ISSA-Utah.org

11th Annual 2013 Boise ISSA Security Conference will be held on the Boise State University campus on Friday April 19th. The conference brings in 200-300 participants from the Treasure Valley (Boise Area) and the region; including Idaho, Eastern Washington and Oregon, Northern Nevada & Utah. The conference will bring you face-to-face with the regions decision makers and security talent. The conference features a dedicated vendor forum, numerous speaking tracks, a dedicated vendor track, and more. See http://conference.boiseissa.org/

The Rocky Mountain Information Security Conference (RMISC) Organizing Committee, in partnership with the Denver Chapters of ISACA and ISSA, is proud to announce the seventh annual RMISC to be held on May 22-23, 2013 in Denver, Colorado! Conference website: http://www.etouches.com/ehome/RMISCEXH2013/Home/

The multi-page agenda flyer and speaker bios is 2013_i-symposium_agenda.

8:00 Check‐in, Breakfast

8:30 Welcome: Wade Sherman, VP – Lead Counsel, Digital Marketing, Adobe Systems

8:35 Keynote: CFAA: A Failed Experiment, Eric Goldman, Law Professor, Director, High Tech
Law Institute

9:30 Networking Break

10:00 Breakout: Suggestions for Accessible Documents, Hon. David Nuffer, U.S. District Court,
District of Utah

Breakout: The Surveillance State: From 9/11 to Snowden, Ben Stanley, Attorney,
TechLaw Ventures.

Breakout: Are Employees’ Smart Phones Safe Enough for Business? Scott Blackmer,
Founding Partner, InfoLawGroup LLP

11:00 Networking Break

11:15 Breakout: Exchanging Medical Records Online, Scott Rea, VP GOV/EDU Relations & Sr.
PKI Architect, Digicert

Breakout: EU Data Privacy Directive: Past, Present and Future. Lee Wright, Shareholder
Kirton & Mckonkie; Julie Park, Privacy Officer, Corp. of the Presiding Bishop

Breakout: Ethics CLE, The Cybersecurity Implications of Utah Rule of Professional
Responsibility 1.6: The Standard of Due Care Has Emerged, Matt Sorensen, TechLaw
Ventures

12:15 Lunch and State of the Net, Ben Holt, Attorney, Kilpatrick, Townsend & Stockton

12:30 Presentation of Utah Tech Pioneer Award

12:40 Lunch Keynote: Fast Failure, James Clarke, CEO & Managing Partner, Clarke Capital
Partners

1:30 Networking Break

1:45 Breakout: Getting More Security For Less with Managed Security Services, Eli J.
Martinez, IT Security Risk Manager, Corp. of the Presiding Bishop; Commander, Utah Air
National Guard

Breakout: Who Owns the Customer? James Harrison, CEO and Founder,
okcompare.com

Breakout: CLS Bank Decision, William B. Bunker, Partner, Knobbe Martens

2:45 Networking Break

3:00 Breakout: Consumer Privacy Communications – Practical Strategies for Educating
Consumers by Drafting Effective Policy Statements Across Digital Platforms, Panel,
Sharon Bertelsen, Of Counsel, Ballard Spahr, Mercedes Tunstall, Partner, Ballard Spahr

Breakout: Cloud Security and Managing Use Risks, Carl Allen, Director Information
Security, Intermountain Healthcare

Breakout: Individual Efforts to Maximize Privacy and Security of Data in an era of
Cyberstalking and NSA Surveillance. Charles L. Mudd Jr. Mudd Law Offices

4:00 After Conference Social

SEC566:  Implementing and Auditing the Twenty Critical Security Controls – In-Depth

Community Instructor:  James Murray, NCCI Holdings, Inc.

Other:  30 CPE/CMU; Laptop Required

Cybersecurity attacks are increasing and evolving so rapidly that is more difficult than ever to prevent and defend against them. Does your organization have an effective method in place to detect, thwart, and monitor external and internal threats to prevent security breaches?

As threats evolve, an organizations security should too. To enable your organization to stay on top of this ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the Twenty Critical Security Controls, a prioritized, risk-based approach to security. Designed by private and public sector experts from around the world, the Controls are the best way to block known attacks and mitigate damage from successful attacks. They have been adopted by the U.S. Department of Homeland Security, state governments, universities, and numerous private firms.

The Controls are specific guidelines that CISOs, CIOs, IGs, systems administrators, and information security personnel can use to manage and measure the effectiveness of their defenses. They are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.

The Controls are an effective security framework because they are based on actual attacks launched regularly against networks. Priority is given to Controls that (1) mitigate known attacks (2) address a wide variety of attacks, and (3) identify and stop attackers early in the compromise cycle.

The British governments Center for the Protection of National Infrastructure describes the Controls as the baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence.

SANS in-depth, hands-on training will teach you how to master the specific techniques and tools needed to implement and audit the Critical Controls. It will help security practitioners understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats.

The course shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Controls are effectively implemented.

Keynotes

• Protecting Privacy on the Internet,  Pete Ashdown
• DNS Exploitation, Cricket Liu, INFOBLOX

Dozens of Presentations plus Presenters Party

Other Things

• Hacker Challenge Game
• Ham Radio Training/Exam
• PGP Key Signing Event
• After Dark Labs
• Paintball Event ($15-20 extra)

The $200 fee covers the following:

• Access to all 4 Days of the Conference.
• Lunch provided on-site Tues-Thur.
• All-You-Can-Drink beverages during the con.
• All Conference Equipment (~$70/person).
• Dinner on Thursday Night.
• Parking that the venue.

White Collar Crime Seminar
Hosted by the Utah Area Chapter, Association of Certified Fraud Examiners
Thursday and Friday, October 17-18, 2013
Salt Lake Community College, Taylorsville Redwood Campus

(2-page seminar info flyer: 2013 Utah Area Chapter Seminar)

Topics & Presenters

The State’s Best Practices for Detection and Prevention
Governor Gary R. Herbert, Utah State Governor

Procurement Fraud: Finding The Smoking Gun
Brian Payne, Author: White Collar Crime — Vice Provost, Graduate/Undergraduate Academic Programs at Old Dominion University

Conducting Effective Suspect Interviews
Alan Peters, Special Agent, Retired — Federal Bureau of Investigations

Third-Party Risk Management: An Added Dimension in a Corporation’s Ethics and Compliance Program
Sheri Fitzpatrick, CEO — Perfect Home Living

The IRIS Database, a Tool to Prevent/Detect Fraud
Scott Morrill, Program Manager — Investigations Division, Utah Attorney General’s Office

Financial Statement Fraud
Heidi George, Securities Examiner — Utah Division of Securities

The Fight Against Fraud: a Reporter’s Perspective
Tom Harvey, Reporter — Salt Lake Tribune

CyberCrime: Uncovered
Antonio Pooe, CEO — Exactech Forensics

Tax Fraud 2013
Matthew Bird, Criminal Investigator, Internal Revenue Service

Media & Insurance Fraud Schemes
Frank Scafidi, Public Affairs Director, National Insurance Crime Bureau