NYC Mayor Ed Koch was fond of asking, "How am I doing?" As professionals we must ask, "How
is security doing?" Compliance is driving security. Management is looking at Return On
Investment and security costs. The pundits recognize the need to integrate corporate IT
and security activities. Cobit offers a framework that can be used to accomplish this
task. ITIL also identifies what to do. Join us on September 21st to learn more about Cobit
and ITIL.
Speakers:
Mark Villinski
Manager, Field Marketing Kaspersky Lab
Mark will speak about current and future threats.He has given this presentation to the New York and Boston ISSA chapters were it was highly respected.His presentation will lay the foundation for the need to plan ahead, instead of reacting to security. Kasperskymonitors the threat horizon and brings insight to what is happening now and what is likely in the future.As we all know the security landscape is always changing.
Jim Brislin
Director of IT Security and Risk Management, Phoenix Life Insurance Company
“COBIT: A Tool for IT Security”The increasing complexity of managing an explosion of electronically available data in an always more efficient manner has led to an increasing pool of risks associated with not managing that data securely.Although each enterprise must develop its own set of policies, procedures and guidelines to prudently manage and secure its data, frameworks such as COBIT and ITIL provide direction for senior management as well as guidance for hands-on administrators. The presentation will provide an overview of the COBIT framework with an emphasis on how it can be applied to IT Security and how it relates to other frameworks such as ITIL.
Garth Hallett
Garth will be covering ISO 270001 from a compliance angle.He will look at the best practices represented by ISO 27001 as they apply to PCI DSS, SOX, HIPAA, and more.
Dennis Thrift
Compliance and Risk, Akibia
"Managing Multiple Compliance Requirements"
With too many compliance requirements, and not enough staff or resources to address every mandate, most organizations approach compliance in a piece meal fashion that addresses one regulation at a time. As a result, staff are overworked, over budget, and despite duplicated efforts, compliance remains an uncertainty. Gartner research suggests that companies that select individual solutions for each regulatory challenge spend 10 times more on the IT portion of compliance projects than companies that take a proactive and more integrated approach. This presentation will discuss the latest compliance challenges and offer insight into the best way to manage compliance with a more holistic approach
The presentation will be an overview of Weston Software, Inc. and their solutions for securely managing and auditing UNIX and Linux hosts residing in the data center, virtualized environments and the computing cloud from a window desktop.
This will be followed by a product demonstration and a discussion of security and compliance considerations.
Mr. Bill Zack
Architect Evangelist
Microsoft Developer & Platform Evangelism
Session Outline:
The presentation will be an overview of the state of the art in public clouds with a focus on Windows Azure Platform Security. Beginning with a comparison of the different ways to host applications (on-premise, hosted, in the cloud) it will then cover the types of cloud platforms that are available, the leading players in the industry and what they provide.This will be followed by a brief overview of the Windows Azure Platform and a discussion of the security and compliance considerations for Windows Azure and other cloud platforms.
Mr. Michael Ferris
Director Product Strategies for Cloud Computing
Red Hat Inc.
Session Outline:
Cloud Computing, the Enterprise and Open Source, Getting Beyond the Hype
Cloud Computing is driving fundamental changes which alter both the capabilities and economics of information technology.With many enterprises looking to deploy cloud solutions, there is a growing realization of not only the benefits, but of the challenges that cloud computing must overcome.Only by recognizing both the challenges and benefits of a cloud deployment will enterprises be able to achieve the reduced costs and increased operational efficiency at the scale which can be delivered by the cloud.
This presentation will discuss cloud computing benefits and challenges from a business, technical, and legal perspective and demonstrate the role that open source and open standards will play in delivering the full promise of cloud computing.
Mr. Ed Eldridge
Director of Data Center & Storage Solutions
Accunet Solutions, Inc.
Session Outline:
The presentation will focus on technology alternatives being considered and utilized by organizations which have decided not to pursue the public cloud options in their current form. In many cases these technologies are implemented to form private clouds (or at least the appearance of cloud-like services) as organizations wait to see the cloud offerings mature to where they can be implement compatible or complementary technologies. The session will include a brief overview of some of the technical, business, and legal objections these organizations have to current cloud offerings.
Compliance and Regulatory Information from Different Perspectives
Wednesday, 28 October 2009
Compliance and Regulatory
Information from Different Perspectives
Date: November 17th 11:15 – 4:00
Location: RPI
275 Windsor St
Hartford, CT
Agenda:
11:15-11:45 - Lunch and Registration
11:45-12:00 - Opening Remarks
12:00-12:50 - Compliance in a Multi Juristictional Environment
1:00-1:50 - Law that was signed into law earlier this year and its impacts
2:00-2:35 - Civil Suits, multiple states, data breaches, new laws, due dilligence
and due care. What does this mean for you now and in the future?
Have you considered the civil consequences?
2:35-3:10 - Banking requirements and New Regulations for 2010
3:20-3:55 - PCI-DSS, What you need to know
Speakers include:
Scott Mansolillo Vice President, Associate General Counsel & Director of Compliance The Hartford Financial Services Group
Compliance in a Multi-Jurisdictional Environment
Jerry Hughes, CISA, QSA
Director IT Audit & Compliance
Light House IT Compliance
ARRA/HITECH
Law that was signed into law earlier this year and its’ impact .
