ISSA Baltimore Chapter Monthly Meeting April 22, 2015

Transcription

1 ISSA Baltimore Chapter Monthly Meeting April 22, 2015, Websense

2 Board of Directors Bill Smith, CISSP, GSNA, CEH, GPEN, GCFA, GCFE - President Sidney Spunt, CISSP - VP Operations Kevin Drury Secretary Carol Klessig, CISSP - VP Professional Development Rod Zwainz, CISSP, PMP - VP Education Phil Rogofsky, CISSP, Network+, CPA Treasurer Steve Chan, CISSP, PMP VP Membership Dennis Dworkowski, CISSP-ISSEP VP Outreach, Websense

3 Baltimore Chapter Sponsors

4 Agenda / Announcements Welcome to Parsons, 7110 Samuel Morse Drive, Suite 200 Columbia, Maryland Non-U.S. Citizen Requirements Any guests or new members in attendance? (ISC) 2 CPE Submissions Individual Responsibility New CISSP and SSCP Domains Chapter Strategic Plan Chapter STEM Activity New Member Promotion CISSP Chapter Badges / Shirts and Jackets with ISSA-Baltimore Logo CISSP Study Group Spring 2015 February 24 thru May 19, 2015 New Location: Phoenix TS Amazon Affiliates program LinkedIn Group Facebook Page ISSA-Baltimore Chapter Future Meeting schedule

5 New Members Since February Meeting Bradley Cullum Shane Daniels Stephen Kapuschansky Christine L. Kelly Zachary Kline Scott Lansing 265 Total Members Ambyr Leidig Deborah Maletz George Manousoyianakis Dorothy Patterson Gary Szukalski

6 ISSA International Conference: October Keynote Speaker Vinton G. Cerf Vice President and Chief Internet Evangelist Google Register Now for the ISSA International Conference October 12-13, 2015 Chicago, Illinois, USA The first 100 paid attendees will enter into a raffle to receive a FREE ipad!

7 CISSP Domains, Effective April 15, 2015 Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) Asset Security (Protecting Security of Assets) Security Engineering (Engineering and Management of Security) Communications and Network Security (Designing and Protecting Network Security) Identity and Access Management (Controlling Access and Managing Identity) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) Software Development Security (Understanding, Applying, and Enforcing Software Security)

8 Systems Security Certified Practitioner (SSCP) Domains, Effective April 15, 2015 * Access Controls * Cryptography * Security Operations and Administration * Networks and Communications Security * Risk Identification, Monitoring, and Analysis * Systems and Application Security * Incident Response and Recovery * The SSCP indicates a practitioner s technical ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

9 New Member Promotion Rules: 1. Promotion begins August 1, New member must identify referring member when joining 3. $25.00 Amazon Gift Card awarded to referring member 4. Referring member s registration must be current 5. Awards will be presented at monthly Chapter meeting 6. Program will run through December 31, 2015 and be reevaluated by the board after that time 7. Board of Directors not eligible to participate

10 Chapter Strategic Plan Vision - To be the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure Mission - ISSA is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members

11 Change to the Chapter By-laws ARTICLE I: Name Current: The name of this organization shall be the Baltimore Metropolitan Chapter, Information Systems Security Association, Inc., (ISSA) hereafter referred to as the "Chapter". Change: The name of this organization shall be the Central Maryland Chapter of the Information Systems Security Association, Inc., (ISSA) hereafter referred to as the "Chapter".

12 Chapter Strategic Plan-Core Values Collaboration - We believe that working together toward a common goal is essential to the success of the association. Knowledge Sharing - We encourage knowledge sharing as a result of our belief that all of us are smarter and more productive than any one of us. Leadership - We inspire each other to achieve and grow through a shared vision and passion to excel. Professional Development - We support the development of our people, association and profession through positive relationships, dynamic synergies and innovative growth opportunities. Innovation - We search for new avenues to improve the Cybersecurity community, ISSA International and our Chapter

