Home Site Map Log In Contact
Hot Topics

ISSA E-News

A bi-weekly publication from the ISSA International Board

March 16, 2006

Hot Topic – Call For Nominations for the ISSA International Boad of Directors

Notice to all ISSA chapters:

This is a request for nominations for six positions on the ISSA International Board:

  • President
  • Vice President of Education
  • Vice President of International Relations and Development
  • Vice President of Vendor Relations
  • Vice President of Marketing
  • Vice President of CISO Programs

Requirements:

Each nomination must be accompanied by the following information:

  • Statement of Nomination from the member's chapter
  • Member in Good Standing
  • Statement of Goals to Achieve in this position
  • Statement of Commitment form
  • Biography
  • Picture

The biography will inform members of past work experience, other organizations the candidate belongs to, and what contributions were made to ISSA.

The Statement of Commitment form must be completed to ensure the candidate's employer approves of this commitment.

The form is attached here and can also be found in the References section of the File Library, http:/www.issa.org/cgi/library.cgi?library=References&file_index=0, under the title "BoardCommitmentForm11.10pdf".

Forms should be faxed to 414-768-8001 or 414-768-8030.

  • Please e-mail all information to the Chairman of the Nominations Committee, William Tompkins, at electionchair@issa.org.
  • All email sent to " electionchair@issa.org" should receive a reply message saying, "Thank you for your submission.

    • If you haven't received a confirmation message from the Election Chair by April 16, 2006, please contact ISSA Headquarters at 414-908-4949 x12"

    In this Issue

    Sponsored By

    Summary of Cyber Security Awareness Month

    For the second year in a row, the public and private sectors joined forces to organize National Cyber Security Awareness Month, a national collaborative effort to educate Internet users of all ages about safe online practices. The National Cyber Security Alliance (NCSA) is pleased to report that National Cyber Security Awareness Month 2005 was a solid success. Through a combination of media relations and state and local events, we estimate that we reached more than 70 million consumers with NCSA messages throughout the month of October. Moreover, to Date, the NCSA's TV Public Service Announcement has aired over 4,000 times on Cable and Local TV in major markets, totaling an estimated value of $1,469,145. As a result of these media events, traffic to the NCSA website increased by over 300% from September to October, which translates to hundred of thousands of visits to the StaySafeOnline website.

    The summary results noted above are demonstrable progress against our objectives for the month, specifically:

    • To increase awareness of computer security issues and the National Cyber Security Alliance across designated key audiences – home users, small businesses and the education community
    • To encourage the adoption of safe online behaviors among key audiences during National Cyber Security Awareness month and beyond

    To achieve results against these goals, the NCSA and our partners embarked upon a multi-faceted consumer education campaign, which included the following elements:

    • A media relations campaign highlighting National Cyber Security Awareness Month, which emphasized TV coverage as a means by which to create a "domino effect" of media momentum which would trickle down to all target audiences during October
    • A television PSA, audio PSA, web banners and matte columns, which would augment media relations efforts and provide an additional level of awareness for the NCSA
    • Multiple state and local-market events, which provided a grassroots forum for explaining computer security issues and educating the public about safe online behaviors
    • All activities culminated in a call-to-action to visit www.staysafeonline.org for more information, including tips for maximizing online security. To ensure a positive consumer experience, the website was re-designed for greater ease of use, visual appeal and comprehensiveness, including providing links to additional sites beyond the NCSA's site.

    The cumulative media impact of National Cyber Security Awareness Month was impressive. Specific highlights included:

    • 4,269 Placements of the PSA on major network affiliates, including ABC, NBC, CBS and Fox. The PSA aired in markets ranging from New York to San Francisco, and to Date, the equivalent ad value of the PSA airings totals $1,469,145.
    • 243 TV Placements as the result of a satellite media tour and B-roll distribution, which featured co-spokespeople, Ron Teixeira from NCSA, and Andy Purdy from The Department of Homeland Security. Some these Placements were shown in major TV markets like Washington D.C., Dallas and Cincinnati.
    • 645 radio Placements from a Radio Public Service Announcement, reaching an estimated 18.5 million consumers, and an additional 17 radio interviews as the result of a joint radio tour between NCSA and The National Consumers League that reached over 18 million consumers.
    • Several high-profile print Placements announcing National Cyber Security Awareness Month, including a nationally-syndicated article by the Scripps-Howard News Service, which was picked up by more than a dozen newspapers nationwide, as well as key Placements on cnn.com, all reaching an estimated readership of 10 million consumers.
    • Additionally, 36 governors signed proclamations supporting their states' participation in National Cyber Security Awareness Month, most of those governors issued individual press releases, resulting in additional print articles in newspapers.
    • Moreover, 41 academic institutions all over the country, ranging from community colleges to major universities, held events and participated in various National Cyber Security Awareness Month activities. This played a key part in our grassroots efforts to deliver cyber security messages to key audiences like college professors, students and employees.
    • Microsoft, an NCSA sponsor, developed and Placed advertorials supporting National Cyber Security Awareness Month in high-profile media such as Wall Street Journal, New York Times, and Roll Call.
    • Additionally, a number of NCSA sponsors and partners Placed web banners on their sites advocating support for National Cyber Security Awareness Month, including AOL, whose ad banner generated a total of 57,507,361 impressions with a CTR (click through rate) of 0.17%.

    Equally as important as the number of media impressions, however, was the number of state and local grassroots events that allowed for greater explanation and hands-on instruction advocating safe online behavior. Sample highlights included:

    • NCSA, DHS and FTC kick-off press conference for National Cyber Security Awareness Month
    • Cornell University "Cyber Security Awareness Day"
    • Center for Democracy and Technology: Anti-Spyware Coalition Press Event
    • Arizona State Cyber Security Awareness Week
    • Microsoft, FTC and Consumer Action Press Event: "Don't Get Tricked On Halloween"
    • New York City Mass Transit Authority Cyber Security Fair
    • University of Maryland "C3 Conference" and October is National Cyber Security Awareness Month

    The results for National Cyber Security Awareness Month were indeed impressive, and certainly represent a marked improvement over those attained in the inaugural year of 200 Nonetheless, there are many ways in which we can improve our efforts for 2006. Preliminary recommendations include:

    • Secure approval of all stakeholders and grassroots events early. Last NCSAM, spokespeople, stakeholders and local market/grassroots events were not finalized until mid-September. Even though staff turnover and changes within NCSA's organization caused a delay in finalizing many of these events, we hope to work with all stakeholders this year to develop a plan for next NCSAM that is approved and ready for execution by mid-August.
    • Craft a more compelling message. Since computer security is frequently covered in the media, it is difficult for the NCSA's awareness and education messages to break through the already existing cyber security/safety clutter. Although this year's campaign focusing on identity theft generated good results, we feel we could have accomplished more by taking a fresh and bold new approach. We hope by planning early for NCSAM this year, will give NCSA the opportunity to execute a campaign that takes a more aggressive approach and has a point of view that is unique to NCSA.
    • Have necessary media tools in Place to be able to respond quickly to media opportunities as they arise. National Cyber Security Awareness Month is a manufactured news event -- not news in and of itself. Therefore, it is critical to release new information in the form of a study during NCSAM, or sponsor a program that has a news hook that will pique reporters' interest.
    • Increase private and public sector involvement in NCSAM. Although we had more companies and public institutions involved in NCSAM this past year than the year before, we need to continue to recruit new participants and organizations to participate in NCSAM 2006. Increasing private and public sector participants will help us widen our reach and maximize our grassroots efforts. In preparation for this October, we will ask NCSA Stakeholders to help recruit organizations that have not traditionally taken part in NCSAM in the past.
    • Make the NCSAM Tools available well in advance of NCSAM. The NCSA needs to make NCSAM Tools like ad banners, supporting organization documents and guidelines on what organizations can do for NCSAM available in Spring 2006. Providing organizations with information early on NCSAM will hopefully increase the amount of events that take Place during October.

    We welcome your thoughts on these recommendations and would be happy to discuss them with you at greater length. In fact, this report, along with the 2005 NCSA Survey sent to members will be used during the 2006 planning session, which will form the basis for an annual plan for 2006 National Cyber Security Awareness Month. We look forward to continuing our partnership with you, and to working together towards the common goal of educating all key stakeholders about safe and secure online behaviors.