The impacts on the health care industry and business associates of them outlining the heightened privacy and security standards for health information included in the American Recovery and Reinvestment Act (ARRA) — also known as the economic stimulus bill. Under these provisions, more organizations may face civil and criminal penalties for failing to protect personal health records as required by the Health Insurance Portability and Accountability Act (HIPAA). At the same time, the ARRA strengthens HIPAA data security and breach notification requirements.
He will help you make sense of the ARRA ’s health privacy provisions by examining:
Changes to HIPAA’s privacy and security mandates;
New HIPAA enforcement provisions, including the potential for individual criminal liability; and
What types of organizations may now be required to comply with HIPAA
Before ARRA, HIPAA did not directly affect organizations that provided data services to hospitals and other covered entities. Now those organizations can be held accountable for failure to comply with HIPAA’s privacy provisions.
Jennifer Morgan DelMonico
Murtha Culina
Civil suits, multiple states, data breaches, new laws, due diligence and due care.What does this mean for you now and in the future?
Kevin Hamel,
Vice President, Security Officer, Security
COCC
Farmington CT Banking requirements and New Regulations for 2010
Brian Trevey Vice President, Global Compliance Services
Yes, you read it right! This event is centered around vendors (better known as sponsors) but with a value to all of you members. The vendors are ISSA-CT's sponsors which cover most of our meeting costs such as speakers, room rentals, food, parking, and any other incidentals. We charge for meetings only when we need to cover some expense.
This event is special as it will have a room with speakers and a full agenda for members, as well as, a room for all the sponsors which members, non-members and guests can visit at their leisure and spend time with the vendors of their choice. This is ISSA-CT's way of meeting your request for quality speakers and to thank our generous sponsors.
To date the vendors/sponsors that will be participating include: Core, IBM ISS, IDI, Palo Alto and RSA.
SO SAVE THE DATE:
September 15, 2009 , 10:00 to 4:30 RPI (Rennsalear Polytechnic Institute) 275 Windsor Street Hartford Connecticut
Directions can be found on the RPI Web Site http://www.ewp.rpi.edu/hartford/, Further information will follow with the names of speakers and their topics.
Dan and I are putting together the Spring Security Grab bag, we're gathering the best speakers we can get our hands on for a great day covering 3 (maybe 4) topics everyone will be interested in. Currently we have Ed Adams (President & CEO, Security Innovation) with a presentation on Application Security Maturity Models (straight from RSA '09!) and Dr. M. E. Kabay (with a discussion on the security statistics we are fed every day.) These are two of the best speakers we've had since I joined the ISSA and Dan and I are looking forward to seeing you there! We've also just confirmed Ulf Mattsson (CTO, Protegrity) who comes highly recommended, and who will be discussing how to evaluate data protection technologies.
Whether it's someone impersonating an irate executive, or a Nigerian phishing scam, the majority of today's attacks rely on Social Engineering to get your users to do something out of the ordinary. When coupled with a Client-Side Exploit, this one-two punch can compromise the security of your company, regardless of the usual security hardware, software, and policies in place. As security expert Bruce Schneier likes to put it: Amateurs hack systems, professionals hack people.
Come listen to the experts share their insight on Social Engineering and Client-Side Attacks and learn how your worst nightmare can already be living on your own network, namely your fellow employees, business partners, and consultants.
Event Date: April 21 12:00-4:30
Location: Rennselaer, Hartford, CT
Speakers to Include:
Chris Nickerson, CEO Lares
Technical: Layer 8 Attacks (Social Engineering)
Joan Goodchild, Senior Editor, CSO Magazine and CSO Online.com
Dan Marcil, Information Security Administrator, Fuel Cell Engergy, Inc.
Topic: Take a walk on the client side with Metasploit
Event Date: Febraury 17th, 12-4:30 (Event Registration Now Closed!)
Reducing costs and increasing productivity through device consolidation are high on IT departments’ lists this year. Virtualization technology enables rapid deployment of computing resources while also making it possible to build and deploy IT releases and changes faster than ever before. This potentially allows insecure IT infrastructure to be deployed throughout an enterprise faster than ever as well.
Gartner predicts that, “Through 2009, 60 percent of production VMs will be less secure than their physical counterparts” and that “30 percent of deployments [will be associated] with a VM-related security incident”.
Come to the ISSA-CT’s February event to learn more about Virtualization and what you can do to secure it.
Fee is $20 for members and $40 for non-members when registering in advance. $25 for walk-in members the day of the event and $45 for non-member walk-ins.Cash and check only on the day of the event. We regret that credit cards cannot be used on the day of the event as there will be no internet access at the facility for us. Full refund will be available when handled through the online registration process before 12:00 noon on Friday, February 13th.
Speakers to include:
Chris Hoff, Unisys Corporation
"Four Horsemen Of the Virtualization Security Apocalypse"
Lars Ewe, Technology Executive, Cenzic
"Virtualizing Application Security: Testing Production Applications in a Zero Impact Environment
Chapter Events & News 
SSA-CT HOLIDAY LUNCHEON, MEMBER MEETING, AND EDUCATION EVENT