Archive for webmaster

Annual Holiday Luncheon 2014

The Holidays are Here!

We will be hosting the chapter’s annual holiday luncheon on Dec 4.  This luncheon is free to chapter members.

Our speaker this year is Tim Hastings, CISO for the State of Utah, who will discuss:

“The Top 5 Things Every CISO Should Be Thinking About Now”

 

RSVP

To obtain an accurate count of those who will attend our upcoming holiday
luncheon please RSVP at: http://www.rsvpmenow.com/?id=26982, with the event
code: 26982. RSVP deadline is Nov. 29th, 2014.  Please come and enjoy the afternoon with ISSA Utah.  We look forward to seeing you there!

Download PDF See the complete flyer here

Annual Holiday Luncheon 2014

Date: December 4, 2014
Time: 11:30 am – 1:00 pm

Location: University of Utah Alumni House  map

155 Central Campus Drive
University of Utah,Salt Lake City,UT 84112
USA

Cost: Free for ISSA members; $25 for non-members

 

2014 Fall Security Seminar

Content from the Seminar

Industrial Control Systems/SCADA Threats – Robert Huber of Critical Intelligence, is available on request for individuals who attended the Seminar. Please contact one of the chapter board members if you are interested.

Download PDF Hackers vs Auditors – Dan Anderson of CyberEleven

Download PDFThe Security of Security – Christopher Peckham of Kratos Public Safety Security & Solutions

 

Seminar Details

The Seminar will be held Thursday, September 25th, 2014; 9:00 am – 1:00 pm and will feature Robert Huber, President of CRITICAL INTELLIGENCE, Dan Anderson, CEO of CyberEleven, and Christopher Peckham, Senior VP & CTO of Kratos Public Safety Security & Solutions.  Please join us.

See our flyer for all the details:
Download PDF ISSA 2014 Fall Seminar Flyer

2014 CISSP Training is Here!

The ISSA-Utah Chapter is proud to sponsor CISSP Test Preparation Training, right here in Salt Lake City!

 

When: October 13 -15th, 2014; 8:45am – 5:00pm
Where: Utah Retirement Systems
540 East 200 South
Salt Lake City, UT

Registration Closed

Please see our flyer for all the details:
Download PDF 2014 CISSP Training_Flyer

Faculty:

Thomas R. Peltier is the president of Thomas R. Peltier Associates, and founder of the Southeast Michigan Computer Security Special Interest Group, and has taught the information security curriculum for a master’s certificate at Eastern Michigan University. Prior to this, Peltier was director of policies and administration for Netigy Corporation’s Global Security Practice. At CyberSafe Corporation, Peltier was the national director for consulting services. While employed at Detroit Edison, Tom implemented the development of a corporate information protection program that was recognized for excellence in the field of computer and information security by winning the CSI’s Information Security Program of the Year for 1996. Peltier has also served as president at Blaier & Associates, as an information security specialist for General Motors Corporation, as an information security officer for the Chevrolet-Pontiac-Canada Group and in various positions at the Chevrolet Engineering Center.

John G. O’Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John was the recipient of the 2004 COSAC award and the 2006 EuroSec Prix de Fidelite.

 

2014 May Security Seminar

Content from the Seminar

Download PDF Seminar Details – Flyer

Download PDF PCI-Compliance-and-v3_SecurityMetrics_Halbleib

Download PDF On-the-Horizon-Physical-Security_ELF-WORKS-INC_Figge

 

You won’t want to miss this seminar!

