Compliance 2010 –Local Security Leaders Discuss “What Works”

Be a part of the conversation!  Panelists representing several industry sectors will discuss challenges, the changing landscape, and “what works” in security compliance.   This promises to be a highly informative discussion with real world issues and ideas you can put to use in your organization.

See the ISSA-Portland training page for details!

Network Device Trust/NAC -  Network Admission Control

This presentation will provide an overview of Network Access Control (NAC); the problems it can potentially solve, the technologies involved, and the landscape of available NAC solutions. Tom Harpham, Senior Network and Security Consultant with Network Computing Architects, will expand on the technical components of various NAC solutions, including Juniper Networks, McAfee, and Cisco implementations. The presentation will include a live demonstration of NAC solutions from 2 OEM vendors to highlight the similarities and differences in approach.

Tom Harpham, has over 18 years of experience in Networking & Converged Technologies focusing on solution design, secured network architecture and deployment strategies. Tom has extensive experience implementing network controls such as firewalls & VPN solutions, IDS / IPS systems, SEIM’s, Network Access Controls, DSU’s, routers, switches, multiplexers, terminal servers and complex IP Telephony systems completing his core strengths in LAN / WAN troubleshooting, analyzing security risks and recommending mitigation strategies. Additionally, Tom specializes in network segmentation and compliance related business initiatives; and has performed class room style training to customers on a variety of platforms and protocols.

Special Meeting–Thursday Dec. 17th, 2009 4:00–7:00 PM at Paragon (1309 NW Hoyt Street, Portland)

The ISSA Portland meeting for December is taking place at Paragon. There will be catered Hors D’oeuvres, wine, beer, and more time to socialize than typical meetings (the holidays are coming after all).

The presentation on SQL Injection comes highly recommended from a few of our members.

See you on the 17th!

Presentation

SQL Injection

This talk provides a brief introduction to SQL injection and continues with a discussion of advanced exploitation methods.
The presentation concludes with coverage of various prevention and mitigation strategies.

Outline

- History & Background

- Basic Examples

- Common Exploitation Methods

* Exfiltration

* Escalation

- Prevention, Avoidance & Mitigaiton

* Encoding

* Data Validation

* Deployment Configuration

Speaker
Timothy D. Morgan taught himself BASIC programming when he was twelve years of age and has been studying computers ever since.  After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University), Tim joined VSR to work as an application security consultant.  While at VSR, Tim has helped clients secure their computing infrastructures through application penetration testing, security code reviews, software and systems architecture assessments, and security policy reviews.

Tim has conducted dozens of digital investigations over the past several years and recently co-founded VSR Investigations, LLC where he leads the digital forensics practice.  He is also the author and maintainer of several open source forensics tools, namely GrokEVT, RegLookup, and tableau-parm.

Audits and Auditors

Seattle SecureWorld Expo is a great event for CLE credits and netowrking with security professional.

Portland ISSA members get a discount off the already affordable rate.

Visit: www.secureworldexpo.com using code – PortISSA

Topic: Virtualization and Security

Grant Asplund, Head of Market Development, Altor Networks 

Grant Asplund is Head of Market Development and leads sales for Altor Networks. Previous to joining Altor Networks, Mr. Asplund was the Vice President, Enterprise Sales for NeuStar where he led the global sales efforts for enterprise infrastructure services. Before that, he was President and CEO of MetaInfo where he was responsible for driving the company to develop SAFE DHCP TM. At the beginning of 2007 he successfully sold MetaInfo to NeuStar. Prior to acquiring MetaInfo from Check Point Software Technologies, he was the Worldwide Senior Product Evangelist for Check Point where he traveled the globe speaking and representing Check Point at numerous industry and partner events, seminars and company conferences. Before Check Point Software, Mr. Asplund lead sales at MetaInfo. MetaInfo was subsequently acquired by Check Point software in April 1998. Mr. Asplund began his career in the technology industry in 1983 when he was involved in opening an Apple dealership and has held several sales, marketing and management positions since then with Apple, Silicon Graphics, ComputerLand and Traveling Software.

Internet Security Threat Report Briefing
Wednesday, July 22, 2009

11:30 am – 1:00 pm
Lunch will be served.

Portland City Grill
111 SW 5th Ave.
30th Floor
Portland, OR 97204

Click here to Register