13 Chapter Strategic Plan-Goals and Strategies Goal I:Expand Chapter Influence outside of Howard County Area Change chapter name to ISSA of Central Maryland Reach out to security companies outside Howard County Join and be active the Chesapeake region Tech Council Objective 2: Increase Benefit to Members Seek out more varied speakers for chapter meetings. Develop relationship with other organizations such as other ISSA Chapters, IIA, IEEE Baltimore, and ISACA. Create relationships with educational organizations to provide more costs training opportunities such as Phoenix Poll members to see what they what additional opportunities they would like the Chapter to pursue. Goal 3:Improve Relationship with Companies/Sponsors Create Corporate Ambassadors where members represent the Chapter to their employees, Start monthly communication/ newsletter to Sponsors Host on-site Meet and Greet Events at Large Companies. Poll Sponsors to determine what they would like out of Sponsorship. Goal 4-Promote Chapter's Identity Increase STEM involvement and participation events such in the HoCo STEM Festival. Increase involvement in local security events such as CyberMarylandConference;. Increase involvement with Howard Tech Council Increase support to our Student Chapter at UMBC and explore creating additional student chapters.

14 Chapter STEM Activities 3 rd HoCo STEM Festival-1-5 at HCC on June 7 th Chapter will be hosting a table 1 st Maryland STEM Festival November Chapter is an inaugural sponsor at the Supporter level Chapter may host an event

15 New Member Promotion Congratulations - $25.00 Amazon Gift Card winners: Chris Ambrose John Barker Scott Crum Jody Denner Chuck Dickens Charles Dickert * Devin Elmore * Ivan Gordon Monique Mitchner * Matt Morris Nick Rapp Katelin Rowley Oliver Thomas * Rod Zwainz *

16 ISSA-Baltimore CISSP Study Group Fall 2015 Schedule Phoenix TS, Little Patuxent Parkway, Suite 500 Columbia, MD Feb 15 Kickoff for CISSP - Cancelled Snow 24 Feb 15 Information Security Governance & Risk Management 3 Mar 15 Security Architecture & Design Cancelled Snow 10 Mar 15 Access Control 17 Mar 15 Access Control 24 Mar 15 Cryptography Part 1 31 Mar 15 Cryptography Part 2 7 Apr 15 Physical & Environmental Security 14 Apr 15 Software Development Security 21 Apr 15 Business Continuity & Disaster Recovery 28 Apr 15 Telecommunications & Network Security Part 1 5 May 15 Telecommunications & Network Security Part 2 12 May 15 Legal, Regulations, Investigations and Compliance 19 May 15 Security Architecture & Design 26 May 15 Operations Security 2 June 15 Practice Exam / Review

17 Our New Chapter Blog!! As 2015 is now underway, we wanted to provide you with a list of potential networking and volunteering opportunities tentatively scheduled for this year. We are always looking for members to assist with various outreach and chapter activities that need to be completed. You may be asking yourself, what is in it for me? Listed below are several benefits for volunteering your time to help the Baltimore ISSA chapter out. Volunteering provides a chance to learn new skills. Carol Klessig is learning to create a unique hash tag this weekend. Learning about social media (Twitter) may help Carol add to her resume. Please Carol at V_P_Professional_Development@issa.org If you would like to be considered for the new position known as Director of Publicity. Helping others learn and encouraging our youth feels great. Rewards are not always monetary. Encouraging a student can be your chance to pay it forward. This is especially beneficial for recent graduates or new members in the security field. Camaraderie. Social outings like our field trips can be a chance to form a new friendship with others in the IT field. CPE's. Working for the club can generate CPE's that can be used to maintain your certifications. Currently, we need our website updated and possibly redesigned. Does anyone have a experience in web design that could assist us with updating or redesigning our current website? You can volunteer for just a single event or on a regular basis. A variety of items exist that we could use assistance with. These items include writing a blog article, greeting members at the door or assisting with the setup/cleanup at chapter meetings. If you see a position aching to be filled, talk to one of the board members.

18 Rescheduled September 1, 2015

19 Open Software and Trust--Better Than Free? 2-Hour Live Event: Tuesday, April 28, 2015 Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London Web Conference Overview: Last year we were hit with multiple Open Source vulnerabilities. The most significant was Heartbleed, or was it the potential of Poodle or the other half dozen or so vulnerabilities. If it wasn t that, then what about ShellShock (the bash bug? The open source world is supposed to be safer as everyone can examine the software, but are enough experts examining it? Session Moderator: Phillip Griffin - ISSA Educational Advisory Council Member Speakers: Mark Kadrich- Chief Information Security & Privacy Officer, Health Connect Timothy Jarrett - Senior Director, Product Marketing, Veracode

