Archive for Education

Fall Security Seminar 2013

The Utah chapter of the ISSA is pleased to announce our Fall Security Seminar.

 

Presentations from the Event:

pdf 2013-Fall_Enterprise-Vulnerabilties-Mgmt-Best-Practices_Qualys

pdf 2013-Fall_Too-Much-Security_Nelson

pdf 2013-Fall_Securing-the-Virtual-Environment_OPS-CSM1209_Ottenheimer

 

pdf  Full Event Details Here

Registration is closed.

 

When: Thursday, 26 September 2013; 9:00 am – 1:00 pm

(check-in starts at 8:30 am) ISSA and ISACA

Cost: members: $35, Non-members: $50,
Limited seating – register today!

Where: LDS Riverton Office Building (see map for directions).
Note: Those who register online prior to the event, are not required to provide photo id at the door.

Credit: 3 CPE Credits

Join ISSA: To join the ISSA at https://www.issa.org/Join.html. General membership annual fee is $110; student fee $45 per year.

 

Featured Speakers

Grant Johnson & Jeff Buzzella, of QUALYS

“Best Practices, Audit & Control of a Enterprise Vulnerability Management Program”

  • What is Enterprise Vulnerability Management (EVM)?
  • What are the Key elements of the EVM program?
  • IT Inventory – Risks and Control Tests.
  • Vulnerability Scope and Risk evaluation – Risks and Control Testing.
  • Vulnerability Scanning – Things to be aware of…
  • Remediation Process /Tickets/ Risk and Control Testing.
  • Exception Process – What you choose to ignore can bite you!

 

Davis A. Nelson, Jr., Founder of Integrity Technology Systems.

“IT Risk Management: Because You Can Have too Much Security”

Dave will show how using proper IT risk management techniques can help organizations prioritize information security expenditures to get the best ROI.

 

Matthew Wallace, Director, Product Development, VIAWEST.

“Securing the Virtual Environment: How to Defend the Enterprise Against Attack.”

This presentation offers a broad look across virtualization used in various industries as well as a narrow view of vulnerabilities in virtual environments. Examines the difference in a virtual model versus traditional computing models and the appropriate technology and procedures to defend it from attack:

  1. Dissects and exposes attacks targeted at the virtual environment and the steps necessary for defense;
  2. Covers information security in virtual environments: building a virtual attack lab, finding leaks, getting a side-channel, denying or compromising services, abusing the hypervisor, forcing an interception, and spreading infestations;
  3. The state of security and compliance in the cloud.

Attend IANS Security Forums for 50% Discount

IANS Research has a co-marketing agreement with ISSA International. Part of the agreement gives ISSA members a 50% discount on all IANS Forums. All ISSA members can register for $675 rather than $1350. See the IANS events page for more information. The Forum closest to Utah is in San Francisco 15-16 Oct. For more information on this event and for registration, see the IANS San Francisco Information Security Forum 2013 landing page.

Paraben’s Forensic Innovations Conference (PFIC 2013)

Paraben’s Forensic Innovations Training & Conference is scheduled for 13-15 November at Snowbird. There are three tracks.

Conference Track ($199.00) — it includes attendance in over 20 different sessions on the latest techniques and issues facing the industry.

Advanced Training Track ($399.00) — it includes attendance in three 8-hour courses which are:
-Intrusions and Forensic Footprints (Hacker vs. Investigator)
-Advanced Memory Analysis, Malware Triage & Log Analysis
-Advanced Mac Forensics.

Specialist Training Track ($399.00) — it includes two 4-hour sessions each day and you rotate through all the topics which are:
-On-scene Triage Techniques
-Shadow Volumes & Windows Artifacts
-Chip-Off Forensics for Mobile Devices
-USB Drive Investigation & Tracking in a Multi-OS Environment
-Python Forensics
-Mobile Forensics Logical and Physical Acquisition & Analysis

PFIC also includes after-hours activities for everyone and daytime activities for spouses.

For the complete agenda and registration, go to www.pfic-conference.com.

Summer Security Seminar 2013

The Utah chapter of the ISSA is pleased to announce our Summer Security Seminar.

