcast Description:
Although roles-based access control (RBAC) has been the subject of much interest in the past, experience with it has been mostly disappointing. Dealing with the complexity of managing roles at the infrastructure level (applications, data, files, file shares, host and network level) is daunting to organizations, and an obstacle to deploying effective roles-based governance. Role design is best done as a hybrid approach, from the top down to reflect business process and from the bottoms up to incorporate an accurate and complete view of access. With this approach, the resulting business roles are more effective at streamlining compliance, making it more sustainable, as well as enabling organizations to proactively manage access-related risks.
This Webcast will review best practices of role engineering and maintenance that help establish, measure, and maintain a continuous roles lifecycle management process and ensure regulatory compliance:
- The new role design methodology - creating a top down and bottom-up hybrid approach
- How to enable collaboration between major stakeholders in creating roles and driving accountability
- Why roles require continuous lifecycle management (roles are a process not a project)
- How using a metrics-driven approach for roles maintenance avoids roles proliferation
- How roles management enables good security governance and reduces business risk
- How role management simplifies compliance and speeds up initial access delivery and change
Speaker Biography:
Deepak Taneja founded Aveksa in 2004 and led the company from inception through Feb 2008 before moving into the role of President and CTO. In this role, he is responsible for driving Aveksa's technology vision and ensuring that the company's solutions deliver the capabilities that customers need to solve their access governance challenges for today and tomorrow. Previously, he was CTO and VP of Engineering at Netegrity, where he was instrumental in establishing the company as a market leader in Identity and Access Management. Deepak has also held senior management roles at Switchboard, Banyan Systems and Intel Corporation. He holds a B. Tech in Electrical Engineering from the Indian Institute of Technology, Kanpur, and an M.S. in Electrical Engineering from the University of Florida.
Key Steps to Securing Your Organization and Evicting a Hacker
June 17th, 2008
Sponsor: Foundstone Professional Services (a division of McAfee)
Webcast Description:
A security breach can be a daunting event, and often results in a chaotic frenzy. What should you do first? This Webcast shares valuable information about the measures you should take in order to better secure your organization from a security breach, and the key steps to get you back on track after a hack. Using the OSI Layers as a basis for discussion, we'll take you through the following:
- The Hacker Community is Evolving. Can You Keep Up?
- Layers 1 & 2: Physical and Datalink. Have strong physical controls, isolate compromised hosts from the rest of the network, secure or disable all wireless access points
- Layers 3 & 4: Network and Transport. Secure all egress and ingress points, monitor all traffic coming in and out of your network, and log every single host to a remote system log server
- Layers 5 & 6: Session and Presentation. Encryption, encryption,encryption!
- Layer 7: Application. Secure all web applications, use software to detect hackers
- Layers 8 & 9: Politics and Finance. Not traditionally on the OSI layers but definitely important to consider
- Preventative Measures
Be prepared for the unexpected. Join us for this informative Webcast to equip you and your organization with the tools to beat the hackers before they defeat you!
Speaker Biography:Jerry Pierce, Principal Consultant at Foundstone Professional Services Jerry has more than 20 years experience in the Information Security field. His passion for security started when he was taught how to hack into UNIX systems in order to determine their weaknesses and secure them. From there he's held various positions, including: Vice President of Internal Audit at Wells Fargo where he performed technical audits of the banks systems and applications, to Chief Information Security Analyst at VISA International where he performed intrusion detection, incident response & forensics. He officially joined the Incident Response & Forensics field in 1998, teaching a variety of both foreign and domestic organizations and law enforcement agencies the intricacies of Incident Response. He is currently a Principal Consultant at Foundstone Professional Services where he is a critical team member of the Incident Response and Forensics practice.
Understanding Employee Behavioral Profiles to Stop Insider Threats
June 3rd, 2008
Sponsored by: Raytheon Oakley Systems
The key to early insider threat detection and incident prevention is understanding the types of behaviors - social, digital, and environmental - that characterize an employee moving down a path the leads them to internal fraud, theft, harassment, or sabotage. This includes face-to-face interactions with peers and superiors, professional stress factors, home and family issues, job satisfaction, at-risk personal characteristics, and other leading indicators of potential risk.
