ISSA Baltimore Chapter Monthly Meeting February 25, 2015

Transcription

1 ISSA Baltimore Chapter Monthly Meeting February 25, 2015 Interset!, CyberCore Technologies, Phoenix TS,

2 Board of Directors Bill Smith, CISSP, GSNA, CEH, GPEN, GCFA, GCFE - President Sidney Spunt, CISSP - VP Operations Kevin Drury Secretary Carol Klessig, CISSP - VP Professional Development Rod Zwainz, CISSP, PMP - VP Education Phil Rogofsky, CISSP, Network+, CPA Treasurer Steve Chan, CISSP, PMP VP Membership Dennis Dworkowski, CISSP-ISSEP VP Outreach

3 Baltimore Chapter Sponsors

4 Agenda / Announcements Welcome to Parsons, 7110 Samuel Morse Drive, Suite 200 Columbia, Maryland Non-U.S. Citizen Requirements Any guests or new members in attendance? (ISC) 2 CPE Submissions Individual Responsibility New CISSP and SSCP Domains Chapter Strategic Plan New Member Promotion CISSP Chapter Badges / Shirts and Jackets with ISSA-Baltimore Logo CISSP Study Group Spring 2015 February 24 thru May 19, 2015 New Location: Phoenix TS Amazon Affiliates program LinkedIn Group Facebook Page ISSA-Baltimore Chapter Future Meeting schedule

5 New Members Since January Meeting Aaron Caruso Kevin Clark Shane Jager Aaron Levi Ryan Paal Thomas Pena Will Unkart Alexander Vining 278 Total Members

6 What? You didn't know Computers Control you? / ICS and SCADA 2-Hour Live Event: Monday, March 2, 2015 Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London Brought to you exclusively by ISSA. REGISTER NOW Join the conversation! #ISSAWebConf

7 Opening Doors for Women in the Information Security Field 1-Hour Live Event: Monday, April 6, 2015 Start Time: 1:00 a.m. US-Pacific/ 4:00 p.m. US-Eastern/ 9:00 p.m. London Brought to you exclusively by the ISSA Women in Security SIG. REGISTER NOW Join the conversation! #ISSAWISSIG

8 CISSP Domains, Effective April 15, 2015 Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Asset Security (Protecting Security of Assets) Security Engineering (Engineering and Management of Security) Communications and Network Security (Designing and Protecting Network Security) Identity and Access Management (Controlling Access and Managing Identity) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Software Development Security (Understanding, Applying, and Enforcing Software Security)

9 Systems Security Certified Practitioner (SSCP) Domains, Effective April 15, 2015 * Access Controls * Cryptography * Security Operations and Administration * Networks and Communications Security * Risk Identification, Monitoring, and Analysis * Systems and Application Security * Incident Response and Recovery * The SSCP indicates a practitioner s technical ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

10 Chapter Strategic Plan Vision - To be the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure Mission - ISSA is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members

11 Change to the Chapter By-laws ARTICLE I: Name Current: The name of this organization shall be the Baltimore Metropolitan Chapter, Information Systems Security Association, Inc., (ISSA) hereafter referred to as the "Chapter". Change: The name of this organization shall be the Central Maryland Chapter of the Information Systems Security Association, Inc., (ISSA) hereafter referred to as the "Chapter".

12 Chapter Strategic Plan-Core Values Collaboration - We believe that working together toward a common goal is essential to the success of the association. Knowledge Sharing - We encourage knowledge sharing as a result of our belief that all of us are smarter and more productive than any one of us. Leadership - We inspire each other to achieve and grow through a shared vision and passion to excel. Professional Development - We support the development of our people, association and profession through positive relationships, dynamic synergies and innovative growth opportunities. Innovation - We search for new avenues to improve the Cybersecurity community, ISSA International and our Chapter

