ISSA Portland

Meeting – Thursday Sept. 17th, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

08.13.09 - 02:37pm

Thursday Sept. 17th, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

Bots PhD (Piled Higher and Deeper) – Detection

Craig Schiller, CISO, PSU

This session will dig deeper into the technology of bots and in particular
the technology used to protect the bots and the botherders. We will examine
fast flux DNS, dynamic DNS and other concealment and obfuscation techniques.
Attendees will examine botnet communication technology to improve their
ability to detect them in the field. Finally we will describe current
botnet detection technology.

What actions we can take to prevent infections, protect systems from bots,
collect intelligence about bots, and recover from their infestations? What
steps can I take to prevent some botnets from infecting my systems?

The nature of bots makes the profiles and signatures of many anti-malware
products less effective. Behavior is the key to detecting and reacting to
bots. Since behavior is dynamic we must gather information constantly to
recognize the signs of bot-like behavior. Similarly, user and
enterprise-level behavior can increase or decrease the susceptibility to bot
attacks. We will revisit the 5 reasons users believe they don’t have to
worry about bots. The session will cover enterprise-wide policies and
practices that will make your systems less attractive to botherders. Mr
Schiller will demonstrate the use of sandbox technology to analyze live
malware.

Category: Chapter Meetings, Events | Tags: | Be the First to Comment »

Check out the training tab for new opportunities

06.30.09 - 09:35am

See the Training tab for the Symantec Internet Threat briefing.

Craig

Category: Uncategorized | Tags: | Be the First to Comment »

May 21st, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

05.05.09 - 06:49am

Thursday May 21st, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

Elections, Elections, Elections and Preparing for the 09-10 Chapter Activites

After another year, elections were held for a new President, a new Vice President, Treasurer and Secretary. Elected chapter officals are:

President: Aaron Cronan

Vice President: David Stauffer

Treasurer: Doug Bristow

Secretary: Ben Trimbo

In addition to the elected officials, there are a couple of open board positions:

Program Chair

Vendor Outreach Chair

Mentoring Program Chair

Those interested on serving on the board, please contact Aaron Cronan (see http://www.issa-portland.org/contacts/).

After the elections, chapter members discussed the upcoming year and topics of interest.

Category: Chapter Meetings | Tags: | Be the First to Comment »

Thursday April 23rd, 2009 (Also See 2009 NW Conference Header Link)

03.25.09 - 07:38am

2009 NW ISSA SECURITY CONFERENCE – Registration is open
Hosted by ISSA – Portland Chapter
held at InnoTech Oregon Conference
Thursday, April 23
Oregon Convention Center

For information and registration visit http://www.innotechconference.com/pdx/Event/NW_ISSA_Security_Conference.php

Full day educational conference, lunch, InnoTech expo, reception & networking for:
$65 for non-members ISSA members
$50 for ISSA, ISACA Members and Institute of Internal Auditors Use Discount Code ISSA9MBR for discounted price

Travel budgets cut, but still want the professional development in 2009?
Want 7 CPE Credit Hours for less than $65?
Don’t miss this local, but quality conference for security

With a Business and Technical Track the NW ISSA Security Conference is part of a continued ambitious community outreach program for ISSA. The goal of our program is to provide decision makers, stakeholders, and professionals with the knowledge and understanding they need to more effectively secure their organization’s sensitive information and comply with emerging information privacy laws and regulations.

Topics for 2009 include:

- Future Security Implications of Cloud Computing & Social Media
- Botnets and the Army of Darkness
- Windows 7.0 Sneak Peek
- Implementing the SDL to Improve Organizations’ ROI
- Leveraging e-Discovery to Keep Security Funding
- Information Exchange: Understanding Information Assets
- Much more

Registration and information is available at http://www.innotechconference.com/pdx/Event/NW_ISSA_Security_Conference.php .

Your registration confirmation will contain parking and transit information.

We look forward to seeing you on April 23.