This webinar, featuring Dawn Capelli, who leads CERT's Insider Threat Research initiatives, will cover both the behavioral profiles that lead to malicious insider events as well as the typical channels used to perpetrate their actions. Additionally, Tom Bennett from Raytheon will briefly demonstrate visual monitoring tools that allow security professionals, incident response teams, digital forensics investigators, auditors, and even legal and HR managers to see events in complete context, showing user intent and providing a clear path to remediation and long term mitigation.
Speakers:
Dawn Cappelli is Senior Member of the Technical Staff in CERT at Carnegie Mellon University's Software Engineering Institute. She has over 25 years experience in software engineering, technical project management, and information security. She is lead of CERT's insider threat and threat modeling team. Team accomplishments include the Insider Threat Study conducted with the U.S. Secret Service, the MERIT insider threat models, and a model of espionage created for the Department of Defense. Ms. Cappelli regularly presents at national conferences, and is adjunct professor in Carnegie Mellon's Heinz School of Public Policy and Management.
Prior to joining CERT in 2001, Ms. Cappelli was technical project manager for a variety of projects at the university. Prior to CMU, Cappelli worked for Westinghouse Electric Corporation, where she designed and developed nuclear power plant systems, including real-time graphical user interface systems for power plant operators and Computer-Aided Engineering systems for nuclear plant designers.
Tom Bennett is the Vice President of Marketing for Raytheon Oakley Systems. Prior to joining Raytheon Oakley, Bennett was a founding executive of Applied Identity, where he served as Vice President of Marketing and was instrumental in turning the company into a leader in the Identity Based Access Management space. Bennett also held Vice President of Marketing positions at Teros (acquired by Citrix), Securant Technologies (acquired by RSA), and AllBusiness (Acquired by NBCi). Previous positions include Director of International Marketing at Netscape (acquired by AOL) and Director of Marketing at Sonic Solutions [NASDAQ: SNIC].
What Hackers Know about Critical Infrastructure Systems that You Don't
April 29th, 2008
Sponsored by: Secure Computing
Learn how our critical infrastructure systems are in jeopardy from both inside and outside attacks. We will discuss how a trusted security model can protect critical systems from interconnections to IT systems and the rest of the world.
Elan Winkler
Director of Solutions, Secure Computing Corporation
Elan Winkler is director of Solutions for Secure Computing Corporation. In this role, she is responsible for multi-product initiatives across a broad spectrum of security-related topics.
Winkler is a security veteran, with extensive (19 years) experience in desktop, gateway, email, encryption and Web security. She has held senior positions at several security technology companies, including MCI Telecommunications, Entrust, Sigaba, Finjan and GreenBorder. Elan was responsible for product launches and vertical industry marketing for the finance, retail/grocery, healthcare, and oil/gas sectors.
Elan is a member of Women in Telecommunications and the Silicon Valley Product Management Association. She is a frequent speaker at industry and technical conferences worldwide.
Information Security and Privacy Convergence
April 22nd, 2008
Sponsored By: SAI Global
Webcast Description:
The worlds of compliance, risk management, information security and privacy seem to be coming closer together. In fact, conversation about the convergence of Information Security and Privacy, in particular, has dominated Web sites, trade shows, conferences and journal articles over the last year. Does this convergence truly exist, and, if so, what kind of overlap have we already seen in the workplace? If convergence is happening, is collaboration between the two areas really necessary, or is it simply a trend unto itself? And just as importantly, what are the implications for information security and privacy professionals during and after the convergence?
The role of governance is influencing the convergence discussion since, similar to other risk management discussions, governance has moved from the back to the front burner. Managers at top and middle levels frequently recognize that collaboration between the two areas is required to improve business process and organizational efficiency as well as reduce business risk. Yet the collaboration tools and techniques are often not in place to allow organizations to most effectively enable the cooperation they desire.
This Webcast will highlight the latest trends in information security and privacy and talk about the general area of convergence as well as the role that legislation plays in the convergence discussion. Specific examples where the areas come together in legislation will be discussed and recent cases highlighted.