Speaker: Matt Halbleib, Sr. Qualified Security Assessor, SECURITYMETRICS“PCI Compliance and Version 3.0”  Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures Version 3.0, was released in November 2013. Matt will discuss the key changes including those in the physical security requirements, some information from compromises his forensic teams have investigated, and some common problems they encounter with clients.
Speaker: Darrell Switzer, Managing Consultant, Incident Management Practice, FISHNET SECURITY“What Lurks in Your Networks”  Threats are evolving faster than current security defenses. Organized and often well-funded criminals are after the money and Nation-States are after the intelligence. Darrell will provide an overview of what his incident management team is seeing in the wild and how highly performing organizations are combating today’s targeted threats. He will address the problems, targets, victims, motivations, breach and response metrics, whether you have been breached, and what do I do about it. He will also provide key concepts for combating modern threats.
Speaker: David Figge, President, ELF WORKS INC.“What’s On the Horizon with Physical Security?”  David describes the current and emerging trends in physical security regarding access control, badging, and video surveillance. He will approach this topic from the point of view of the user and will cover both the technologies and the impacts it will have in commercial security settings.
When: Thursday, May 8th, 2014; 9:00 am – 1:00 pm (check-in starts at 8:30 am)
Cost: ISSA and ISACA members: $35, Non-members: $50, limited seating – register today!
Where: LDS Riverton Office Building (see map for directions).
Note: Those who register online prior to the event, are not required to provide photo id at the door.
Credit: 3 CPE Credits
Join ISSA: To join the ISSA, visit https://www.issa.org/Join.html. General membership annual fee is $110; student fee $45 per year.

 

 

 

2014 Spring Security Seminar

Presentations:

Download PDF Incident Response: Six Steps for Managing Cyber Breaches – Guidence Software

Download PDF BYOD and Mobile Application Security – Security Aim

Download PDF Consuming-Threat-Intel-More-Effectively_Rolston

 

Registration: Registration Closed

Download PDF  Download Flyer

We anticipate a great seminar loaded with good information!
Special thanks to our sponsors, Qualys and Guidance Software.

Speaker:

Richard Thompson, Director – Professional Services, GUIDANCE SOFTWARE

“Incident Response: Six Steps for Managing Cyber Breaches”

Now that security breaches are practically unavoidable, organizations must adopt new postures to be prepared for and successfully respond to incidents at the first sign of intrusion. The speed at which you identify the breach, halt progress of infectious malware, stop access and ex-filtration of sensitive data, and remediate the threat will make significant difference in controlling risk, costs, and exposure during an incident. This presentation will outline the six essential steps to effective incident response in order to greatly increase your success in managing cyber breaches.

Speaker:

Dmitry Dessiatnikov, President, SECURITY AIM

“BYOD and Mobile Application Security”

The explosion of the mobile application market coupled with acceptance of “bring your own device” (BYOD) to enterprise environments comes with its unique security risks. While driven by a rise in productivity, convenience and overall user satisfaction BYOD increases the attack surface that most businesses are not prepared for. In this presentation we will cover the reasons for concern along with a live demonstration of a remote compromise of an Android phone in a corporate environment. We will also discuss the OWASP top 10 mobile risks and demonstrate some common issues with a vulnerable iOS mobile application. A free tool will be shared with the audience that can be used to assess their corporate BYOD environments.

Speaker:

Bri Rolston, Chief Research Geek, GkCHICK RESEARCH

“Threat Intel, Proper Use and Application.”

Case Study: Red October attacks. She will break down the threat intel used and show how to develop a technical security response plan for it. Few security teams have the ability to read threat information, understand how it affects risk, and then develop a strategic technical response.

When: Thursday, 6th of March 2014; 9:00 am – 1:00 pm (check-in starts at 8:30 am)
Cost: ISSA and ISACA members: $35, Non-members: $50, limited seating – register today!
Where: LDS Riverton Office Building (see map for directions).
Note: Those who register online prior to the event, are not required to provide photo id at the door.
Credit: 3 CPE Credits
Join ISSA: To join the ISSA at https://www.issa.org/Join.html. General membership annual fee is $110; student fee $45 per year.

 

 

 

Annual Holiday Luncheon 2013

The Holidays are Here!

We will be hosting the chapter’s annual holiday luncheon on Dec 5.  This luncheon is free to chapter members.

Our speaker this year is Pete Ferguson, of eBay Inc., who will discuss Why and How to Partner with Physical Security.  Pete’s remarks should provide an interesting focal point for the event.  Please come and enjoy the afternoon with ISSA Utah.  We look forward to seeing you there!

RSVP Today!

To obtain an accurate count of those who will attend our upcoming holiday luncheon please RSVP at: http://www.rsvpmenow.com/, with the event code: 26453.

