Next Meeting: September 27th – Web Application Hacking

Published on September 21, 2010 in Announcement and Meeting. 0 Comments Tags: .

Date: Monday, September 27th, 2010
Time: 11:30am to 1:00pm
Topic: Web Application Hacking
Format: Presentation
Speaker: N/A

Web Application Hacking

The presentation this month will be a demo on profiling and attacking a web application.  The intent of the demo is to show where our applications are most vulnerable and thus require additional protection.  The demo will be presented by me with the help of Steve Healey our chapter treasurer and Information Security Engineer at Integrity.  I look forward to seeing you all there.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

Published on September 21, 2010 in Announcement and Meeting. 0 Comments Tags: .

Next Meeting: August 23rd – Roundtable – Verizon DBIR

Published on August 19, 2010 in Announcement and Meeting. 0 Comments Tags: .

Date: Monday, August 23rd, 2010
Time: 11:30am to 1:00pm
Topic: Verizon DBIR
Format: Roundtable
Speaker: N/A

Roundtable Discussion – The Verizon 2010 DBIR:

We will be discussing the 2010 Data Breach study conducted by the Verizon Business RISK team in conjunction with the US Secret Service.  This is the first year for the USSS data so there are some interesting changes from previous years.  You can download the report from the following link.

http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Published on August 19, 2010 in Announcement and Meeting. 0 Comments Tags: .

Next Meeting: July 26th – Measuring and Communicating Risk with FAIR

Published on July 20, 2010 in Uncategorized. 0 Comments

Date: Monday, July 26th, 2010
Time: 11:30am to 1:00pm
Topic: Measuring and Communicating Risk with FAIR
Format: Speaker
Speaker: Kevin Riggins

Measuring and Communicating Risk with FAIR:

Measuring and communicating risk is a challenging task. Having a repeatable, well understood method of measuring risk that is based on a common taxonomy is very important. Factor Analysis of Information Risk provides both a framework for defining and understanding risk and a basic method of analyzing and communicating that risk.

Speaker Bio

Kevin Riggins, CISSP has over 22 years of experience in information technology and has focused on Information Security since 1999. He has been a Certified Information Systems Security Professional since 2004 and currently works for a Fortune 500 financial service company where he leads a team of information security analysts responsible for internal consulting, risk assessments and vendor security reviews. He writes about various information security topics on his blog, Infosec Ramblings ( http://www.infosecramblings.com), has been published in (IN)Secure magazine, and is a frequent speaker at conference and industry association meetings. He has served as the technical editor for Syngress on several books; CISSP Study Guide, CompTIA Linux+ Certification Study Guide (2009 Exam), and Eleventh Hour Linux+.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Date: Monday, May 24th, 2010
Time: 11:30am to 1:00pm
Topic: Protecting Your Applications from Backdoors
Format: Speaker
Speaker: Clint Pollock

Protecting Your Applications from Backdoors:
How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data

With the increasing practice of outsourcing and using 3rd party libraries, it is nearly impossible for an enterprise to identify the pedigree and security of the software running its business critical applications. As a result backdoors and malicious code are increasingly becoming the prevalent attack vector used by hackers.

Whether you manage internal development activities, work with third party developers or are developing a COTS application for enterprise, your mandate is clear- safeguard your code and make applications security a priority for internal and external development teams.

In this session we will cover;

  • Prevalence of backdoors and malicious code in third party attacks
  • Definitions and classifications of backdoors and their impact on your applications
  • Methods to identify, track and remediate these vulnerabilities

Speaker Bio

Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk.  Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.  Clint resides in Chicago, IL.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Published on July 20, 2010 in Uncategorized. 0 Comments

Next Meeting: June 28th – Roundtable: Iowa’s Breach Notification Law (SF 2308)

Published on June 22, 2010 in Meeting. 0 Comments Tags: .

Date: Monday, June 28th, 2010
Time: 11:30am to 1:00pm
Topic: Iowa’s Breach Notification Law (SF 2308)
Format: Roundtable
Speaker: N/A

Iowa’s Breach Notification Law (SF 2308)

We will be reviewing the provisions of Iowa’s breach notification law (SF 2308) and the impact to our organizations. This will be a round table discussion.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Note: Location has changed for the June Meeting.

Integrity Technology Systems, Inc.
2525 N. Ankeny Boulevard, Suite 111, Ankeny, IA 50023
Cell: 515.333.2260  |  Phone: 515.965.3756  |  www.ensureintegrity.com | dave.nelson@ensureintegrity.com

Please RSVP by calling or emailing Dave Nelson.

[mappress]

Published on June 22, 2010 in Meeting. 0 Comments Tags: .

Next Meeting: May 24th – Protecting Your Applications from Backdoors

Published on April 29, 2010 in Announcement and Meeting. 0 Comments Tags: .

Date: Monday, May 24th, 2010
Time: 11:30am to 1:00pm
Topic: Protecting Your Applications from Backdoors
Format: Speaker
Speaker: Clint Pollock

Protecting Your Applications from Backdoors:
How to Secure Your Business Critical Applications from Time Bombs, Backdoors & Data

With the increasing practice of outsourcing and using 3rd party libraries, it is nearly impossible for an enterprise to identify the pedigree and security of the software running its business critical applications. As a result backdoors and malicious code are increasingly becoming the prevalent attack vector used by hackers.

