April 2012 Chapter Announcements

Chapter News & Updates:

- Slides from March Meeting!

Click Here


Summary of upcoming ISSA Events:
- Forensic Lab – Steve Romig – April 11th
- Central Ohio ISSA Chapter Meeting – April 18th
- Central Ohio InfoSec Summit – May 17th – 18th

April Central Ohio ISSA Chapter meeting
Where: J. Liu Restaurant, Worthington
When: Wednesday April 18th, 2012
Time: 7:45 AM – 11:30 AM for all sessions
Member Cost:
Chapter Meeting – $0
Non Member Cost:
Chapter Meeting – $20
Sponsored By:

Checkpoint
Matthew Edington
Channel Account Manager
Phone: 650-492-3527
medington@checkpoint.com
http://www.checkpoint.com

Registration:
Event Registration

Schedule:
07:30 – 09:00 FAIR Users Group Breakout Session

07:45 – 08:00 Chapter meeting Registration with light Breakfast

08:00 – 08:50 Phishing Attacks

Advanced Persistent Threats (APT’s) – APT’s employ a combination of social engineering and well-coordinated, targeted, cyber attacks using trojans, remote control software, and other malware.  Several organizations are working to raise awareness surrounding APT’s, and they’re not just marketing firms.  This presentation will be an overview of two such awareness campaigns, Operation Aurora & Night Dragon from McAfee.  The lesson from both is the same:  It’s up to the Human Element to protect your organization.

Aaron Ansari, PhishMe

09:00 – 09:50 Case Study- Breach in the Cloud

This is a case study where an organization looking to gain scalability, without bearing the massive expense of running the entirety of its e-commerce environment on in-house data centers, outsourced to a cloud provider.  The organization’s compliance officer noticed that their site had “offshore pharmacy” links to it and that following them in turn bounced to another site.  Internal attempts to remediate did not last.  Analysis ultimately determined that the content management system used for the store had a vulnerability in it that had been exploited, allowing the attackers to achieve root access to the cloud provider’s systems underneath the application.  The software used to compromise the system was made up of heavily obfuscated code to search for, stage, and deliver payment card numbers back to the attacker in Moscow.  Root cause analysis ultimately identified mismatches between the expectations of the organization and the Cloud provider about responsibility for software management.

 Matt Curtin, founder Interhack Corporation

10:00 – 10:30 Regulatory Update

This presentation will cover the latest legal developments relating to privacy, security, and technology.  He will discuss upcoming legislation relating to security, breach notification, and privacy. He will also focus on recent enforcement actions by the Federal Trade Commission and developing case law. Evan will discuss strategy, decision making process, and tools that can be utilized to approach GRC in the enterprise.  Expect discussion on the very recent news regarding Facebook password requests from employers.

Mehmet Munur – Attorney, Tsibouris & Associates

10:40 – 11:30 Setting Up Internal Sting Operations

You’re boss comes in one day and tells you he thinks someone is reading his emails. He claims that every night he leaves his email open and when he comes in the next morning messages he hasn’t seen are marked as read. He wants you to solve the mystery. Now what do you do? When logs don’t give you the specific visibility you may need to solve some situations, sting operations might be able to help.   This talk will cover the basics of setting up corporate “cyber” sting operations. We’ll discuss when they are appropriate and when they might not be a good idea. We’ll discuss some common ways that organizations use these techniques to identify insider and external threats. Examples will be detailed to help you think outside of the box. The takeaways will be a few basic techniques that have shown value, a deep understanding of what data to capture and how to manage it, plus some strategic tips for effectively out maneuvering attackers with these techniques.

Brent Huston –CEO, Microsolved, Inc.


Details on Upcoming Events:
July 26thCISSP Prep Class

Begins July 26th, 1 night weekly/12 weeks

April 11thForensics Lab

Steve Romig of OSU will conduct a full day lab with a mix of lecture and hands-on application (lap top required). Beginner and intermediate level content, this course is very well suited for the IT professional or security practitioner who does not have forensics as their core competency. With a morning of lecture and a an afternoon lab, Steve will carefully layout the correct processes and procedures to follow, teach the audience how to utilize certain VMware tools critical to enabling a forencis project, and ensure the practitioner understands how to properly prepare and hand off data to an investigator.

Event Sponsor:

Steve Gruetter
Senior Business Development Manager
Expedient Communications
W: 614-246-0104 C: 614-397-2329
Steve.gruetter@expedient.com

Two volunteers needed!

Sold Out!

contact president@centralohioissa.org to be placed on waiting list!

May 17th & 18th - Central Ohio Infosec Summit

For more information regarding the InfoSec Summit

Click Here!


For more information on speaking, teaching, and sponsorship opportunities, contact info@centralohioissa.org.

This entry was posted in Uncategorized. Bookmark the permalink.

Comments are closed.