Another option would be to use this QR code from your smart phone.
QRcodeHolidayLunch2013

Annual Holiday Luncheon 2013

Date: December 5, 2013
Time: 11:30 am – 1:00 pm

Location: University of Utah Alumni House  map

155 Central Campus Drive
University of Utah,Salt Lake City,UT 84112
USA

Cost: Free for ISSA members; $25 for non-members

SpeakerPete Ferguson, Manager, Safety & Security Program Development, eBay Inc 

Topic:  Why and How to Partner with Physical Security

Securing people and places often are overlooked when compared to information security risks. Preventing people physical access to your facility as well as ensuring a good people-based crisis management program are in place are critical to the overall security strategy.

Speaker Bio: Pete has worked with eBay since it first came to Utah in 1999. With only 1,500 global employees at the time, he was on the ground level and responsible for introducing safety and security policies and practices to Utah -– and shortly thereafter to many additional locations as the company grew. He has served as a manager for global customer service locations and regional manager for both the Americas and Asia Pacific regions. With an educational and experiential background in Communications, Public Relations, he is now responsible for policy, awareness, and auditing programs for eBay’s 500+ global Safety and Security team. He also hold his Certified Protection Professional (CPP) designation from the American Society of Industrial Security (ASIS).

 

 

 

 

Fall Security Seminar 2013

The Utah chapter of the ISSA is pleased to announce our Fall Security Seminar.

 

Presentations from the Event:

pdf 2013-Fall_Enterprise-Vulnerabilties-Mgmt-Best-Practices_Qualys

pdf 2013-Fall_Too-Much-Security_Nelson

pdf 2013-Fall_Securing-the-Virtual-Environment_OPS-CSM1209_Ottenheimer

 

pdf  Full Event Details Here

Registration is closed.

 

When: Thursday, 26 September 2013; 9:00 am – 1:00 pm

(check-in starts at 8:30 am) ISSA and ISACA

Cost: members: $35, Non-members: $50,
Limited seating – register today!

Where: LDS Riverton Office Building (see map for directions).
Note: Those who register online prior to the event, are not required to provide photo id at the door.

Credit: 3 CPE Credits

Join ISSA: To join the ISSA at https://www.issa.org/Join.html. General membership annual fee is $110; student fee $45 per year.

 

Featured Speakers

Grant Johnson & Jeff Buzzella, of QUALYS

“Best Practices, Audit & Control of a Enterprise Vulnerability Management Program”

  • What is Enterprise Vulnerability Management (EVM)?
  • What are the Key elements of the EVM program?
  • IT Inventory – Risks and Control Tests.
  • Vulnerability Scope and Risk evaluation – Risks and Control Testing.
  • Vulnerability Scanning – Things to be aware of…
  • Remediation Process /Tickets/ Risk and Control Testing.
  • Exception Process – What you choose to ignore can bite you!

 

Davis A. Nelson, Jr., Founder of Integrity Technology Systems.

“IT Risk Management: Because You Can Have too Much Security”

Dave will show how using proper IT risk management techniques can help organizations prioritize information security expenditures to get the best ROI.

 

Matthew Wallace, Director, Product Development, VIAWEST.

“Securing the Virtual Environment: How to Defend the Enterprise Against Attack.”

This presentation offers a broad look across virtualization used in various industries as well as a narrow view of vulnerabilities in virtual environments. Examines the difference in a virtual model versus traditional computing models and the appropriate technology and procedures to defend it from attack:

  1. Dissects and exposes attacks targeted at the virtual environment and the steps necessary for defense;
  2. Covers information security in virtual environments: building a virtual attack lab, finding leaks, getting a side-channel, denying or compromising services, abusing the hypervisor, forcing an interception, and spreading infestations;
  3. The state of security and compliance in the cloud.

How Do I Join ISSA?

Glad you asked!  Just visit the National ISSA Website for all the info.

The URL for new member sign up is https://www.issa.org/general/register_member_type.asp?

Summer Security Seminar 2013

The Utah chapter of the ISSA is pleased to announce our Summer Security Seminar.