Presentations from the Seminar:

Speaker Brady Bloxham, founder SILENT BREAK SECURITY
“Professional Penetration Testing: Creating and Learning in a Hacking Lab”
pdfBlackhat Hacking

 

Speakes: Dave Norwood, President of Trusted Network Solutions.
                    Jim Brown,
Chief Network/ Security Architect at L3 Communications.
“We are Truly in a State of War on the Internet!”
pptx2013summer_war-on-internet.pptx

 

Speaker: Heather McCalley, of MALCOVERY Security

“Phishing Intelligence.”
More Information Here

 

Event Information

Speaker: Brady Bloxham, founder SILENT BREAK SECURITY

“Professional Penetration Testing: Creating and Learning in a Hacking Lab”

Threats, attacks, and hacks your organization is facing are becoming more targeted and advanced. To properly prepare, penetration tests and security assessments need to be realistically modeled to mimic the changing threat landscape. This presentation will dive into the technical tricks, tactics, and techniques that attackers are using against you. Understanding how attackers gain access, expand presence, and exfiltrate sensitive data is the first step in defending against it.

Speakers: Dave Norwood, President of Trusted Network Solutions.
                    Jim Brown, Chief Network/ Security Architect at L3 Communications.
“We are Truly in a State of War on the Internet!”

Dave and Jim will dive deep into the most current security topics including a focus on cyber warfare and state-sponsored cyber espionage. The latest security reports will be discussed as well as real-life examples of attacks happening right here in Utah.

Speaker: Heather McCalley, of MALCOVERY Security

“Phishing Intelligence.”

Traditional phishing response in the past has been limited to the game of Whack-A-Mole where phishers make new websites, banks report those to Take Down companies, who then try to shut the site down before very many customers lose their credentials to criminals. By clustering related phishing sites and ordering the clusters by prevalence, investigations and countermeasures can be prioritized and modified in response to the threat.

 

  • When: Thursday, 20 June 2013; 9:00 am – 1:00 pm (check-in starts at 8:30 am)
  • Where: LDS Riverton Office Building (see map for directions)
  • Note: Those who register online prior to the event, are not required to provide photo id at the door.
  • Cost: ISSA and ISACA members: $35
  • Non-members: $50
  • Seating is limited – register today!
  • Credit: 3 CPE Credits
  • Join ISSA: To join the ISSA at https://www.issa.org/Join.html. General membership annual fee is $110; student fee $45 per year.

Complimentary Webinar on Cloud-Based IANS Solutions – 22 May 2013

ISSA – Utah Chapter members are invited to participate in a complimentary IANS webinar.

Title:  Identity and Access Management in the Cloud: Emerging Vendor Showcase
Date:  May 22
Time:  2:00 – 3:00 PM EST
Moderator: Dave Shackleford
Guest Presenters: Okta and Symplified

Identity and Access Management (IAM) implementation can be enormously complex, expensive, and difficult for many organizations. With more organizations integrating third-party applications with internal infrastructure, and deploying cloud-based systems and applications both internally and in provider environments, the problem gets even worse. How should organizations develop roles and privileges? What types of access management and control make the most sense? What standards should be used for integration, ranging from SAML to OAuth?

A new breed of cloud-based IAM products and services is emerging, however, with extensive features and integration capabilities. In this Webinar, IANS will host cutting-edge solution providers Okta and Symplified who are leading the charge to IDaaS, otherwise known as Identity as a Service.

REGISTER HERE

SANS(R) +S(TM) Training Program for the CISSP(R) in Salt Lake City

What: MGT 414: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam.

When: 22-27 July 2013

Where: Double Tree Suites by Hilton Salt Lake City
110 West 600 South
Salt Lake City, UT 84101 US

Register at www.sans.org/event/31045

2013 Spring Security Seminar!

Presentations from the Seminar:

Speaker:  Alex Hutton of Zions Bancorp.
pdf_iconTowards A Modern Approach to Risk Management 

Speaker:  Chris Bream, Director at MANDIANT
pdf_icon Did I Block That

 

Keynote:  Ira Winkler, CISSP

“Social Engineering – How to tell if your company really sucks at Security!

