February 2012 Chapter Announcements
ATTENTION, Important Notice:
The Technical Webinar with Brent Huston
Scheduled for Tuesday Jan 24th will be
rescheduled for a date TBD in the near future.
Chapter News & Updates:
- Slides from January Meeting!
All too often, legitimate and critically required security initiatives fail to reach fruition. Oftentimes, this is due to a lack of communication and understanding between the security practitioner and the business owners. Jack Jones, SR VP of IT Risk, Huntington Bank, will describe in detail how practitioners can achieve greater success by clearly linking an improved security posture to the success of the enterprise.
Jack Jones, SR VP of IT Risk – CISSP, CISA, CISM
The second a web application is published, your internal infrastructure is instantly exposed to vulnerabilities network-level protection can’t defend. Now that you’ve benefitted from our previous sessions information share of OWASP and the Top 10, we will dive into actual tactical mitigation tools available to help detect and mitigate the most common security vulnerabilities.
From WebGoat and WebScarab to VulnXML – OWASP has many free projects and web application security assessment tools, but which is right for your situation? The combination of Bill Sempf’s knowledge, Aaron Ansari’s practical application, tools and sample code (.NET) is just what you need to keep those hackers at bay.
Bill Sempf – Administrative Director, Locksport Intl / Director OWASP
Aaron Ansari – Regional Director, PhishMe / Director OWASP
At JPMorgan Chase Bank the challenge of balancing business flexibility and regulatory compliance is paramount. In the Retail lines of business: Consumer and Business Banking, Chase Mortgage Banking, Chase Auto Financing, and Chase Student Lending, as well as the supporting technology teams, compliance controls heavily leverage the Identity & Access Management processes and tools. The IAM team is charged with providing governance and monitoring of the banks access controls across nearly 1000 applications and thousands of infrastructure assets with 1.4M distinct levels of access for 2.1M non distinct users. The only viable solution to effectively manage this volume of data is broad integration, automation, and a strategic push to on board all assets to the IAM tool suite.
Kwame Fields – CISSP
March 13th – CISSP Prep Class
Begins March 13th, 1 night weekly/12 weeks
Click Here for Details & Registration
March 14th – Regular Monthly Meeting
Email Archiving in the Cloud
Keith Fricke, ISO, Catholic Health Partners
Compliance
Evan Tegethoff, Accuvant
PCI in the enterprise
Josiah Wilkinson, Nationwide
May 17th - Full Day Course on IAM
April 11th – Forensics Lab
Steve Romig of OSU will conduct a full day lab with a mix of lecture and hands-on application (lap top required). Beginner and intermediate level content, this course is very well suited for the IT professional or security practitioner who does not have forensics as their core competency. With a morning of lecture and a an afternoon lab, Steve will carefully layout the correct processes and procedures to follow, teach the audience how to utilize certain VMware tools critical to enabling a forencis project, and ensure the practitioner understands how to properly prepare and hand off data to an investigator.
Two volunteers needed!
contact president@centralohioissa.org for more details.
Click Here for event registration
April 18th – Regular Monthly Meeting
Phishing
Aaron Ansari, Phishme
Case study involving Forensics in the Cloud
Matt Curtin, Interhack
User Access Management
Local Speaker TBD
May 17th & 18th – Central Ohio InfoSec Summit
Details coming SOON!
Add comment January 23rd, 2012