Presentations from the Seminar:

Speaker Brady Bloxham, founder SILENT BREAK SECURITY
“Professional Penetration Testing: Creating and Learning in a Hacking Lab”
pdfBlackhat Hacking

 

Speakes: Dave Norwood, President of Trusted Network Solutions.
                    Jim Brown,
Chief Network/ Security Architect at L3 Communications.
“We are Truly in a State of War on the Internet!”
pptx2013summer_war-on-internet.pptx

 

Speaker: Heather McCalley, of MALCOVERY Security

“Phishing Intelligence.”
More Information Here

 

Event Information

Speaker: Brady Bloxham, founder SILENT BREAK SECURITY

“Professional Penetration Testing: Creating and Learning in a Hacking Lab”

Threats, attacks, and hacks your organization is facing are becoming more targeted and advanced. To properly prepare, penetration tests and security assessments need to be realistically modeled to mimic the changing threat landscape. This presentation will dive into the technical tricks, tactics, and techniques that attackers are using against you. Understanding how attackers gain access, expand presence, and exfiltrate sensitive data is the first step in defending against it.

Speakers: Dave Norwood, President of Trusted Network Solutions.
                    Jim Brown, Chief Network/ Security Architect at L3 Communications.
“We are Truly in a State of War on the Internet!”

Dave and Jim will dive deep into the most current security topics including a focus on cyber warfare and state-sponsored cyber espionage. The latest security reports will be discussed as well as real-life examples of attacks happening right here in Utah.

Speaker: Heather McCalley, of MALCOVERY Security

“Phishing Intelligence.”

Traditional phishing response in the past has been limited to the game of Whack-A-Mole where phishers make new websites, banks report those to Take Down companies, who then try to shut the site down before very many customers lose their credentials to criminals. By clustering related phishing sites and ordering the clusters by prevalence, investigations and countermeasures can be prioritized and modified in response to the threat.

 

  • When: Thursday, 20 June 2013; 9:00 am – 1:00 pm (check-in starts at 8:30 am)
  • Where: LDS Riverton Office Building (see map for directions)
  • Note: Those who register online prior to the event, are not required to provide photo id at the door.
  • Cost: ISSA and ISACA members: $35
  • Non-members: $50
  • Seating is limited – register today!
  • Credit: 3 CPE Credits
  • Join ISSA: To join the ISSA at https://www.issa.org/Join.html. General membership annual fee is $110; student fee $45 per year.

2013 Spring Security Seminar!

Presentations from the Seminar:

Speaker:  Alex Hutton of Zions Bancorp.
pdf_iconTowards A Modern Approach to Risk Management 

Speaker:  Chris Bream, Director at MANDIANT
pdf_icon Did I Block That

 

Keynote:  Ira Winkler, CISSP

“Social Engineering – How to tell if your company really sucks at Security!

Ira Winkler, CISSP is Chief Security Strategist for Codenomicon. He is considered one of the world’s leading security professionals and named a Modern Day James Bond by the media. He did this by performing espionage simulations, compromising some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information.

 

Speaker:  Alex Hutton of Zions Bancorp.

(Director of Risk Management for Technology and Operations)

pdf_iconTowards A Modern Approach to Risk Management

“Towards A Modern Approach to Risk Management”

Information Risk Management, we’re doing it wrong. Data Science and Big Data stores can help, but in order to take advantage of actual data and evidence we’ll need to correct some fundamentally wrong things we now think of as “best practices.” In this presentation we will discuss our silly approaches to information risk, how data sciences can assist us, and what a modern or evidence-based risk management practice can do for security teams.

 

Speaker:  Chris Bream, Director at MANDIANT

pdf_icon Did I Block That

“Did I Block That? – Five (or so) Things Organizations Botch During a Compromise.

Everybody gets compromised. It can be a big compromise or a small one but regardless, someone will make their way into your network at some point. Where most organizations are painfully at fault is in their response to these compromises. Chris will focus on the common mistakes that organizations make when responding to security incidents and steps you can take to help improve your capabilities.

 

ISSA_May 2013 Seminar_Flyer

Registration is closed.

  • When:  Thursday, 16 May 2013; 9:00 am – 1:00 pm (check-in starts at 8:30 am)
  • Where:  SLCC Miller Conference Center (see map for directions)
  • Topic:  Data Loss Prevention
  • Food:  Continental Breakfast, Buffet lunch
  • 3 CPE Credits

 

Join ISSA

To join the ISSA at https://www.issa.org/Join.html. General membership annual fee is $110;
student fee $45 per year.