Ira Winkler, CISSP is Chief Security Strategist for Codenomicon. He is considered one of the world’s leading security professionals and named a Modern Day James Bond by the media. He did this by performing espionage simulations, compromising some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information.

 

Speaker:  Alex Hutton of Zions Bancorp.

(Director of Risk Management for Technology and Operations)

pdf_iconTowards A Modern Approach to Risk Management

“Towards A Modern Approach to Risk Management”

Information Risk Management, we’re doing it wrong. Data Science and Big Data stores can help, but in order to take advantage of actual data and evidence we’ll need to correct some fundamentally wrong things we now think of as “best practices.” In this presentation we will discuss our silly approaches to information risk, how data sciences can assist us, and what a modern or evidence-based risk management practice can do for security teams.

 

Speaker:  Chris Bream, Director at MANDIANT

pdf_icon Did I Block That

“Did I Block That? – Five (or so) Things Organizations Botch During a Compromise.

Everybody gets compromised. It can be a big compromise or a small one but regardless, someone will make their way into your network at some point. Where most organizations are painfully at fault is in their response to these compromises. Chris will focus on the common mistakes that organizations make when responding to security incidents and steps you can take to help improve your capabilities.

 

ISSA_May 2013 Seminar_Flyer

Registration is closed.

  • When:  Thursday, 16 May 2013; 9:00 am – 1:00 pm (check-in starts at 8:30 am)
  • Where:  SLCC Miller Conference Center (see map for directions)
  • Topic:  Data Loss Prevention
  • Food:  Continental Breakfast, Buffet lunch
  • 3 CPE Credits

 

Join ISSA

To join the ISSA at https://www.issa.org/Join.html. General membership annual fee is $110;
student fee $45 per year.

Software Engineering Institute’s Virtual Event: “Constructing a Secure Cyber Future”

ISSA members are invited to the Software Engineering Institute’s virtual event entitled “Constructing a Secure Cyber Future.”

– Date/Time: Tuesday, April 30, 2013, 10am – 5pm.

In this free virtual event, you will learn about recent cyber security research and development in:

·         how the CERT Program is building a science-based understanding of cyber defense
·         analyzing malicious code and vulnerabilities
·         avoiding security incidents
·         a new platform for cyber workforce development
·         making your security practice good as it can be
·         protecting against attack
·         cyber security challenges to watch for in 2013 and beyond

Info/register at http://www.sei.cmu.edu/events/Event-Details.cfm?customel_datapageid_4744=722299

IANS Webinar “Never Fight a Land War in Cyberspace” by Marcus Ranum

ISSA members are welcome to join in a IANS Webinar entitled “Never Fight a Land War in Cyberspace,” on Wednesday, Apr. 24, 2-3 PM EDT. with Marcus Ranum, IANS Faculty.

Military analogies and metaphors are plentiful when discussing cybersecurity. In fact, the speaker’s own first cybersecurity paper was larded with out-of-context quotes from Sun Tzu. Now that the “cyberwar” phenomenon is in full swing, we’re constantly hearing things like “active defense” and “the best defense is a strong offense.” But what do they even mean in cyberspace? In this presentation, Marcus Ranum will compare some real-world military theories with their cyberspace equivalents so that attendees can see how confused this topic has become.

Register at: http://marketing.iansresearch.com/acton/form/3335/0020:d-0007/0/index.htm

Security Awareness: Developing a Successful Strategy (webinar)

Wednesday, March 13
2-3 PM EDT
Speakers: Mike Saurbaugh | IANS Faculty
Security awareness receives a lot of attention as organizations strive to improve and maintain an effective program. Awareness is about people, and if people are not aware, security is likely to fail. Employees remain a big target of adversarial tactics that are ever-changing. The difference between “effective” and “ineffective” is in the approach taken with the program.
In this webinar, Faculty Mike Saurbaugh will discuss security awareness and how organizations can elevate their program to be more effective. Attendees will be presented with ideas to improve their program so that they can beyond the annual “Awareness Month” and check box mandates.
Topics of discussion will include:
·         Developing  a solid foundation for your security awareness program
·         Introducing security awareness to the organization
·         Creating an awareness policy
·         Customizing awareness with role based campaigns
·         Tools and techniques
·         Measuring the results