Learn how information security and privacy collaboration can improve your business and the types of overlap that should be considered.
Speaker: Rebecca Herold, CIPP, CISSP, CISM, CISA, FLMI
"The Privacy Professor ™ "
Rebecca Herold is an information privacy, security and compliance consultant, author and instructor who has provided information security, privacy and compliance services to organizations in a wide range of industries throughout the world for over 17 years.
In October, 2007, Rebecca was named one of the "Best Privacy Advisers" in two of three categories by Computerworld magazine. Rebecca was also named one of the "Top 59 Influencers in IT Security" for 2007 by IT Security magazine.
Rebecca assists organizations of all sizes and industries, including those in the Fortune 100, with their information privacy, security and regulatory compliance programs, content development, and strategy development and implementation. She offers a range of standard and customized one and two-day workshops including one addressing how individuals across disciplines can work together to most effectively assure privacy and regulatory compliance while efficiently implementing security controls.
Rebecca is working on her 11th book, writes multiple monthly columns and also creates the quarterly "Protecting Information" multi-media information security and privacy awareness subscription news source (http://www.informationshield.com/protectinginformation.html). She also serves as an Adjunct Professor for the Norwich University Master of Science in Information Assurance (MSIA) program.
ISSA eSymposium on Identity Management - User Provisioning
April 3rd, 2008
Please join ISSA for this recorded version of the popular eSymposium series, first broadcasted on April 3rd.
Listen to industry experts such as Dan Geer, Merritt Maxim, Diana Kelley, and Avinash Rajeev.
PCI DSS - Your Stepping Stone to a Trusted Security Model
March 25th, 2008
Sponsor: Secure Computing
In this informative session, listeners will be provided with a status of the current adoption of the PCI standard.
In addition, Ms. Winkler will discuss how to use PCI as a stepping stone to create a culture of compliance - one that's built on a trusted security model. This trusted security model enables enterprises to protect their data, their people and their infrastructure with easy to deploy and manage technology.
Speaker Biography:
Elan Winkler
Director of Solutions, Secure Computing Corporation
In this role, she is responsible for multi-product initiatives across a broad spectrum of security-related topics.
Winkler is a security veteran, with extensive (19 years) experience in desktop, gateway, email, encryption and Web security. She has held senior positions at several security technology companies, including MCI Telecommunications, Entrust, Sigaba, Finjan and GreenBorder. Elan was responsible for product launches and vertical industry marketing for the finance, retail/grocery, healthcare, and oil/gas sectors.
Elan is a member of Women in Telecommunications and the Silicon Valley Product Management Association. She is a frequent speaker at industry and technical conferences worldwide.
Security Threats to Mobile Deployments
March 18th, 2008
Sponsor: Sybase iAnywhere
Companies and public sector bodies alike are at risk from unauthorized access and the loss of valuable corporate and personal data. Recent events in the news have highlighted just how real this risk is. Achieving confidentiality of data through encryption is straightforward. The challenge that organizations face is how to strike the right balance between confidentiality, integrity and availability, particularly when data is exchanged between partner organizations, and data is stored on mobile devices that reside outside the glass house of security. Technology is available to secure data, but processes also need to be in place to ensure compliance and enable access to the encrypted information. In this session, you'll learn what strategies to use to protect your organization against the repercussions of lost or stolen devices.
Speakers:
- Mark Wright
- Senior Systems Consultant
- Sybase iAnywhere
Mark Wright offers more than a decade of experience in mobile communications and technology. In his current role as a Senior Systems Consultant at Sybase iAnywhere, Mark evangelizes the importance of mobile management and security, and assists customers with product evaluations and technical questions. Mark is a subject matter expert in security, application enablement and device management. Mark came into the organization through the acquisition of Extended Systems where he held positions as Lead Support Engineer and Professional Services Developer for Mobile Groupware and Embedded Bluetooth Development. Mark holds a Bachelor degree in Computer Science from Boise State University where he specialized in Beowulf Clustering. Mark is a member of the Boise ISSA chapter.
