September 18th, 2008 3:00-5:00 PM - Con Way (2055 NW Savier St. Portland)

October 16th, 2008 3:00-5:00 PM - Con Way

November 20th, 2008 3:00-5:00 PM - Con Way

December 18th, 2008 5:00-8:00 PM - Paragon Restaurant & Bar (1309 NW Hoyt St)

January 15th, 2009 3:00-5:00 PM Con Way

February 12th, 2009 (Combined lunch meeting with ISACA)

March 19th, 2009 3:00-5:00 PM Con Way

April - Spring Conference at Innotech

May 21th, 2009 3:00-5:00 PM Con Way

TOPIC

“Current Cyber Threats and Counter Measures”

DESCRIPTION
Jon Miller, CISSP
Principal Consultant / Director of Services Sales – Assessment Team – Accuvant, Inc
 
Accuvant Role
Jon is a member of Accuvant’s Assessment team, specializing in penetration testing and enterprise level security assessment programs. Jon’s role is to provide world class security consulting services to Accuvant clients, provide technical leadership, and provide direction and strategy to Accuvant’s Security Assessment Services sales organization.
 
Experience
Jon has performed hundreds of penetration tests and enterprise security assessments. His experience includes wireless assessments/penetration testing, threat analysis, application assessments (web & binary), ISO compliance, Visa/MasterCard PCI/SDP, HIPAA compliance, incident response & forensics, physical security auditing, as well as network architecture design and review. His customers include many of the Fortune 500 companies.
 
Prior to joining Accuvant, Jon served as a member of IBM Internet Security System’s X-Force Penetration Testing Team, where he spent 4 1/2 years as a senior consultant and manager. At ISS, Jon was responsible for managing and engaging on multiple high visibility projects, at times having 4 to 5 other consultants reporting directly to him.
 
Notable Accomplishments
A prominent figure in the information security world, Jon has been featured in multiple publications such as Information Security Magazine and the San Jose Mercury News, and has been interviewed for television by CNN. A frequent contributor to industry conferences, Jon has also given presentations at Blackhat/Defcon, IEEE, ISSA, and Toorcon.

Thursday October 16th, 2008  3:00 - 5:00 PM at Con Way (2055 NW Savier St. Portland)

TOPIC
Computer Forensic Investigations in Civil Litigation

DESCRIPTION
Scott Stevens, In2itive Technologies, will help give us a better understanding of how a computer forensic investigation is implemented in civil e-discovery matters.
He will touch upon best practices and procedures, tools of the trade, practical tips, and even a little case law.

Scott Stevens serves as Business Development Manager for In2itive Technologies and their Electronic Discovery & Computer Forensics Consulting business. Mr. Stevens has been in the e-discovery & computer forensics industry since 1998 and has been a frequent speaker/presenter on electronic evidence discovery matters using computer forensics.

Mr. Stevens also provides litigation strategy consulting services to law firms including crafting Discovery Requests and Stipulation Agreements and preparing 30(B)(6) deposition questions. He has also managed computer forensics projects to various law firms,
including: Epstein Becker & Green, Dorsey & Whitney, O’Melveny & Myers, Jenkins & Gilchrist, Gray Plant Moody, Frost Brown Todd, Haynes & Boone, Stewart Sokol & Gray, Womble Carlyle Sandridge & Rice, Miller Nash, and Davis Wright Tremaine, to name a few.

He has co-authored a chapter in the book “Handbook of Computer Crime Investigation:
Forensic Tools & Technology”, by Eoghan Casey, and has been quoted on the CNN Internet web site and CIO magazine on computer forensics issues. He has also appeared on seven different West Coast television programs on topics dealing with computer forensics.

On September 18th, we will begin the 2008-2009 ISSA Portland Chapter events. During the summer, board members met and began organizing this year’s events. We encourage all chapter members and information security professionals to attend this month’s meeting. We will see you on the 18th.

TOPIC
Wrestling With E-Discovery

DESCRIPTION

If your organization hasn’t dealt with a litigation hold yet, the chances are it soon will. Allen Gurney, Director, Fios Consulting, will discuss effective policies, practices and technologies that can reduce the cost and risk of preserving and collecting electronic evidence.