20

21 2015 Meetings and Events Date Speaker Organization Topic January 28, 2015 Kathy Worgul Carroll County Business & Employment How Can LinkedIn Assist in Career Resource Center Advancement February 25, 2015 Robert K. Gardner New World Technology Partners Cyber Risk, Thru the Shareholder Lens March 25, 2015 Cancelled April 22, 2015 Anthony United States Department of Justice Insider Threats, or the Case of the Extra 8 Teelucksingh Lines of Code May 20, 2015 Brian E. Dykstra Atlantic Data Forensics, Inc. Murder or Self Defense? July 27, 2015 Rhonda Ferrell CyberSecurity & Your Professional Life: A Value-Add Approach September 1, 2015 Mid-Atlantic ISSA Security Conference, NIST, Gaithersburg, MD September 16, 2016 Joint Meeting w/ MD IMMA / Infragard October 12 13, 2015 ISSA International Conference Chicago Illinois

22 May 20, 2015 Speaker Brian E. Dykstra Atlantic Data Forensics, Inc. Mr. Dykstra has over 19 years experience in investigations, computer forensics, incident response, network and wireless security testing and information security. Mr. Dykstra was previously the CIO and Director of Professional Education at Mandiant, Inc. where he was responsible for the development and management of numerous advanced computer security and cybercrime investigation courses. Before founding Atlantic Data Forensics (formerly Jones Dykstra and Associates, Inc.), Mr. Dykstra was the CIO & Director of Professional Education and a founding member of Mandiant, where he was responsible for the development and management of numerous advanced computer security and cybercrime investigation courses. Prior to becoming a co-founder of Mandiant (formerly known as Red Cliff Consulting, LLC), Mr. Dykstra was a Senior Program Manager at Communications Technologies where he led commercialization efforts of computer security and managed services business groups; supervised the secure remote management of UNIX and Windows customer and network systems, and provided technical oversight for business development efforts and technical assistance to commercial and government sales groups.

23 May 20, 2015 Topic Murder or Self Defense? Brian Dykstra, CEO, Atlantic Data Forensics will review the West Virginia 1 st degree murder trial of Michael Ian Palmer for the pre-meditated killing of his father-in-law Everett Wilson during a home invasion break-in. Mr. Dykstra will recount the various testimony given during the trial and the digital evidence he was presented with as the defense computer forensics expert. From bar fights and brass knuckles to Facebook posts and crime scene investigations West Virginia v Michael Ian Palmer has it all.

24 April 22, 2015 Speaker Anthony Teelucksingh Senior Counsel at U.S. Department of Justice Federal prosecutor in the Criminal Division section responsible for the prosecution of cybercrime, including violations of the Computer Fraud and Abuse Act. Casework includes the prosecution of computer intrusions, damage to computers, illegal spam, online extortion, online stalking, identity theft, credit card fraud, and trafficking in counterfeit goods including luxury goods, pharmaceuticals, software, and motion pictures. Provide expertise to the U.S. Attorneys office and federal and state law enforcement agencies. Provide training to U.S. and foreign law enforcement agencies on electronic evidence, searching and seizing computers, and courtroom presentations in cybercrime cases. Represent the United States on cybercrime and privacy matters in multi-lateral international clients including the UN Office on Drugs and Crime Intergovernmental Experts Group on Cybercrime, International Telecommunications Union, Asia-Pacific Economic Cooperation Telecommunications Working Group, and Organization of American States. In bilateral discussions with numerous foreign governments on anti-cybercrime capacity building, privacy, data protection and law enforcement cooperation. Special Assistant United States Attorney, District of Maryland, to prosecute cases concerning cybercrime and criminal intellectual property violations

25 April 22, 2015 Topic Fannie Mae logic-bomb saboteur convicted A computer contractor has been convicted of planting a logic bomb on the servers of Fannie Mae, the financially troubled US housing and mortgage giant. Rajendrasinh Babubhai Makwana, 36, responded to the termination of his two-year-long spell as a software development contractor at Fannie Mae in October 2008 by planting a malicious script designed to wipe all the data from its network on 31 January Anyone attempting to access data on the system after the logic bomb went off would have received the message "Server Graveyard". Fortunately, Fannie Mae sysadmins found the malware days after Makwana left work at the Urbana, Maryland technology centre and weeks before the logic bomb was due to explode. Subsequent forensic analysis of computer logs traced the attempted attack back to Makwana's workplace laptop, which yielded more evidence. Because of his job developing software for Unix boxes, Makwana reportedly had access to the full range of Fannie Mae's 5,000 servers.