Whether you manage internal development activities, work with third party developers or are developing a COTS application for enterprise, your mandate is clear- safeguard your code and make applications security a priority for internal and external development teams.

In this session we will cover;

  • Prevalence of backdoors and malicious code in third party attacks
  • Definitions and classifications of backdoors and their impact on your applications
  • Methods to identify, track and remediate these vulnerabilities

Speaker Bio

Clint Pollock is a Senior Solutions Architect at Veracode. Since 1997, he has also created security solutions for large-scale enterprise environments on behalf of CREDANT Technologies and Netegrity. In his current role, Clint helps globally distributed organizations evaluate, track, and mitigate their application security risk.  Clint’s greatest strengths are his enthusiasm, experience and determination to help customers succeed in maintaining secure, compliant systems, and avoid the consequences and bad headlines that come with application security breaches.  Clint resides in Chicago, IL.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Published on April 29, 2010 in Announcement and Meeting. 0 Comments Tags: .

Next Meeting: April 26th – Backtrack 4: Install and Demomstration

Published on April 19, 2010 in Announcement. 0 Comments Tags: .

Date: Monday, April 26th, 2010
Time: 11:30am to 1:00pm
Topic: Backtrack 4: Install and Demo
Format: Demonstration
Speaker: Kevin Riggins

Kevin Riggins, author of InfoSec Ramblings (http://www.infosecramblings.com), which hosts one of the most popular Backtrack install how-tos, will be giving a quick demonstration of how to install Backtrack to a USB thumb drive and then give a couple of demonstrations on some of the capabilities of this tool.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Published on April 19, 2010 in Announcement. 0 Comments Tags: .

Next Meeting: March 22nd – Roundtable Discussion: Security Monitoring

Published on March 22, 2010 in Announcement and Meeting. 0 Comments

Date: Monday, March 22nd, 2010
Time: 11:30am to 1:00pm
Topic: Roundtable Discussion: Security Monitoring
Format: Discussion
Speaker: N/A

This month’s meeting will be a round table discussion about security monitoring. Come join the conversation.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Published on March 22, 2010 in Announcement and Meeting. 0 Comments

Next Meeting: February 22nd – Oracle Security Risks

Published on February 9, 2010 in Announcement and Meeting. 0 Comments Tags: .

Date: Monday, February 22nd, 2010
Time: 11:30am to 1:00pm
Topic: Oracle Security Risks
Format: Speaker
Speaker: Stephen Kost

Stephen Kost is the Chief Technology Officer for Integrigy Corporation.  He has been writing about and presenting on Oracle security and auditing for the past 11 years.  He has worked with Oracle products since 1994 in many roles including database administrator, technical architect, IT security auditor, and applications administrator.

Stephen says “For most IT security professionals, the Oracle Database is a security challenge due to the complexity of the database and lack of database experience, especially as these databases often contain an organizations most critical data.  This presentation will focus on a few of the highest risk and most difficult to solve security risks in an Oracle Database environment including security vulnerabilities, password weaknesses, and generic privileged access.  To highlight the unrealized risk of security vulnerabilities in the database, a number of actual patched and un-patched security issues will be demonstrated.  In order to mitigate these risks, resources and best practices for securing an organization’s database will be discussed.”

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Published on February 9, 2010 in Announcement and Meeting. 0 Comments Tags: .

Next Meeting: January 25th – Inspecting the OSI Layers

Published on January 13, 2010 in Announcement and Meeting. 0 Comments

Date: Monday, January 25th, 2010
Time: 11:30am to 1:00pm
Topic: Inspecting the OSI Layers
Format: Speaker
Speaker: Jim A. Libersky

Jim will be walking us through all 7 of the OSI layers and how they work together. Understanding how the OSI stack works together is more important today than ever.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Published on January 13, 2010 in Announcement and Meeting. 0 Comments

Next Meeting: November 23rd, 2009 – Privacy Breach or Not A Privacy Breach?

Published on November 13, 2009 in Announcement and Meeting. 0 Comments Tags: .

Date: Monday,November 23rd, 2009
Time: 11:30am to 1:00pm
Topic: Information Security Incident: Privacy Breach or Not A Privacy Breach?
Format: Speaker
Speaker: Rebecca Herold

There are many types of information security incidents that occur in organizations on a daily basis.  However, information security incidents are not always a privacy breach.  There are currently 48 US state and territory breach notice laws, and they have been joined by the HITECH Act breach response requirements.  Not to mention the FISMA breach response requirements for federal agencies. So, what is a “breach” under these laws?  The general question of “what is a privacy breach” is one that too few organizations have really answered, documented and prepared response plans to cover.  Rebecca will provide different types of incidents and talk with session attendees about whether or not they would be a privacy breach under the HITECH Act in particular, and the other breach response laws in general.  She will also discuss whether notice would be necessary.  The types of incidents discussed will be some that are often not considered when creating incident and breach response plans, but need to be because they occur fairly often.

If you are not a member of ISSA and would like to visit to see what we are all about, please go here to register as a guest.

Location: Buccaneer Computer Systems

[mappress]

Published on November 13, 2009 in Announcement and Meeting. 0 Comments Tags: .