Allen Gurney
Director, Fios Consulting

Allen Gurney is a litigation technology and electronic discovery veteran with a decade of in-the-trenches experience. He has successfully guided engagements for hundreds of clients, including the nation’s top law firms and Fortune 500 corporations. As a Director, Gurney helps clients significantly reduce the costs and risks of the e-discovery process. Prior to this role, he served as a Fios’ engagement manager focused specifically on review management. He also has served as a client services manager on Fios’ delivery team, managing the successful delivery of complex e-discovery projects.

President, Kyle Miller<president at issa-portland.org>
Vice President, Matt Beardal<vice-president at issa-portland.org>
Secretary, Ben Trimbo <secretary at issa-portland.org>
Treasurer, Doug Bristow <treasurer at issa-portland.org>
Ambassador, Michael Boyd<ambassador at issa-portland.org>

Board Members

Technology Director, Dustin Harris <communications at issa-portland.org>
Membership Chair, Maryl Fox <membership at issa-portland.org>
Program Chair, Aaron Cronan<programs at issa-portland.org>
Vendor Outreach Chair, Ben Trimbo<outreach at issa-portland.org>
Mentoring Program, Chair Tom Schauer<mentoring at issa-portland.org>
Education Chair, Craig Schiller<training at issa-portland.org>
Student Charter Advisor, Matt Beardal <studentcharter at issa-portland.org>
Webmaster, Tobias Rice <webmaster at issa-portland.org>
Student Charter President, Adam Miller <studentcharterpresident at issa-portland.org>

Anyone interested in running for one of the elected Board positions or volunteering for an appointed position should contact president<at>issa-portland.org.

Special Agent Daniel Nielsen with the FBI CyberCrime Division will be speaking on Cyber Crime and ID theft. It has been a while since the chapter has had a speaker from the law enforcement or government side of the house and this promises to be an enlightening presentation.

Normal time and place: 3:00 pm at ConWay (2055 NW Savier St. Portland)

Mike Boyd
President

Thanks to all of you for boosting our attendance at chapter meetings this year. I’m sure it’s a reflection of the excellent speakers and topics that our Program Directors have put together as well as the work of our Membership Director keeping in touch with you. The simple fact is that we’ve seen lots of new, and not recently seen, faces at the meetings and it’s been great.

Here are a few announcements for the month. I will probably be sending another announcement along mid-month.

1. March Chapter Meeting (Thursday March 20^th, 3:00pm at ConWay, 2055 NW Savier St. Portland

Production and Courtroom Admission of Evidence from Electronic Health Records: Not “Just What the Doctor Ordered!”

Electronic health records (EHRs) and electronic medical records (EMRs) are the core components of a wide range of federal, state and private initiatives. Conceived of as an electronic expansion and enhancement of traditional paper medical and administrative records, EHRs and EMRs are intended to help improve medical care, reduce healthcare administrative costs and enhance research, public health and other healthcare-related activities.

While these systems are intended to replace traditional medical and administrative records, however, little attention has been paid to the actual use of the information they generate in court. This is a crucial risk management function, since the failure or inability to produce and admit evidence supporting crucial decisions in litigation can lead to substantial verdicts against providers. At the same time, the courts have recently adopted new discovery rules for electronic evidence (called in this context electronically stored information, or ESI), and beginning to give ESI more rigorous scrutiny before admitting it in court.

John R. Christiansen is a principal in Christiansen IT Law, where he focuses on the implementation and management of healthcare information technology with an emphasis on privacy and security regulatory compliance, and risk management. John is a frequent national speaker and publishes regularly. His most recent book is An Integrated Standard of Care for Healthcare Information Security: HIPAA, Risk Management and Beyond (2005), the definitive legal treatise on security obligations applicable to healthcare information. He is also Co-Chair of the American Bar Association’s Committee on Healthcare Privacy, Security and Information Technology and past Chair of its Healthcare Informatics Committee. More information is available at the Christiansen IT Law website, www.christiansenlaw.net.