13 Chapter Strategic Plan-Goals and Strategies Goal I:Expand Chapter Influence outside of Howard County Area Change chapter name to ISSA of Central Maryland Reach out to security companies outside Howard County Join and be active the Chesapeake region Tech Council Objective 2: Increase Benefit to Members Seek out more varied speakers for chapter meetings. Develop relationship with other organizations such as other ISSA Chapters, IIA, IEEE Baltimore, and ISACA. Create relationships with educational organizations to provide more costs training opportunities such as Phoenix Poll members to see what they what additional opportunities they would like the Chapter to pursue. Goal 3:Improve Relationship with Companies/Sponsors Create Corporate Ambassadors where members represent the Chapter to their employees, Start monthly communication/ newsletter to Sponsors Host on-site Meet and Greet Events at Large Companies. Poll Sponsors to determine what they would like out of Sponsorship. Goal 4-Promote Chapter's Identity Increase STEM involvement and participation events such in the HoCo STEM Festival. Increase involvement in local security events such as CyberMarylandConference;. Increase involvement with Howard Tech Council Increase support to our Student Chapter at UMBC and explore creating additional student chapters. 13

14 New Member Promotion Rules: 1. Promotion begins August 1, New member must identify referring member when joining 3. $25.00 Amazon Gift Card awarded to referring member 4. Referring member s registration must be current 5. Awards will be presented at monthly Chapter meeting 6. Program will run through December 31, 2015 and be reevaluated by the board after that time 7. Board of Directors not eligible to participate

15 New Member Promotion Congratulations - $25.00 Amazon Gift Card winners: Chris Ambrose John Barker Chuck Dickens Charles Dickert Devin Elmore * Ivan Gordon Monique Mitchner * Matt Morris Nick Rapp Katelin Rowley Oliver Thomas * Rod Zwainz *

16 ISSA-Baltimore CISSP Study Group Fall 2015 Schedule 17 Feb 15 Kickoff for CISSP 24 Feb 15 Information Security Governance & Risk Management 3 Mar 15 Security Architecture & Design 10 Mar 15 Access Control 17 Mar 15 Operations Security 24 Mar 15 Cryptography Part 1 31 Mar 15 Cryptography Part 2 7 Apr 15 Physical & Environmental Security 14 Apr 15 Software Development Security 21 Apr 15 Business Continuity & Disaster Recovery 28 Apr 15 Telecommunications & Network Security Part 1 5 May 15 Telecommunications & Network Security Part 2 12 May 15 Legal, Regulations, Investigations and Compliance 19 May 15 Practice Exam / Review Phoenix TS, Little Patuxent Parkway, Suite 500, Columbia, MD 21044

17 The ISSA Baltimore Chapter is organizing a networking visit and tour of the Jailbreak Brewery in March 21, 2014, 3:00 PM 5:00 PM Cost $10.00 per person Jailbreak Brewing Company 9445 Washington Blvd N Laurel, MD (443)

18 Our New Chapter Blog!! As 2015 is now underway, we wanted to provide you with a list of potential networking and volunteering opportunities tentatively scheduled for this year. We are always looking for members to assist with various outreach and chapter activities that need to be completed. You may be asking yourself, what is in it for me? Listed below are several benefits for volunteering your time to help the Baltimore ISSA chapter out. Volunteering provides a chance to learn new skills. Carol Klessig is learning to create a unique hash tag this weekend. Learning about social media (Twitter) may help Carol add to her resume. Please Carol at [email protected] If you would like to be considered for the new position known as Director of Publicity. Helping others learn and encouraging our youth feels great. Rewards are not always monetary. Encouraging a student can be your chance to pay it forward. This is especially beneficial for recent graduates or new members in the security field. Camaraderie. Social outings like our field trips can be a chance to form a new friendship with others in the IT field. CPE's. Working for the club can generate CPE's that can be used to maintain your certifications. Currently, we need our website updated and possibly redesigned. Does anyone have a experience in web design that could assist us with updating or redesigning our current website? You can volunteer for just a single event or on a regular basis. A variety of items exist that we could use assistance with. These items include writing a blog article, greeting members at the door or assisting with the setup/cleanup at chapter meetings. If you see a position aching to be filled, talk to one of the board members.

