posted Feb 17, 2010 6:43 AM by Wayne Morrison
Due to a series of unforseen events, there will be no chapter meeting this month.
Information on upcoming meetings will be posted as soon as it becomes available.
|
posted Jan 3, 2010 1:25 PM by events issanh
Every major governance framework or regulation includes the injunction to involve and inform executive management and Board members as a part of the risk equation. How does a practicing professional in the fields of security, technology, or compliance succeed at such an extreme sport?
Join us at 6:30 PM on Thursday, January 21st, as Lee Beachy, SVP, Information Security at Laconia Savings Bank, considers the following checkpoints in planning best practices for risk communications:
- Effectiveness — Get to the real deal, summarize the essence, trending and critical factors
- Efficiency — overcoming communication challenges; scalable and contextual communications
- Excellence — vision, goal-setting, and audience localization in risk communications
- Ethics — reporting dangers, statistics, and errors of omission
About our speaker:
Mr. Beachy has three decades of experience in successfully managing IT teams and leading the integration of technology and process change in service organizations. He has led enterprise-wide business projects and his expertise includes the formulation of strategic technology and risk management processes into mission-critical service operations.
Meeting Details:
DATE: Thursday, January 21st, 6:30 PM
LOCATION: Manchester Public Library
405 Pine Street
Manchester, NH 03103
|
posted Nov 27, 2009 7:07 PM by Wayne Morrison
Join us on Tuesday, December 8th, 6:00 PM at the Portsmouth Public Library for a bite to eat, some lively discussion on security trends and a chance to network with some of the best and brightest InfoSec professionals in New Hampshire.
|
posted Oct 31, 2009 5:12 PM by Wayne Morrison
Join us on Tuesday, November 17th, 6:00 PM at the Manchester City Library, as our guest speaker, Ed Adams, President and CEO of Security Innovation, will explore " Real Risks & True Protections - Threats Technology Can & Cannot Protect Against".
About the Presentation:
There isn’t a security threat that you can think of that some security company’s marketing literature doesn’t promise a solution for. But despite the zeal of marketers there are still some threats to enterprise informationtechnology that the industry is just beginning to address. Take the phishing phenomenon for example. The premise here is pretty simple: send an email to a user and lie about where you’re sending it from (a bank is always good), tell them they have to urgently log into their account, provide a legitimate looking web link to click on in the message body and then steal their account info as they enter it onto an authentic-looking web page. There are a few technology issues here. The first is that many of the standard email protocols allow one to lie pretty easily about where a message is coming from. The second problem is that the average user doesn’t know if they’re at the legitimate banking site or not; it al looks like one big, complicated URL. This talk highlights the challenges that IT managers face when combating current and future threats. The talk vividly illustrates the limits of current technologies and takes a look forward to how evolving needs will be met.
About our Speaker:
Ed Adams is the President and CEO of Security Innovation, the independent authority on application security risk assessment, risk mitigation and education. He is a seasoned software executive with successful leadership experience in various-sized organizations that serve the IT security and quality assurance industries.
Mr. Adams is the founder and business owner of the Application Security Industry Consortium, Inc. (AppSIC), an association of industry technologists and leaders establishing and defining cross-industry application security guidance and metrics. He is on the board of the National Information Security Group (NAISG).
No stranger to the podium, Mr. Adams has presented to thousands at numerous seminars, software industry conferences, and private companies. He has contributed written and oral commentary for business and technology media outlets such as New England Cable News, Associated Press, CSO Magazine, SC Magazine, Boston Globe, CIO Update, Wall Street Reporter, Investors Business Daily, Optimize and CFO Magazine.
Mr. Adams is in the process of writing a book titled “Information Security Management: Survival Guide”, which will be published by Wiley & Sons and is due out in 2010. He also has maintains a blog with CSO Magazine and is a columnist for CIO Update.
Chapter Meeting Details:
DATE: Tuesday, November 17th, 6:00 - 8:00 PM
LOCATION: Manchester City Library Auditorium, 405 Pine Street, Manchester, NH 03103
|
posted Sep 28, 2009 6:37 PM by John Forest
[
updated Sep 28, 2009 6:53 PM
]
Join us on Thursday, October 8th, 6:30 PM at the Portsmouth Public Library, as our speakers will explore "Governance, Risk & Compliance" and "The Evolution of SIM, SEM and SIEM".
About our speakers:Bruce Beck, Vice President of Sales and Business Development for Avior Computing. Mr.
Beck has over 30 years of successful sales, business development and
management experience in the technology industry, primarily focused on
early stage companies. Mr. Beck significantly contributed to the
successful IPOs of three companies where he was an executive. Mr.
Beck joined Avior Computing in 2006, an emerging leader in the
Governance Risk and Compliance (GRC) market, as the 3rd employee with
responsibility for Sales and Business Development. Avior Computing’s
customers include Cigna, Huntington National Bank, United Parcel
Services, Guardian Insurance and Pearson Publishing. Mr. Beck
earned a BS in Business Administration and a minor in Computer Science
from the University of Illinois and a Masters in Finance from Boston
College. He is an avid competitive golfer. Mr. Beck and his wife
reside in North Hampton, New Hampshire. Mark Carboni, Technology Consultant at RSA, The Security Division of EMC.