2. April Chapter Meeting at Innotech 2008 (Thursday April 17^th, Portland Convention Center

The ISSA Portland Advisory Council (consisting of 5 of the top CIO’s in the Portland area) will be discussing security topics from the CIO perspective. This annual event is always full of great information. For more information visit: http://www.innotechconference.com/pdx/Event/Portland_Events/Security_Staying_Ahead_of_the_Curve.php

3. Chapter Mentorship Program

Our revived mentorship program is not only a great way to earn valuable CPE credits, but an excellent opportunity to help new members of the information security profession. The chapter is in need of security professionals to pair up with the knowledge-hungry mentees. For more information visit: http://www.issa-portland.org/portland-issa-mentoring-program/

4. Regional Conference

The 4^th annual ISSA Northwest Regional Security Conference will be held on Wednesday April 23^rd at the Red Lion Hotel in Olympia, Washington. The planning committee is putting the final touches on the conference agenda, so mark your calendars for this fantastic event. The registration site will be up sometime in the next week. For more information contact vice-president@issa-portland.org.

5. Job postings

If you or anyone you know is interested in information security jobs in the Portland area or is interested in posting jobs, visit the chapter website for our “Jobs” page.

I hope to see you all on the 20^th.

Mike Boyd

President

Abstract:

Electronic health records (EHRs) and electronic medical records (EMRs) are the core components of a wide range of federal, state and private initiatives. Conceived of as an electronic expansion and enhancement of traditional paper medical and administrative records, EHRs and EMRs are intended to help improve medical care, reduce healthcare administrative costs and enhance research, public health and other healthcare-related activities.

While these systems are intended to replace traditional medical and administrative records, however, little attention has been paid to the actual use of the information they generate in court. This is a crucial risk management function, since the failure or inability to produce and admit evidence supporting crucial decisions in litigation can lead to substantial verdicts against providers. At the same time, the courts have recently adopted new discovery rules for electronic evidence (called in this context electronically stored information, or ESI), and beginning to give ESI more rigorous scrutiny before admitting it in court.

John R. Christiansen is a principal in Christiansen IT Law, where he focuses on the implementation and management of healthcare information technology with an emphasis on privacy and security regulatory compliance, and risk management. John is a frequent national speaker and publishes regularly. His most recent book is An Integrated Standard of Care for Healthcare Information Security: HIPAA, Risk Management and Beyond (2005), the definitive legal treatise on security obligations applicable to healthcare information. He is also Co-Chair of the American Bar Association’s Committee on Healthcare Privacy, Security and Information Technology and past Chair of its Healthcare Informatics Committee. More information is available at the Christiansen IT Law website, www.christiansenlaw.net.

TOPIC
How Far Are You From Best-in-Class Encryption and Key Management?
A Summary of the Aberdeen Research Report on Encryption and Key Management

DESCRIPTION
The greatly increased adoption and expanding uses for encryption is driving the need for centralized and automated key management solutions.

Mr. Brink will discuss the findings of the Aberdeen research report and other practices being deployed by leading organizations to protect data with encryption. He will discuss how organizations have addressed the challenges of encryption and key management, whilst delivering lower operational costs and achieving regulatory compliance.

Best-in-Class companies have already benefited by lowering the instances of actual or potential exposure while simultaneously supporting twice as many keys, yet reducing actual key management costs by an average of 34 percent.

Featuring: Derek E. Brink, CISSP VP & Research Director, IT Security, Aberdeen Group

Derek Brink joined Aberdeen as a senior high-tech executive experienced in strategy development and execution, corporate / business development, and product management / product marketing. He is a results-oriented leader with a proven track record of driving growth through new and enhanced product offerings, in companies ranging from start-up to Fortune 500. He brings a unique blend of analytical / technical background, combined with excellent communication skills and extensive information security industry expertise.

Before joining Aberdeen, Derek was RSA Security’s vice president of strategy and corporate development, and was earlier the product line director for RSA SecurID. Prior to RSA, his experience includes director of marketing at Gradient Technologies (now Entegrity); various marketing and business development positions with Transarc Corporation (a subsidiary of IBM); corporate marketing with Sun Microsystems; and a variety of technical sales and field marketing positions with Hewlett-Packard. He began his professional career as an analyst for the Central Intelligence Agency.

Derek was an active member of the five-company team that co-founded the PKI Forum, and as RSA Security’s representative was a member of the PKI Forum Executive Board and subsequently the Steering Committee for the OASIS Member Section on PKI. He is co-author of the book PKI: Implementing and Managing E-Security (ISBN: 0072131233).

Derek earned an MBA with honors from the Harvard Business School and a BS in Applied Mathematics with highest honors from the Rochester Institute of Technology. He also holds a second degree Black Belt in Tae Kwon Do.