19

20 2015 Meetings and Events Date Speaker Organization Topic January 28, 2015 Kathy Worgul Carroll County Business & Employment Resource Center How Can LinkedIn Assist in Career Advancement February 9, 2015 Lori Harmon Women In Security SIG Webinar The Art of the Ask: How to Ask for and Get What You Want in Your Career February 25, 2015 Robert K. Gardner New World Technology Partners Cyber Risk, Thru the Shareholder Lens March 25, 2015 Rhonda Ferrell CyberSecurity & Your Professional Life: A Value-Add Approach April 15, 2015 Mid-Atlantic ISSA Security Conference, NIST, Gaithersburg, MD April 22, 2015 Anthony United States Department of Justice Teelucksingh May 20, 2015 Brian E. Dykstra Atlantic Data Forensics, Inc. October ISSA International Conference Chicago Illinois

21 March 25, 2015 Speaker Rhonda Farrell Rhonda Farrell is an Associate with Booz Allen Hamilton, primarily focusing on enterprise life-cycle activities as they relate to cybersecurity and quality. Her prior career experience was within operations, engineering, and security functional areas of Fortune 500 companies throughout Silicon Valley, CA. as well as with the US Marine Corps at Quantico, VA. She is a veteran committee member and leader within IEEE Northern Virginia, ISSA International (WIS SIG and Board of Directors), ISSA-NOVA, and ASQ 509 where she has worked on initiatives which provide member value, increase opportunities for professional development, stimulate growth, and enable realization of strategic partnering opportunities. She brings to the leadership teams -- enthusiasm, a strong work ethic, commitment to organizational principles, a deep technical background, sound management capabilities with a solid grounding in quality best practices.

22 March 25, 2015 Topic CyberSecurity & Your Professional Life: A Value-Add Approach Cybersecurity is a high growth field, but an inexact science -- an amalgamation, if you will, of theories, principles, and best practices pulled from the realms of quality, performance excellence, and change management. Explore how these bodies of knowledge can be more effectively intertwined to craft a solid roadmap using a value-add approach which guides both your customer solutions as well as your own career.

23 February 25, 2015 Speaker Robert K. Gardner New World Technology Partners Mr. Gardner formed New World Technology Partners (NWTP.net) in 1977 to incubate and promote advanced technologies and new ventures with business potential and national/public policy implications. His efforts focused upon High Performance Computing and Cyber Risk technologies directed primarily to National Security, Energy, Healthcare and Financial Services applications. He introduced and promoted intellectual property and launched new business units for 3 rd parties and the NWTP portfolio, including August Systems, Verdix, Meiko Scientific, Cryptek, Phoenix Numeric and Probity Labs. Under whose auspices he also produces training workshops, speaking engagements, articles & blogs and congressional testimony on the Impact of Cyber Risk with and for Government Agencies, marquee trade associations, NGOs and Academic Institutions. He currently writes, speaks and mentors on the Enterprise impact of Cyber Risk and has prepared briefings and testimony for the U.S. House of Representatives, Senate committees and industry forums. Mr. Gardner has a BSEE from Rensselaer Polytechnic Institute and studied graduate system engineering and business administration at Penn State and the University of Santa Clara respectively.

24 February 25, 2015 Topic Cyber Risk, Thru the Shareholder Lens The rapid rise in the frequency and sophistication of cyber threats presents an enterprise risk issue that demands more attention from the officers and directors charged with the stewardship of shareholders interests. Corporate enterprise assets, often in digital form (such as funds, intellectual property, etc.) or executed by digital activity (transactions, trading algorithms), are threatened by exploitable vulnerabilities and systemic risks. Shareholder value, which is affected by multiple factors in price/earnings that can be tied to reputation, brand integrity, and legal and regulatory exposure, is also subject to the severe impacts of cyber incidents. We have seen how swiftly an event or paradigm shift can take a toll on shareholder value. As a Deloitte report, Disarming the Value Killers: A Risk Management Study, notes, Almost 50% of Global 1000 companies lost 20% or more in share price in less than a month during the past 10 years some never recovered. Most major losses were as a result of a series of high-impact but low-likelihood events. To address the risk of cyber attacks ranging from nuisance to catastrophic and all points in between, corporate executives need to quantify the consequences of risk scenarios. But first, leaders must understand how their enterprise operates in today s cyberspace.