Data Breaches and the Insider Threat: What to Do?
February 12th, 2008
Sponsor: Code Green Networks
Organizations today have multi-layered defenses to defend against threats originating from outside the corporate network. Unfortunately, the majority of security breaches making headlines today involve information assets, customer data or personal information that has been leaked as a result of an insider's actions - either accidental or malicious. After all, within most organizations lie computer and social networks of surprising complexities and inefficiencies. The challenge of securing the dynamic environment within an enterprise is at the heart of the prevalence of insider threats. This Webcast surveys recent publicly-announced data breaches tied to malicious or inadvertent actions of a person within the company. It identifies the key weaknesses in the security controls that have allowed the incident to occur, and presents a high-level framework for mitigating the risk of such breaches.
Featured Speakers:
- Lenny Zeltser, Senior Security Consultant and Author
- Brian Czarny, Vice President Marketing, Code Green Networks
A distinguished figure in the security industry, Lenny Zeltser leads the New York security consulting team at SAVVIS, a premier provider of IT infrastructure services. He is also a member of the Board of Directors at SANS Technology Institute, a senior faculty member at SANS, and an incident handler at the Internet Storm Center. Lenny co-authored a number of books, including Inside Network Perimeter Security and Malware: Fighting Malicious Code. He also contributed articles to publications such as the Information Security magazine, and presented to IT executives at conferences and private summits. In addition to holding the CISSP certification, Lenny is one of the few individuals in the world who have earned the highly-regarded GIAC Security Expert (GSE) designation.
Brian Czarny, the Vice President of Marketing at Code Green Networks, has more than 12 years experience building technology brands and has been regularly quoted as an industry expert on a range of security and messaging topics in media and broadcast outlets around the world including The New York Times, Wall Street Journal, Business Week, Information Week, eWeek, CNN, ABC 20/20, and CNBC.
Security for a Web 2.0 World
January 15th, 2008
Sponsor: Blue Coat
Web 2.0 opens the door for small scale, short duration attacks aimed at specific organizations. Learn how these attacks function and mitigation steps to protect your organization. IT organizations are facing increased complexity in the Web 2.0 world where employees expect collaborative information sharing and just in time delivery of content. A new set of criteria for web gateway security is required, and solutions must scale to enterprise levels, deliver zero-hour protection with dynamic ratings, and allow blended threat protection upon a high performance architecture, often with hardware acceleration.
Learn how to protect your organization from emerging Web 2.0 threats hidden in collaborative content, here-and-gone phishing sites, and unproductive web surfing. Every employee click in a client browser can open a doorway into your enterprise network, and backdoor activities often fly below network radar monitoring tools. Yesterday's static tools of URL filter lists, anti-virus signature files, and overt blocking methods no longer provide complete web security, and often impact network performance.
The Web 2.0 environment consists of two-way content, making the web an application platform. These rich interactive applications increase the chance of malware infection. And given that most organizations are using URL filtering lists as their primary web filter, they stand unprepared for malware threats, outbound data loss, and unmonitored areas that include SSL, IM, P2P and streaming media. Make your organization's migration into the Web 2.0 world a secure and scalable solution by attending this ISSA webinar.
Featured Speaker:
Tom Clare, Senior Product Marketing Manager
Tom has driven marketing projects at Blue Coat since its entry into the Secure Web Gateway (SWG) market and is currently responsible for ProxySG related marketing projects. Prior to Blue Coat, Tom held product marketing and product management positions with Check Point Software Technologies, Qualys and McAfee. His security career began with a federal firewall project in the mid-90s and has since encompassed firewall, VPN, encryption, intrusion detection, risk-assessment, anti-virus and proxy solutions. He enjoys speaking and educating on new technologies and trends, often with a sense of humor. Tom holds a BS in Computer Science from Central Michigan University and an MBA from the University of Texas.
Now available: Archived reversions of all the 2007 ISSA e-Symposia
December 6, 2007
These sessions take an in-depth look at issues such as: IT Governance, PCI Compliance, and Emerging Threats.