Information Systems Security Association

Meeting Details:

The February meeting has reached capacity. Unfortunately we are unable to register additional attendees or take walk-in's at the door..

DATE: Wednesday February 10th

TIME: 11:30 - 1:30pm.

LOCATION: Maggiano's (11800 W Broad St # 2204, Richmond, VA 23233)

COST: ISSA members: $10 & Non-Members: $20

After Feb. 3rd

COST: ISSA members: $15 & Non-Members: $25

2010 Cyber Threats and Trends

Presentation Synopsis:

This presentation is a description of the current cyber security landscape from the iDefense perspective. It discusses emerging trends that occurred in 2009 from a technical and a geopolitical perspective, makes some predictions about what may occur in 2010 and then looks over the horizon to the next 5 to 10 years to outline emerging technological and cultural trends that will impact the defense of the enterprise in the future. This white paper represents a snapshot of everything that iDefense understands about the cyber security landscape to date. Throughout 2009, two major themes emerged in terms of cyber security: a steady evolution of malicious tools of the trade (tactics) and a shift in the center of gravity from typical network defenders and commercial security companies to government policy makers in terms of security thought leadership and spending (strategy). In terms of ongoing and new tactics, this presentation covers increased speed in exploit code development, alternative hosting and command infrastructure for malware, manipulating search engine results to distribute malware, and new business practices in the carding underground.

After a series of well-publicized breaches in corporate and governmental networks during the past two years, governments from around the world have begun to understand that counter-tactics alone will not solve the problem. Many geo-strategically powerful governments have taken steps to implement or refine official cyber warfare policies and capabilities. They have begun forming the nexus for strategic thinking and dedicating large sums of money to the problem. This is a shift. Heretofore, financial institutions, information technology (IT) departments and global security companies provided thought leadership for the security industry and the impetus to spend money. As more and more governments wade into the fray, the center of gravity for these activities is shifting away from private enterprise and into the government sector.

Speaker:

Kristen Dennesen is an intelligence analyst and deputy of the International Cyber Intelligence team at iDefense and a US Fulbright Scholar.

Upcoming Meetings:

2010

February - 2010 Cyber Threats and Trends, by iDefense
March - Windows 7 Security, by Microsoft
April - Database Security, by Application Security Inc.
May - NW security trends and best practices, by Juniper

Past Meeting Presentations:

2010

January 13 - Cloud Computing Security Issues by Randy Marchany, SANS

2009

January 14 - Your Browser Wears No Clothes... by Michael Sutton
February 11 - Emerging Security Trends by Brian Fielder
March 11 - WhiteListing - Preventing Malware from entering your network by Bill Aubin
April 15 - Integrating eDiscovery Records Management by Janeine Charpiat
May 13 - Storage Security Best Practices by Gordon Arnold
June 10 - What Your CEO Should Know About Information Security by Randy Sabett
July 15 - FBI-sponsored Regional Computer Forensics Laboratory (RCFL) program by Shelia Teague
August 14th - How is the Federal Government Addressing CyberSecurity by Shane Harris
September 16th - Software Security Requirements by Paco Hope
October 14th - ”Federated identity management”, PING Identity
November 11th - Annual CxO Panel: InfoSec, Risk Management Leadership and Challenges
December 9th - Global Business Protection with World-class Enterprise Security Services, by Roland Cloutier

2008

January 9 - The Latest on the Security Threat Landscape by Brian Fielder
February 13 - Privileged Password Management Best Practice by Barak Feldman
March 12 - VoIP Security Threats, Vulnerabilities, Countermeasures, and Best Practices by Peter Thermos
April 9 - Mad Dash To Push Everything Online – Including SCADA by Jerry Martin
May 14 - Network Access Control (NAC) -- Lessons learned by Eric Weakland
June 11 - Making a Business Case for Security to Internal Stakeholders by PK Kinser, Rick Witherow, and Bob Brown
July 9 - Assessing a Web Application Security Development Program by Bob Austin
August 13 - DNS Vulnerability (What did Kaminsky find?) and Secure DNS by Alan Clegg
September 10th - Large Scale Search Strategy & Architecture to Support Regulatory Compliance & Incident Response by Andy Bair
October 8 - Pen Testing as an Auditing Tool - With an Update on Legislation by Bryan Miller
November 12 - Cyber Threat Landscape by Ryan Olson
December 10 - A Cost Effective Approach to Application Security by John Pavone

2007

January 10 - Botnets by Tyler Hudak
February 7 - Critical Components of an Effective Information Risk Function by Bryan Palma
March 14 - Department of Homeland Security Security Overview by Jerry Dixon
April 11 - Wireless Security by Tad Steinberg
May 9 - Information Assurance and Data Security by Jack Callahan
June 13 - PCI Compliance by Bob Brown
July 11 - Practical Incident Response by Steve Fahrenkrog
August 8 - VISTA Security by Miles Romello
September 12 - Security Metrics by Bob Austin
October 10 - Encryption & Key Management -- Falling through the Cracks by Terence Spies
November 14 - Enterprise Security Architecture by Prentice Kinser
December 12 - The State of Incident Response by Rich Cummings

Presenters in the National Media

Randy Sabett

Date: July 8, 2009
Article: Cyber Attacks
News Outlet: PBS
http://www.pbs.org/video/video/1175920320/program/979359630#

Shane Harris

Date: July 13, 2009
Article: Congress's role in strengthening the nation's intelligence agencies.
News Outlet: CSPAN
Congress's role in strengthening the nation's intelligence agencies



		Meetings