News

Social Networking – Are You Protecting Your Privacy?

Social networks have become a staple of everyday life for individuals from all walks of life - in fact, Facebook may now be the most popular U.S. Site – and use of these new forums in business is soaring. However, potential privacy and security threats abound and, despite broad media coverage, many users remain unaware of how to address them.

Secure360°™ Conference speaker Chris Veltsos was recently featured in a local news article with suggestions on how to stay safe on sites like Twitter and Facebook. Beyond calling out reasonable limits on publishing private information (like not advertising when you are away from home or when your birthday is) he echoes what many others also say is key – passwords.

Earlier this year, a flood of press and blog entries lamented the poor state of security knowledge when it was revealed that hundreds of thousands of RockYou users chose simple passwords such as ‘123456’. But does this represent poor security knowledge or practice on the part of users or just cognizance that RockYou is not online-banking (e.g. the password ‘rockyou’ was #8 on the most-used list)? Do users really choose the same password for RockYou, Facebook, and their email, online banking and corporate accesses?

Perhaps remaining secure with the ever growing inter-twining of personal/professional social networking, online services and corporate access requires a more pragmatic and holistic approach than the standard ‘use unique complex passwords’ or sole focus of security education on the business context. New approaches, such as tiered passwords advocated by Veltos or combined personal/business education efforts like that from the MN State CISO, will be required to help secure our personal and professional privacy and information in this new era.

If you are concerned about social networking, maintaining your privacy, or educating your users, ensure you attend the Secure360°™ conference for great sessions from local and national speakers on these topics and more.

Cheap CPEs for Sale

Article by Ray Kaplan - CISSP, ISSAP, ISSMP, CISA, CISM, CGEIT, NSA IAM and IEM, ISO 27001, IRCA

As you know, gathering the Continuing Professional Education (CPE) credits needed to keep your certifications current, taking training classes, and gathering knowledge can be a very expensive and time consuming business. I know this all to well since nearly all of that fruit salad of certifications after my name require CPEs. I attend many training classes. And, I'm just like you - my quest for knowledge is never-ending.

In my quest for CPEs and knowledge, I attend many classes, seminar, and events. Many of these are national and international conferences and meetings. In fact, I'm a conference junkie of long standing and I can probably best you in an airline frequent flyer mileage contest. Imagine the cash drain of all of that running around. Not the least of these expenses are the conference and seminar registrations that I pay when I do not speak. As you know, they can run into the thousands of dollars each.

Contrast that with the very modestly-priced Secure360°™ conference and pre-conference training.

Since the requirements for CPEs vary somewhat between credentials, I do not know exactly how many you can claim for attending Secure360 and pre-conference training. However, I do know that no matter how many CPEs you can claim for attending the conference, Secure360°™ is really cheap CPEs for sale.

Revisiting the Amazing 2010 Secure360°™ Pre-Conference Line-up

Your security skills are more critical to your organization with every passing day - you need cost-effective methods to acquire and retain the cutting edge knowledge so key to your success!

With this in mind, we’d like to offer you another look at the exciting range of half- and full-day pre-conference educational sessions UMSA and our member organizations have assembled for you. These sessions are presented by select, top-notch practitioners and educators from across the industry, covering topics relevant to today's security environments. And now, for a nominal fee, we’re giving you the option to attend our preconference sessions without attending the full conference – a rock-bottom priced educational deal!

Please see our website or check-out abstracts below to find an educational session tailored just for you, then join us on Monday, May 10, 2010, at the St Paul RiverCentre to continue to boost your knowledge!

UMSA Sponsored Selections

IT Auditing - Hacking your Network Before the Hackers Do

Randy Romes, Brian Johnson, Chris Knight, LarsonAllen
8:00 AM - 4:30 PM, $149.00
Session sponsored by the Upper Midwest Security Association (UMSA)

Organizations spend a tremendous amount of effort and resources to secure their perimeter connections to the Internet. In spite of this effort, hackers still find ways to compromise sensitive data. The SANS 2009 Top Cyber Security Risks report identifies "client side" software vulnerabilities and "Internet facing web site" vulnerabilities as the top two issues organizations face. This session will look at some common ways that hackers take advantage of these situations to breach organizations defenses, whether it is the systems that are Internet accessible (Outside - In attacks), or via systems that reach out to access the Internet (Inside - Out attacks). more

Security Architecture for System Administrators (morning session), and 20 Critical Security Controls: Planning, Implementing and Auditing (afternoon session)

John Strand, SANS
8:00 AM - 4:30 PM, $149.00
Session sponsored by the Upper Midwest Security Association (UMSA)

These two sessions will give system administrators up-to-date tools and techniques to illuminate evidence of potentially malicious activity on their systems and to implement and audit critical controls. Learn to identify hackers in specific software applications and websites, implement the Top Twenty Most Critical Security Controls, as well as do what is required to meet audit and security requirements. more

