Home Site Map Log In Contact
Hot Topics

ISSA E-News

A bi-weekly publication from the ISSA International Board

April 13, 2006

Hot Topic – Call For Nominations for the ISSA International Boad of Directors - DEADLINE APRIL 16, 2006

Notice to all ISSA chapters:

This is a request for nominations for six positions on the ISSA International Board:

  • President
  • Vice President of Education
  • Vice President of International Relations and Development
  • Vice President of Vendor Relations
  • Vice President of Marketing
  • Vice President of CISO Programs

Requirements:

Each nomination must be accompanied by the following information:

  • Statement of Nomination from the member's chapter
  • Member in Good Standing
  • Statement of Goals to Achieve in this position
  • Statement of Commitment form
  • Biography
  • Picture

The biography will inform members of past work experience, other organizations the candidate belongs to, and what contributions were made to ISSA.

The Statement of Commitment form must be completed to ensure the candidate's employer approves of this commitment.

The form is attached here and can also be found in the References section of the File Library, under the title "BoardCommitmentForm11.10pdf".

Forms should be faxed to 414-768-8001 or 414-768-8030.

  • Please e-mail all information to the Chairman of the Nominations Committee, William Tompkins, at electionchair@issa.org.
  • All nominations must be received by April 16, 2006.
  • All email sent to " electionchair@issa.org" should receive a reply message saying, "Thank you for your submission.

If you haven't received a confirmation message from the Election Chair by April 16, 2006, please contact ISSA Headquarters at 414-908-4949 x12" In this Issue

ISSA Webcasts

Controlling the Cost of IT Compliance: Best Practices in Multi-Regulatory Compliance Management

Sponsored By: Scalable Software, LLC

Presented By: Patrick McBride, Vice President of Compliance Solutions, Scaleable Systems & Colleen Murphy, Director of Compliance Solutions Delivery, Scaleable Systems The cost of complying with SOX is sapping millions from the typical IT budget, with no relief in sight. And for IT organizations in sectors facing multiple regulatory manDates and standards such as financial services (SOX / GLBA / HIPAA), energy and utilities (SOX / NERC) and health care (SOX / HIPAA), IT organizations and security teams are rapidly becoming overwhelmed. Learn how forward thinking companies are 'killing two birds with one stone' by creating rationalized control frameworks and automating the IT compliance life cycle, enabling them to eliminate the cost and effort associated with redundant and duplicative IT compliance projects. Learn best practices and approaches for developing a comprehensive compliance and security management program that will help ensure IT compliance eliminate unnecessary and redundant efforts. Learn how to:

  • Create and document a rationalized control framework applicable across multiple regulatory manDates and standards
  • Document the policy and control environment while ensuring awareness
  • Automate key compliance management and testing processes
  • Cost-effectively manage the complete IT compliance lifecycle from understanding manDates to documenting audit evidence

[View Webcast]

The Intelligent Enterprise - Closing the Zero-Hour Gap on Inbound and Outbound Attacks

Sponsored By Proofpoint Inc.

Presented by Rami Habal, Proofpoint Zero-day vulnerabilities have traditionally been about virus and computer worm exploits. However, in this age of more sophisticated threats, the zero-hour gap includes a range of inbound and outbound threats that can cost your enterprise money and cause severe damage to your networks. The intelligent enterprise can protect itself by anticipating and eliminating these threats before they cause damage. In this web seminar "The Intelligent Enterprise - Closing the Zero-Hour Gap on Inbound and Outbound Attacks", Proofpoint product expert Rami Habal will discuss zero-hour threats as they relate to an organization's messaging security infrastructure including viruses, spam and content security. In this webinar you will learn about:

  • The emergence and range of inbound and outbound threats that exploit the zero-hour gap.
  • Today's tools for attackers and negligent employees.
  • How to anticipate threats and minimize your exposure during the zero-hour gap.
  • Actual, recent outbreaks and how zero-hour protection eliminated these threats.
  • How to complement your existing multi-layer defense and your lockdown policies.

Speaker BioRami Habal is Senior Product Manager at Proofpoint, where he is responsible for Proofpoint's flagship messaging security solution, the Proofpoint Protection Server and works closely with the Proofpoint Anti-Spam Research Lab. Prior to Proofpoint, Rami worked at Mohr Davidow Ventures, Cisco Systems, Hughes Electronics, and several startups. He holds a BSEE from UVa. He also holds master's degrees in Business and Public Administration from MIT and Harvard, respectively. This Webcast will be available On Demand April 20, 2006

Free Subscriptions To Industry Leading Publications!