Category: Chapter Meetings | Tags: | Be the First to Comment »

Interface 2009 Conference March 18th at Oregon Convention Center

03.04.09 - 12:47pm

Because we value your involvement in the Oregon / SW Washington IT Community, F2F Events is pleased to extend this invitation for you and any of your associates at ISSA – Portland Chapter to attend the INTERFACE 2009 Conference.

With the guidance and enthusiastic support of the INTERFACE-Oregon Advisory Council, and our sponsors, INTERFACE has become the premiere IT conference in the Pacific Northwest. INTERFACE is dedicated to educating attendees on current innovations and future trends in the areas of:
* Information Security
* Business Continuance (Data Storage & Recovery)
* Enterprise Communications

INTERFACE returns to Portland for its sixth year on March 18th at the Oregon Convention Center.

Your invitation to INTERFACE 2009 includes:
* 20 Educational (Vendor-neutral) Seminars
* Keynote Presentation
(“Watching the Watchers” – Catching Thieves BEFORE They Break In!)
* Delicious Lunch Buffet (12:00pm – 1:30pm)
* 45 Vendor Exhibits
* Cocktail Reception (3:15pm)

Information Security and Disaster Recovery Planning are major pieces to a puzzle all IT professionals are tasked with solving. By taking advantage of your invitation to attend INTERFACE 2009, you will learn more about the technology innovations and make contacts with other IT professionals that can help bring together the components of your IT solutions.

Educational presentations are the cornerstone of the INTERFACE conference. The seminars scheduled for this year’s conference include…

* Current Threats and Countermeasures
* PCI Compliance for the Rest of Us
* Plaid Pantry – A Case Study on Simplifying Security
* Anatomy of a Web Attack: How Hackers Threaten Web Security
* Inside Today’s Threat Environment
* Infrastructure 2.0 – Virtualization and Beyond
* Storage DeDuplication
* Meeting the e-Discovery Requirement
* Data Center Transformation and Green IT
* Virtual Disaster Recovery
* SIP: You Can’t Afford Not to Look
* Be Green, Save Green – Today!

KEYNOTE PRESENTATION:
“Watching the Watchers” – Catching Thieves BEFORE They Break In!
Presenter: Chris Roberts, President, CCi5 Inc.

For more information, including the schedule and descriptions of the
aforementioned seminars and keynote, use the following link:
Schedules and Descriptions

INTERFACE brings together dozens of industry-leading solutions
providers demonstrating the most current product innovations and
providing in-depth discussion regarding your organization’s specific
IT challenges. For a list and descriptions of all sponsors and vendors
at INTERFACE 2009, use the following link:
sponsors and vendors

Registration is now open, and available via the INTERFACE website. For
your convenience, use the following link to the online registration
page: Online Registration

** NOTE: The deadline to register for INTERFACE 2009 is Monday, March 16th at 6:00pm.

INTERFACE is a private conference, for invited technology
professionals. It is not a job fair, and not open to students nor
anyone under 18 years of age. NO EXCEPTIONS. For more information,
contact F2F Events at 1-800-365-6402, or by email at:
info@f2fevents.com

We look forward to seeing you on March 18th at INTERFACE 2009 in Portland!

INTERFACE 2009… “Bringing the Pieces Together.”

F2F Events, Inc.
1225 NW Murray Blvd., Suite 107
Portland, OR 97229
800-365-6402

Category: Uncategorized | Tags: | Be the First to Comment »

Thursday March 19th, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

02.23.09 - 11:09am

Thursday March 19^th, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

Fundamentals of Web Application Penetration Testing

Part of building secure networks and applications is subjecting them to focused testing. In this presentation, security analysts from Anitian Enterprise Security will discuss methods, technologies and tactics in conducting Web Application Penetration testing. Topics covered include:

· Recon and analysis

· Authentication

· Session management

· Access Controls

· Injection Testing

· Data protection

· Error handling

· Application hosting

Biography

Adam Gaydosh, CISSP, CISA, GPEN, GIAC, QSA
Senior Security Analyst
Anitian Enterprise Security