    ISSA Webcasts

    Building A Secure LAN

    Presented By: Lloyd Hession, BT Radianz & Michelle McLean, ConSentry Networks
    Sponsored By: ConSentry Networks

    This webcast features Lloyd Hession, CISO of BT Radianz, discussing his LAN security issues and his recommendations for best practices. He'll discuss his tips for deploying NAC (Network Admission Control), gaining LAN visibility, applying access controls to users, and protecting the business from threats such as worms. He'll also discuss a LAN security platform that he's successfully deployed.

    This Webcast is available On Demand. [View Webcast]

    Managing Multiple Regulations: Take the Fast Track from Complexity to Compliance

    Sponsored By Symantec Corporation
    Presented by David E. Smith, Symantec Corporation

    The growing importance of information technology and the transition of personal records into digital formats have made privacy and information security critical issues. But corporations are being bogged down in the quagmire of regulations which leaves them struggling to meet complex challenges and manage the high cost of security compliance. Acting as a "hidden tax on profits," regulatory audits are rededicating resources to meet these compliance objectives. This resource drain is beginning to directly impact the corporate bottom line and affect the ability to do business.

    Join us for this look at how organizations are pulling out of the quagmire and getting onto the fast track to compliance by:

    • Conducting regular audits more efficiently so they can reallocate IT resources to more important pursuits
    • Coordinating security requirements from multiple regulations to eliminate costly redundancies and unnecessary controls
    • Mapping controls to performance results to demonstrate improvement and implement a sustainable, auditable compliance posture

    About the Speaker:

    David E. Smith serves as a senior compliance analyst with Symantec, formerly BindView Corporation, working on the company's RAZOR Research Team. Smith has worked in information security for Fortune 500 companies for the last 8 years. Prior to joining BindView, he focused on information security, compliance strategy and program implementation for AEGON's North American companies, including Western Reserve Life, IDEX Mutual Funds and Transamerica. During his tenure, he helped coordinate the information security compliance programs for all of AEGON's North American operations. Smith is a Certified Information Systems Security Professional (CISSP) and holds a professional certificate in Computer Forensics from Oregon State University

    This Webcast is available On Demand [View Webcast]

    Email Security Strategies - What to Plan for in 2006

    Sponsored By Mirapoint
    Presented by Arabella Hallawell, Gartner Research & Bethany Mayer, Mirapoint

    Do you have your email security plan in Place for 2006? Next year IT will face new, even more potentially damaging email security threats and compliance challenges. Featured speaker, Arabella Hallawell, Research VP Gartner will offer you her thoughts on what technology you can apply to assure that your network is protected from never before seen attacks. Email is a mission-critical application - touching all aspects of business communications. Make sure that you are ready for 2006 with the right email security technology choices.

    Know what to expect and how to prepare for 2006, the topics will include:

    • Combat worms, viruses and malware
    • Fighting Spam
    • The right network architecture to fight threats
    • Connection management
    • New technologies you should consider soon
    • And much more...

    This Webcast is available On Demand [View Webcast]

    Free Subscriptions To Industry Leading Publications!

    As a valued member of the Information Systems Security Association, we would like to inform you that we have partnered with Tradepub.com to provide you with free subscriptions to industry leading publications. Each publication is absolutely free and there is no purchase necessary. Publications are ABSOLUTELY FREE to those who qualify!

    Browse from the extensive list of over 300 titles currently offered and be sure to check back often as we will be adding new titles over the coming weeks and months. Click here to subscribe for free!

    NEW! The ISSA Learning Center is Open

    ISSA University-SiegeWorks University

    ISSA and SiegeWorks are pleased to announce high quality, on demand security education and training courses exclusively for ISSA members!

    Local Chapters decide which courses they would like to sponsor for their membership, arrange for the venue and promote the course locally. SiegeWorks University trainers provide onsite training and Trainer the Trainer sessions for Chapters who request it.

    Industry leading trainers, security luminaries as guest lecturers and top-quality materials!