As a valued member of the Information Systems Security Association, we would like to inform you that we have partnered with Tradepub.com to provide you with free subscriptions to industry leading publications. Each publication is absolutely free and there is no purchase necessary. Publications are Absolutely Free to those who qualify! Browse from the extensive list of over 300 titles currently offered and be sure to check back often as we will be adding new titles over the coming weeks and months. Click here to subscribe for free!

NEW! The ISSA Learning Center is Open

ISSA University-SiegeWorks University
ISSA and SiegeWorks are pleased to announce high quality, on demand security education and training courses exclusively for ISSA members! Local Chapters decide which courses they would like to sponsor for their membership, arrange for the venue and promote the course locally. SiegeWorks University trainers provide onsite training and Trainer the Trainer sessions for Chapters who request it.

Industry leading trainers, security luminaries as guest lecturers and top-quality materials!

Course Number Course Description Number of Days Notes

  • IS1100 CISSP Preparation 5 No Test
  • IS1110 SSCP Preparation 5 No Test
  • IS1201 Wireless Security 5 Lab
  • IS1301 Principles of Security 5 Lab
  • IS1302 Advanced Security Concepts 5 Lab
  • IS1401 Practical Penetration Testing 5 Lab
  • IS1402 Building and Operating a Snort IDS 3 Lab
  • IS1403 Computer Forensics 5 Lab
  • IS1501 Web Application 2 Lab
  • IS1801 Policy Writing 3 None
  • IS1802 Incident Response 3 None
  • CS1901 Sarbanes-Oxley Compliance 2 None
  • CS1902 SB-1386 Compliance 2 None

Interested? Contact your local Chapter President or Education Coordinator to sponsor an ISSA SiegeWorks University course for your local members!

Click here to request more information.

Trusted Learning's ISSA Learning Center

ISSA is working with Interpact, the Security Awareness Company to provide low-cost end-user training on a variety of topics, ranging from Security Awareness 101 to Identity Theft. Individuals can purchase courses or member organizations can open their own private learning centers and choose from a menu of existing courseware or upload proprietary training courses for their employees or customers.

Visit the ISSA homepage and click the link for the ISSA Learning Center, enter the access code (sa101cEn) then register as a student, purchase the courses and then begin taking them immediately. Here is a list of the courses available today:

  • Why Security Awareness? - FREE An overview of the need for Computer Security Awareness.
    This is targeted toward managers and executives who need the basics or a current upDate.
  • Internet and Computer Ethics for Kids - $3
    This Course is based upon Winn Schwartau's hit book by the same name. We teach our kids how to use computers, but not about when and what to do with them. What is right and what is wrong? Parents are too often clueless - the kids know more. What do we do? This Course.
  • SA101 Humorous 2005 - $5
    This is a short, non-technical 60 minute overview of Security Awareness - with an emphasis on keeping students entertained.
  • SA101 Corporate 2005 -$5
    This is a short, non-technical 60-minute overview of Security Awareness.
  • Email Safety at Home and Work - $5
    Learn how to avoid viruses, worms and spyware trying to get into company and home computers through e-mail, Web sites and IM applications.
  • ID Theft - $5
    Learn what your identity information is, where it resides, how it gets exposed, how thieves steal and abuse identities and how to protect your identity information from theft.
  • Social Engineering at Work and Home - $5
    There are infinite ways scammers convince us to give over private information on the phone, Internet and in person. Learn how to recognize common techniques and antics of these scammers so you won't fall victim to them.
  • SPYWARE - $5
    Learn how Spyware gets onto computers and what it does - like logging keystrokes and bogging down computers and networks. Then learn what you can do about it.
  • Viruses Protection at Work and Home - $5
    This course will show employees how viruses and worms spread, the damage they cause, and the steps they should take to protect their work and home computers from getting infected (and how to remove viruses or worms if they do).