Mark
has over 26 years of technology experience spanning various
disciplines, interacting and collaborating with a diverse group of
solution seekers, from C level and below. Mark specializes in
providing Security Information and Event Management [SIEM] solutions to
NY and New England enterprise customers. Presentation Abstracts:Governance, Risk & Compliance
The Executive Board of any large enterprise wants to know that the organization is appropriately protected against potential risk. The ultimate objective of risk management is to define and understand the risk tolerances of the enterprise, manage to those tolerances; optimizing the risk/return of the business. In addition, increased accountability and transparency is being demanded of corporate executives and boards of directors from both customers and regulatory agencies. Renewed enforcement and enhancements of regulatory requirements are becoming more evident and the costs associated with compliance are increasing significantly. This is occurring at the same time that resources are being stretched thin, if not altogether eliminated. It has been estimated that spending on Governance, Risk & Compliance (GRC) exceeded $32 billion in 2008 [i]. Budget priorities are becoming more focused on enterprise and operational risk management. As enterprises continue to spend time, money and resources on GRC, finding effective and economically sound ways to identify and manage the processes and procedures implicit in GRC is an enterprise imperative. GRC is not just one particular subject, discipline or endeavor. It is the attempt to develop a unified approach to interrelated tasks and events within an enterprise, including among other things: · risk management · policy management · compliance management · continuity of business management · asset management · audit management · threat management · incident/event management · vendor management In my presentation I will provide an overview of the elements of a GRC program and provide an overview of what to look for in tools to implement a GRC program. I will also relate IT GRC to Operational Risk Management and highlight overlaps and differences. The Evolution of SIM, SEM and SIEM
Check back here soon...
|
posted Aug 19, 2009 8:51 AM by Wayne Morrison
[
updated Aug 28, 2009 9:14 AM
]
We will be having the September Chapter meeting on Thursday September 10th, 6:00 PM at the Manchester Public Library. The topic for this meeting will be 'Application Penetration Testing', presented by George Gal, CISSP. Founder / Managing Security Consultant – Virtual Security Research, LLC (VSR).
|
posted Jul 23, 2009 8:43 AM by Wayne Morrison
We will be having the August Chapter meeting on Thursday August 13th, 6:30 PM at the Portsmouth Public Library. The topic for this meeting will be 'Threat Assessment - An IT Perspective', presented by Tom Clark, Director of IT Infrastructure Continuity Services at Liberty Mutual.
Summary:
The focus of this presentation is the identification of threats and vulnerabilities in the corporate environment, specifically in the areas of IT processes and infrastructure and the recommended step by step process for mitigating those vulnerabilities. Special emphasis will be made on IT Business Continuity Management (BCM) standards and the value of the execution of a Business Impact Analysis.
Bio:
Tom Clark is the Director of IT Infrastructure Continuity Services for Liberty Mutual. Tom has over 35 years of experience managing Data Centers and IT infrastructure for Fortune 500 companies with IT facilities in 40 countries on six of the seven continents of the world. Tom is an expert in operational readiness and IT Resiliency and has been a featured speaker at national conferences such as the 2009 Continuity Insights National Conference in Phoenix and the 2008 CPM National Conference in Orlando. His most recent published article appeared in "Continuity" (a European magazine) in May 2009.
|
posted Jun 29, 2009 5:51 PM by Wayne Morrison
[
updated Jun 29, 2009 5:53 PM
]
We will be having the July Chapter meeting on Thursday, July 16th, 6:00 - 8:00 PM at the Hooksett Public Library. The topic for this meeting will be "Virtual Machine Security", presented by Stan Black, CISSP.
|
posted Jun 29, 2009 8:58 AM by John Forest
New Hampshire ISSA members are eligible for a discount on an upcoming Ethical
Hacking and Systems Defense course.
Course
Description: Ethical Hacking and
Systems Defense is a hands-on, intensive,
three-day workshop immersing students in the methodologies and application of
hacking concepts and techniques. This workshop introduces students to footprinting,
scanning, gaining and maintaining access, covering tracks, and securing their
own systems. When students leave this class they will have hands-on experience
and an understanding of hacking concepts and techniques.
Download the flyer for more information http://www.ittrainingsolutions.net/Documents/ceh_flyer_harvard.pdf
Location: Harvard University
Date: August 10th -12th
2009
Tuition: $3000 discounted to $1595 for
ISSA members
Registration: link to REGISTRATION FORM
Contact: Matt Bell 801-649-4030 matt@ittrainingsolutions.net |
posted Jun 8, 2009 5:29 PM by John Forest
The results are in...Our election committee has tallied the votes and the by no surprise, the newly elected officers are: | President | John Forest
| | Vice-President | Scot Sakelarios
|
| Secretary | Bob Witmer
| | Treasurer |
Gary Dentremont
| Membership Director
| Todd Waskelis
|
Communications Director
| Wayne Morrison
|
Congratulations to the new Board members. This will be an exciting year! |
|