    Course Number Course Description Number of Days Notes

    • IS1100 CISSP Preparation 5 No Test
    • IS1110 SSCP Preparation 5 No Test
    • IS1201 Wireless Security 5 Lab
    • IS1301 Principles of Security 5 Lab
    • IS1302 Advanced Security Concepts 5 Lab
    • IS1401 Practical Penetration Testing 5 Lab
    • IS1402 Building and Operating a Snort IDS 3 Lab
    • IS1403 Computer Forensics 5 Lab
    • IS1501 Web Application 2 Lab
    • IS1801 Policy Writing 3 None
    • IS1802 Incident Response 3 None
    • CS1901 Sarbanes-Oxley Compliance 2 None
    • CS1902 SB-1386 Compliance 2 None

    Interested? Contact your local Chapter President or Education Coordinator to sponsor an ISSA SiegeWorks University course for your local members!

    Click here to request more information.

    Trusted Learning's ISSA Learning Center

    ISSA is working with Interpact, the Security Awareness Company to provide low-cost end-user training on a variety of topics, ranging from Security Awareness 101 to Identity Theft. Individuals can purchase courses or member organizations can open their own private learning centers and choose from a menu of existing courseware or upload proprietary training courses for their employees or customers.

    Visit the ISSA homepage and click the link for the ISSA Learning Center, enter the access code (sa101cEn) then register as a student, purchase the courses and then begin taking them immediately. Here is a list of the courses available today:

    • Why Security Awareness? - FREE An overview of the need for Computer Security Awareness. This is targeted toward managers and executives who need the basics or a current upDate.
    • Internet and Computer Ethics for Kids - $3 This Course is based upon Winn Schwartau's hit book by the same name. We teach our kids how to use computers, but not about when and what to do with them. What is right and what is wrong? Parents are too often clueless - the kids know more. What do we do? This Course.
    • SA101 Humorous 2005 - $5 This is a short, non-technical 60 minute overview of Security Awareness - with an emphasis on keeping students entertained.
    • SA101 Corporate 2005 -$5 This is a short, non-technical 60-minute overview of Security Awareness.
    • Email Safety at Home and Work - $5 Learn how to avoid viruses, worms and spyware trying to get into company and home computers through e-mail, Web sites and IM applications.
    • ID Theft - $5 Learn what your identity information is, where it resides, how it gets exposed, how thieves steal and abuse identities and how to protect your identity information from theft.
    • Social Engineering at Work and Home - $5 There are infinite ways scammers convince us to give over private information on the phone, Internet and in person. Learn how to recognize common techniques and antics of these scammers so you won't fall victim to them.
    • SPYWARE - $5 Learn how Spyware gets onto computers and what it does - like logging keystrokes and bogging down computers and networks. Then learn what you can do about it.
    • Viruses Protection at Work and Home - $5This course will show employees how viruses and worms spread, the damage they cause, and the steps they should take to protect their work and home computers from getting infected (and how to remove viruses or worms if they do).

    Upcoming Conferences & Discounts

    TRISC, Texas Regional Infrastructure Security Conference, 2006 Conference - Houston, TX

    • May 15 - 17
    • Sharing Experience and Knowledge to Strengthen Security

    Conference Objectives:Provide an annual educational and networking event that will enhance the knowledge, skill, and professional growth of the conference alliance members and other attendees. TRISC involves individuals in: national, state or local governments; institutions of higher education; private and public businesses. The conference offers attendees a unique forum for the discussion of topics that are of mutual interest to security professionals in the areas of information, infrastructure, and facilities.

    Tracks

    • Law & Forensics
    • Cyber Security
    • Business Continuity & Disaster Recovery
    • Risk / Security Management
    • Infrastructure Protection/SCADA
    • Physical Security

    Registration Fees

    • Early Registration After April 15 Members – $299.00, $399.00
    • First Responders – $3200, $4200
    • Non Members – $399.00, $499.00

    For information on registration, exhibits, and sponsorships, contact:

    TRISC 2006
    c/o Swift Solutions
    8701 Bluffstone, #2308
    Austin, Texas 78759
    Phone (toll-free): (877) 451-8700
    Fax: (866) 498-6527
    Email: debswift@swift-solutions.org

    For on-line information and updates, visit: http:/www.trisc.org/
    Hyatt Regency Hotel: http:/www.houstonregency.hyatt.com
    (Ask for special TRISC attendee rates)

    Information Security Professionals - earn your NSA certifications. Training so good, we teach the competition!