Upcoming Conferences & Discounts

Cyber Security Summit

May 22-23, 2006
Sawgrass Marriott Resort
Ponte Vedra Beach, FL

The Cyber Security Summit brings together senior-level Information Security executives from leading companies to discuss the hottest topics in the industry including; Convergence of IT and the Law, Converging the Roles of the CSO and the CISO, IT Governance and the Synergy with Information Security and Emerging Technologies and the Policies that TRY to Control Them. The unique format of the summit pairs executives from Solution Provider companies with Information Security executives for one-on-one meeting and gives attendees the opportunity to attend conference sessions, panel discussions, workshops, as well as special networking events. An exciting line-up of speakers participating in this event! To find out more contact Shelly-Ann Hurdle at shelly-annh@marcusevansbb.com visit www.cybersecuritysummit.com. Special Registration Offer Applies to ISSA members who mention this code: CYBER239.

The ISSA is delighted to announce the launch of a ground-breaking series of 1-day online conferences, entitled "2006 ISSA e-Symposium Series".

The e-Symposia are designed to facilitate the knowledge sharing and gathering amongst our international members and within the global information security community as a whole. Building on the highly successful IT Security e-Symposium, each e-Symposium features interactive, live presentations and round table debates by the world's leading information security experts. Access is free of charge to ISSA members with a special code (see member's area) and anyone with a PC, an internet connection and a soundcard can attend from the convenience of their office. Other useful tools during the live events include Q&A, web-based chat and a message board.

Register Now free of charge your special code: B99731, www.issa.e-symposium.com

Mark your calendars now to avoid disappointment.

Next - 26 Apr 06: IT Governance e-Symposium, Strategic Partners: ISACA, ISF, ISC(2)
26 Jul 06: Business Continuity & Disaster Recovery e-Symposium 25 Oct 06: Emerging Threats & Response e-Symposium 24 Jan 07: IT Security e-Symposium

Any questions? Please contact Val-Pierre Genton, vgenton@bright-talk.com. The e-Symposium series is organized and delivered by BrightTALK, www.bright-talk.com.

4th Annual InfoSec Conference

When: Wednesday, April 26, 2006
Where: Nampa Civic Center Nampa, ID
Cost: FREE - Paid by Sponsors!
Extras: Win an iPod, golfing trips, and more!
Flyer: Please Share Our 2006 Conference Flyer

TRISC, Texas Regional Infrastructure Security Conference, 2006 Conference - Houston, TX

May 15 - 17
Sharing Experience and Knowledge to Strengthen Security

Conference Objectives:Provide an annual educational and networking event that will enhance the knowledge, skill, and professional growth of the conference alliance members and other attendees. TRISC involves individuals in: national, state or local governments; institutions of higher education; private and public businesses. The conference offers attendees a unique forum for the discussion of topics that are of mutual interest to security professionals in the areas of information, infrastructure, and facilities.

Tracks:

Law & Forensics

Cyber Security

Business Continuity & Disaster Recovery

Risk / Security Management

Infrastructure Protection/SCADA

Physical Security

Registration Fees

Early Registration After April 15

Members $299.00 $399.00

First Responders $3200 $4200

Non Members $399.00 $499.00

For information on registration, exhibits, and sponsorships, contact:

TRISC 2006
c/o Swift Solutions
8701 Bluffstone, #2308
Austin, Texas 78759
Phone (toll-free): (877) 451-8700
Fax: (866) 498-6527
Email: debswift@swift-solutions.org

For on-line information and updates, visit: http:/www.trisc.org/
Hyatt Regency Hotel: http:/www.houstonregency.hyatt.com
(Ask for special TRISC attendee rates)

Information Security Professionals - earn your NSA certifications. Training so good, we teach the competition!

There’s only ONE WAY to get your NSA certifications, and that’s by attending an NSA sponsored IAM/IEM course. Learn the NSA way of assessing your organizations security posture and conducting security evaluations of networks utilizing hands-on methodologies. ISSA members receive discounts up to $500! *U.S. Citizenship required*

Learn more at: http:/www.fountainheadcollege.edu/ia/nsa/

3rd Annual ID Theft Symposium

Customer Identification & Authentication Management in Financial Services
May 22-23, 2006
Marriott Marquis
New York, NY

Learn from veterans and representatives of the industry. Get an industry upDate for 2006 and learn about fraud and authentication problems directly from bankers. Find out what types of systems bankers and seasoned professionals see as being the most effective in a porous network. Covering all aspects of identity theft, speakers will discuss legal intricacies, ethical views of the industry, and solutions to real problems. For more information, please visit www.srinstitute.com/cf331

Gartner IT Security Summit 2006

June 5-7, 2006
Washington, D.C.
gartner.com/us/itsecurity

Six tracks and more than 100 sessions cover the spectrum of IT security issues ... with actionable guidance from the largest and savviest team of IT security analysts in the word, road-tested best practices, real-world case studies, and an inside look at new and emerging tools and technologies.