Mr. Gaydosh is a Senior Security Analyst at Anitian where he oversees the IT Audit and Assessment division. Mr. Gaydosh specializes in application layer testing and IT compliance. Prior to working at Anitian, Mr. Gaydosh worked for a large national government contractor. Mr. Gaydosh provided security consulting services to numerous branches of the US Government, including the US Department of Defense. Mr. Gaydosh worked on site with the US Marines and Army securing classified networks, deploying PKI and identity management solutions and conducting rigorous security hardening of server systems. While working at Anitian, Mr. Gaydosh has conducted hundreds of security audits and assessments ranging from small regional financial institutions to large, global corporations. Mr. Gaydosh is currently involved in dozens of high-profile application tests, including conducting security tests on the next generation of elections systems. Mr. Gaydosh has numerous security certifications including the CISSP, CISA and the SANS certifications for security auditing and penetration testing. Mr. Gaydosh is also one of Anitian’s Qualified Security Assessors for PCI-DSS compliance.

Category: Chapter Meetings | Tags: | Be the First to Comment »

February 12th, 2009 11:30 AM – 1:00 PM Port of Portland – ISACA

01.06.09 - 07:20am

February 12th, 2009 11:30 AM – 1:00 PM Port of Portland

During the month of February, the chapter will be meeting with the ISACA chapter. This year’s event will feature Vivek Chudgar of Foundstone and he will be addressing Payment Card Industry (PCI) statndards.

Because this is a lunch event, the cost is $20.00 per plate and members can register at:

http://www.acteva.com/booking.cfm?bevaid=171975

We look forward to seeing you at the event.

Top Ten PCI Concerns

Abstract:
The Payment Card Industry Data Security Standard (PCI DSS) has changed
the way that many retail and e-commerce organizations approach
information security. It is a broad compliance document that demands
action on numerous fronts, making it difficult to decide where to
concentrate scant resources. This presentation draws on Foundstone’s
experience as a Qualified Security Assessor to identify the current top
ten concerns for most organizations that need to comply with PCI DSS.
Actionable advice for each concern will be provided from both a systems
implementation and audit perspective. No prior knowledge of the
standard is required, and even those who are not subject to PCI DSS will
find that many of the information security concerns presented are
universal across industries.

About the presenter:
Roman Hustad is a Principal Consultant at Foundstone where he
specializes in software and application security. Most of his
professional career was spent as an application developer in the payment
card and financial services industries. Roman’s interest in the PCI Data
Security Standard led to full time work in the security consulting
industry. He now helps Fortune 500 and government clients achieve their
security assurance goals using his deep technical knowledge of software
as well as his strategic experience with compliance and the software
development lifecycle. Roman is a frequent speaker, teaches Java
security classes, and holds the following certifications: PCI Qualified
Security Assessor (QSA), GIAC Secure Software Programmer – Java
(GSSP-J), Sun Certified Java Programmer (SCJP), Sun Certified Web
Component Developer (SCWCD).

Category: Chapter Meetings | Tags: | Be the First to Comment »

January 15th, 2009 5:00 – 8:00 PM at Paragon Restaurant & Bar (1309 NW Hoyt St)

01.06.09 - 07:03am

January 15th, 2009 5:00 – 8:00 PM at Paragon Restaurant & Bar (1309 NW Hoyt St)

CHAPTER MEMBERS ONLY

With last month’s cancellation of the chapter meeting, the board has decided to hold a “Meet-and-Greet” for our January meeting. We encourage chapter members to come and interact with other information security professionals and enjoy cocktails.

Category: Chapter Meetings | Tags: | Be the First to Comment »

Canceled – December 18th, 2008 5:00-8:00 PM at Paragon Restaurant & Bar (1309 NW Hoyt St)

12.01.08 - 06:02am

December 18^th, 2008 5:00 – 8:00 PM at Paragon Restaurant & Bar (1309 NW Hoyt St)

This meeting is for Chapter Members Only

Due to the current and projected weather conditions facing the Portland area the 12/18/2008 Paragon meeting is canceled. In January, the Board will discuss a social event for the chapter members. I am sorry for any inconvenience that this may place on our members, I appreciate your understanding and that of Paragon.

Kyle E. Miller, CISSP

President ISSA Portland

Category: Chapter Meetings | Tags: | Be the First to Comment »