Additional Selections from our Member Organizations

Secure Audit Logging: How to Build Visibility into your Software for Improved Security and Compliance

Gunnar Peterson, Software Security Expert and Managing Principal at Arctec Group
8:00 AM - 12:00 PM, $99.00
Session sponsored by AdvanceIT Minnesota
more

Control and Security of Windows

Kevin Nibler, Canaudit
8:00 AM - 4:30 PM, $99.00
Session sponsored by the Minnesota Chapter of the Information System Audit and Control Association (ISACA)
more

Information Security and Privacy: Where are We Going and How Can We Measure Risk and Success

Rebecca Harold, Rebecca Harold & Associates, LLC
8:00 AM - 4:30 PM, $49.00
Session sponsored by the Minnesota Chapter of the Information Systems Security Association (ISSA)
more

10 Essential Steps for Everyone's Business Continuity Program

Fred Klapetzky, Marsh Risk Consulting
1:00 PM - 4:30 PM, $25.00
Session sponsored by the Business Continuity Planners Association (BCPA)
more

(ISC)2 Certification Examination (SSCP, CAP, CSSLP, CISSP, others)

(ISC)2 Proctored Exam
8:00 AM - 3:00 PM
Session sponsored by the Minnesota Chapter of the Information Systems Security Association (ISSA)
Register

Jill Knesek to Keynote Wednesday Morning Session

The Upper Midwest Security Alliance would like to announce that, due to an unforeseen scheduling conflict, Jill Knesek, Chief Security Officer at BT, will be replacing Bruce Schneier as our Wednesday morning keynote speaker.

Jill Knesek -- Chief Security Officer, BT
 Ms. Jill Knesek is the Chief Security Officer for BT Global Services. In her current role she is responsible for all security matters globally including Strategy, Security Policy & Compliance, Physical Security, Information Security, Travel Security, Regulatory Compliance and Investigations. Jill has a very diverse security background that has made her uniquely qualified to handle the wide range of security needs for a region that has seen dynamic growth and rapid change as BT pushes to expand its portfolio around the globe.

Prior to joining BT, Jill was the Director of Reactive Operations for the Cable & Wireless Managed Security Services group where she managed a large global team providing 24x7x365 operational support for all managed security services. In 1998 Jill joined the FBI as a Special Agent and was assigned to the Computer Crime Squad in the Los Angeles field office. During her work with FBI she was involved in several high-profile cases including the Kevin Mitnick case where she acted as the co-case agent and the Mafiaboy case where she led the FBI investigation as case agent and worked closely with the Royal Canadian Mounted Police (RCMP) in Montreal, Canada. Jill also was the case agent for the first FBI undercover operation that infiltrated the hacker community. The undercover operation was used to support many criminal investigations in the U.S. and abroad and was instrumental in providing support to the National Infrastructure and Protection Center (NIPC) during the Kosavo bombings.

Jill has a Bachelor of Science degree in Computer Science from Texas A & M University and has spent 15+ years working in the computer and security field. She also has her CISSP (Certified Information Systems Security Professional) certification as well as a CISM (Certified Information Security Manager). Jill’s office is located in El Segundo, CA but she routinely travels to London, New York and the Washington DC area. She can be reached via email at jill.knesek@bt.com.

Events

ISACA Roundtable: Microsoft Windows 7 for the Optimized Desktop

Date and Time: Apr, 20, 2010 8:00am
Location:

Deloitte & Touche – 27th Floor Conference Room
50 South Sixth St
Minneapolis, MN 55402

Space is limited. To reserve your spot, please register by contacting Tiffany Swenson at (651) 290-6283 or by E-mail at tiffanys@ewald.com. Please include name, organization, phone number and email address. Reservations will be taken on a first-come, first served basis.

In this session, Kevin will introduce Windows 7; Microsoft’s newest operating system for desktop, laptop, netbook and tablet computers. We’ll discuss the specifics around what makes Windows 7 just as great as you’ve heard it is; faster, more reliable, more secure, more compatible, and easier to use. You’ll learn how businesses are getting real value through reduced support costs and TCO, simply by replacing older operating systems with Windows 7.

Our speaker: Kevin Remde, Microsoft IT Professional Evangelism

Kevin Remde is an IT Pro Evangelist with Microsoft. A prolific blogger, Kevin shares his thoughts, ideas and tips on his “Full of I.T.” blog (http://blogs.technet.com/kevinremde). He also contributes to and moderates the TechNet Forum IT Manager discussion posts screencast demos and interviews on TechNet Edge and presents live TechNet. Kevin is an engaging speaker and webcaster who has landed several times on Microsoft's top 10 webcast list, and has delivered many top-scoring TechNet events and webcasts. In his past outside of Microsoft, Kevin has held positions such as software engineer, information systems professional, and information systems manager. He loves sharing helpful new solutions and technologies with his IT peers.