Members of Information Systems Security Association are entitled to a special $200 discount. Call 1 800 778 1997 and be sure to mention priority code ISSA when you register. Offer not available on the web.

C3, Corporate & Channel Computing Expo

Compliance World Expo
June 27-29, 2006
The Javits Center - NYC

Successfully launched in 2005, C3 brings corporate and channel buyers together with the industry's premier technology manufacturers. More than 8,500 enterprise professionals from the fields of business, finance, government, retail and education attended last year's event in New York City. New for 2006, C3 is joined by ComplianceWorld Expo - the northeast's leading compliance event featuring a comprehensive educational program along with exhibitors who have the know-how to bring genuine solutions to today's IT challenges.

For detailed information concerning the security conference and overall conference program please go to www.c3expo.com

LinuxWorld and NetworkWorld Conference and Expo 2006

April 24-26, 2006
Toronto, Canada

The TWSUG is a supporting association of this event. Featuring the latest in strategic technology, this conference/tradeshow will draw a host of key figures in the IT community, from forward-thinking users to decision-making executives. You can view the conference schedule, presentation abstracts, and more by visiting http:/www.lwnwexpo.plumcom.ca. ISSA and TWSUG members receive a 25% discount on ALL admission packages and free admission to the tradeshow - Just use code A101 when registering.

**Early Bird rates available until March 17th**

Attend CSI NETSEC '06 June 12-14, 2006 in Scottsdale, Arizona at The Phoenician.

The most comprehensive conference in the industry on network security, with 14 tracks and 110 sessions. Tracks on: Attacks & Countermeasures, Management & Governance, Awareness, Risk & Audit, Wireless, Hands-On Tech, Access Management and more. Don't miss this important event, reserve your Place now.

Register today at CSINetSec.com
Email: csi@cmp.com
Phone: (415) 947-6320

The Executive Women's Forum on Information Security, Risk Management and Privacy gathers over 200 of the most influential female executives together September 12th-14th , Sheraton Wild Horse Pass & Resort, Phoenix, Arizona to discuss best practices and strengthen their network. Four Women of Influence awards will be co-presented by Alta Associates and CSO Magazine. For more information or to register visit: www.infosecuritywomen.com. Top

Articles Wanted!

The ISSA Journal, the official publication of the ISSA, is looking for information security articles on a variety of topics concerning the information security practitioner.

Possible topics:

  • e-mail security
  • the latest threats
  • certifications
  • legislation
  • security for mobile devices
  • social engineering
  • international legislation
  • policy enforcement

Word count: 1,500 to 3,000 words.

Please send over a short summary of what the article will cover. Any questions? Contact Jenny Kasza, the editor of The ISSA Journal, at theeditor@issa.org for more details.

SecureWorld Expo 2006 Series Begins with Success

- Candy Alexander, CISSP CISM – VP Education – ISSA International

I am very pleased to announce that the SecureWorld Expo 2006 series began in Boston on March 15th with a huge success, breaking attendance records in both the conference attendee and vendor participation areas. We were very fortunately to have the New England ISSA Chapter host a luncheon with Howard Schmidt (first US Cybersecurity Czar and former ISSA International President).

ISSA had entered a partnership with SecureWorld Expo last year, to deliver regional conferences at a nominal cost to participants and more importantly, an ISSA member discount. SecureWorld Expo solicits guidance from our local ISSA chapters through the Conference Steering Committees to ensure that the topics delivered are of interest to the local information security community.

Seven more cities throughout the US will host SecureWorld Expos with ISSA chapter assistance and guidance (see list below). Be sure to attend the conference in your region and send me a note with your feedback. I welcome any comments you might have on any of these conferences. It is important that I understand your needs and continue to work to deliver education opportunities that fit those needs!

  • Philadelphia – April 19-20, 2006
  • Atlanta – May 2-3, 2006
  • Chicago – May 24-25, 2006
  • Detroit – September 19-20, 2006
  • Seattle – October 10-11, 2006
  • San Francisco – November 1-2, 2006
  • Dallas – December 6-7, 2006

For details and registration info, visit the SecureWorld Expo website.