    There's only ONE WAY to get your NSA certifications, and that’s by attending an NSA sponsored IAM/IEM course. Learn the NSA way of assessing your organizations security posture and conducting security evaluations of networks utilizing hands-on methodologies. ISSA members receive discounts up to $500! *U.S. Citizenship required*

    Learn more at: http:/www.fountainheadcollege.edu/ia/nsa/

    ID Management 2006 Summit & Technology Showcase

    March 7-8, 2006
    Venue:
    Tumbalong Rooms & Foyer,
    Sydney Convention & Exhibition Centre,
    Darling Drive, Darling Harbour, Sydney NSW 2000

    The ID Management Summit 2006 aims at bringing together the users and suppliers of ID management solutions and technology to discuss business and government initiatives, latest trends and developments, large scale deployments, partnerships & alliances, developing standards, new applications, new business opportunities and future direction.

    For full conference details and to register please visit ID Management 2006 website.

    LinuxWorld and NetworkWorld Conference and Expo 2006

    April 24-26, 2006
    Toronto, Canada

    The TWSUG is a supporting association of this event. Featuring the latest in strategic technology, this conference/tradeshow will draw a host of key figures in the IT community, from forward-thinking users to decision-making executives. You can view the conference schedule, presentation abstracts, and more by visiting http:/www.lwnwexpo.plumcom.ca.

    ISSA and TWSUG members receive a 25% discount on ALL admission packages and free admission to the tradeshow – Just use code A101 when registering.

    **Early Bird rates available until March 17th**

    Attend CSI NETSEC '06 June 12-14, 2006 in Scottsdale, Arizona at The Phoenician

    The most comprehensive conference in the industry on network security, with 14 tracks and 110 sessions. Tracks on: Attacks & Countermeasures, Management & Governance, Awareness, Risk & Audit, Wireless, Hands-On Tech, Access Management and more. Don't miss this important event, reserve your Place now. Register today at CSINetSec.com

    Email: csi@cmp.com
    Phone: (415) 947-6320

    e-Symposium Series

    The ISSA is delighted to announce the launch of a ground-breaking series of 1-day online conferences, entitled "2006 ISSA e-Symposium Series". The e-Symposia are designed to facilitate the knowledge sharing and gathering amongst our international members and within the global information security community as a whole. Building on the highly successful IT Security e-Symposium, each e-Symposium features interactive, live presentations and round table debates by the world's leading information security experts. Access is free of charge to ISSA members with a special code (see member's area) and anyone with a PC, an internet connection and a soundcard can attend from the convenience of their office. Other useful tools during the live events include Q&A, web-based chat and a message board. Register Now free of charge your special code: B99731, www.issa.e-symposium.com Mark your calendars now to avoid disappointment. NEXT - 26 Apr 06: IT Governance e-Symposium, Strategic Partners: ISACA, ISF, ISC(2)
    26 Jul 06: Business Continuity & Disaster Recovery e-Symposium 25 Oct 06: Emerging Threats & Response e-Symposium 24 Jan 07: IT Security e-Symposium

    Any questions? Please contact Val-Pierre Genton, vgenton@bright-talk.com. The e-Symposium series is organized and delivered by BrightTALK, www.bright-talk.com.

    Articles Wanted!

    The ISSA Journal, the official publication of the ISSA, is looking for information security articles on a variety of topics concerning the information security practitioner. Possible topics:

    • e-mail security
    • the latest threats
    • certifications
    • legislation
    • security for mobile devices
    • social engineering
    • international legislation
    • policy enforcement

    Word count: 1,500 to 3,000 words. Please send over a short summary of what the article will cover. Any questions? Contact Jenny Kasza, the editor of The ISSA Journal, at theeditor@issa.org for more details.