September 2012 Newsletter

Welcome to the September edition of the ISSA-UK Newsletter September 2012 Newsletter Dear Member, Now with the holiday season almost over, we’ve a series of exciting events over the next few months to draw us to the close of 2012. On September 6th, we are running the FutureShock! event, featuring Mike Neumann, Lt Col Bill Hagestad (RET), Check Point, and a panel full of the UK’s top CISOs.  Please register here – http://futureshock-london.eventbrite.co.uk.  If you have any questions for our CISO panel, please submit in advance. On September 7th we are running a highly topical workshop – “21st Century Chinese Cyber Warfare”, tackling the issue of APTs co-ordinated by China.   We offer ISSA-UK members a hefty discount and the opportunity to learn how to tackle the threat from nation states, in amongst your peers in an informal workshop environment.  Please register here – http://21stcenturycyberwarfare.eventbrite.com On September 20th, we have a regional event in Bristol – http://bristol-20th-september.eventbrite.co.uk On October 4th, we have a regional event in Leeds – http://leeds-4th-october.eventbrite.co.uk On October 11th, we have a regional event in Edinburgh – http://11octoberedinburgh.eventbrite.co.uk Last, but not least – please do book early for our December 6th meeting as we already have a line-up of top speakers – http://6thdec2012.eventbrite.co.uk If you would like to help out or have a topic that you’re especially keen on talking about, do get in touch and will do what we can to accommodate you. If you’ve not yet joined the ISSA-UK LinkedIn group, please do, as we will be posting last minute offers and updates on the site.  Please join here – http://www.linkedin.com/groups/ISSA-UK-Chapter-1831846/about Finally, we are looking for help on the team, both with Events and Sponsorship.  Please do get in touch if you are interested, as elections are coming up soon and you may be able to get yourself a prestigious position on the board. As always, stay secure and look forward to seeing you soon. Best wishes, Tim Tim Holman ISSA-UK President A big thank you to Les Fraser Leaving us as VP of Scottish Region is Les Fraser.  We thank Les for all his hard work in developing the Scottish Region and wish him all the best in future ventures.  Les will still be assisting ISSA-UK in an advisory capacity. New VP of Sponsorship – Federico Charosky We welcome Federico Charosky as our new VP of Sponsorship, who will also be looking after the Scottish Region.  Federico is based in Edinburgh and is a partner in a local consulting firm, Vacta.  Federico has already been helping out the team with sponsorship over the past two years and we are truly grateful for his support. ISSA-UK South West Regional News If you are located anywhere in the South West area of the UK and wish to participate in the regional meetings held at Bristol every quarter then please feel free to join us. Our aims are to share security news, supplier recommendations, job openings, tools & tips as well as to provide a forum to ask your peers any security-related questions; particularly if related to the South West of the UK. We hope to build a local IT security community where members are comfortable networking and have at least a friendly face or two to say “hi” to at industry events such as the annual InfoSec conference in London. We have a small (but growing) Linked-In group (search for ISSA-UK SW Region) and if you would like to help out, have a presentation slot at one of the meetings or just offer some advice then contact me, Alan Mercer, either through alan.mercer@issa-uk.org orhttp://www.linkedin.com/in/almercer. Our next event on the 20th September is listed above so sign up and come along! Director of ISSA-UK Northern Region / Midlands Region To help bolster information security community support in the Midlands and Northern England, we are looking for local ISSA-UK volunteers to help start regional chapters.  We ask that you arrange a humble two events throughout the year within your region, and ISSA-UK HQ will be fully supportive in ensuring you find a venue, speakers and any necessary funding. Get in touch if this sounds like something you would like to do! Chapter Elections This month we are looking to form a Nominating Committee for the election of the President, Secretary and two Officer Positions.  If you would like to stand for one of these positions, you will be asked to commit at least 8 hours per month, in addition to attending Chapter Meetings, and nomination instructions will follow with the next newsletter.  If you would like an informal chat about joining the team, please feel free to contact tim.holman@issa-uk.org to arrange a discussion. Have your say We’re always looking for involvement from our members.  If you want to get involved, either with a committee, in helping with regional events, or to engage the association with a research study or interesting project, just contact us. Our main point of contact is administration@issa-uk.org – or just contact anyone on the management team directly – firstname.lastname@issa-uk.org. Friend on Facebook Follow on Twitter Forward to a Friend Sponsors We thank our sponsors for their valued an continued support of ISSA-UK. Platinum  Gold  Silver Interested in sponsoring the ISSA-UK?  Speaking and other promotional opportunities are available throughout the year – please contact sponsorship@issa-uk.org for further information. Partner Events Business Continuity around Major Events in the UAE, 19th September 2012, Central London http://www.majoreventsinternational.com/Events%20flier.pdf £50 plus VAT for non-members of MEI (discounted to £30 plus VAT for members of ISSA).  If interested, please contact Piers Lawson.  Applicants will need to mention ISSA in their correspondence for the discount Winter SASIG ” Security – why should anyone listen to us?” – 30th October 2012, PWC, 7 More London Riverside, London One of the toughest challenges faced by the CSO and CISO is building the case for investment in security and fraud prevention.  Meanwhile in a period of austerity the search is always on for ways to cut costs. Security and fraud prevention are often seen as easy targets at the very time when companies are particularly vulnerable to the whole range of traditional and emerging internal and external security threats, and when the need for our services is even greater. The C-Suite cannot afford to ignore the threats to the business but it is often difficult to get their attention. For them a thorough business case for investment in security and fraud prevention is an essential rather than an optional extra.  At the Winter SASIG we will be exploring: The importance of a long-term strategic, business focussed approach to security and fraud prevention How to get the attention of our C-Suite colleagues over the noise of the many other urgent business challenges, and achieve their buy-in How to show that effective security risk management and fraud prevention can be both business enablers and a contributor to profits/the bottom line How to demonstrate ROI for our security and fraud prevention programmes through effective measurement Please register using the new registration form by visiting the following link http://bit.ly/L85L6N or calling +44 (0)1234 708456. 2nd Mobile & Smart Device Security Conference, 5th – 6th December 2012, Thistle Marble Arch, London, UK Learn from leading experts who have leveraged flexible technology strategies to address today’s enterprise mobility challenges at the 2nd Mobile & Smart Device Security Summit 2012. Corporate IT departments continue to support the platforms that their workforces are asking for. The key for security professionals is to change the focus from which devices to enable or not, to securely getting the company’s greatest asset, corporate data, out to end users.  Explore case studies from companies who are at the forefront of the drive to securely mobilise the enterprise to enable staff to become more productive and unlock new business opportunities. There will be a special focus on building, securing and auditing enterprise mobile applications.  Please quote ISSA UK or enter the online registration code IS121120-P to receive a 10% discount.  For more info or to register visit:www.mistieurope.com/mobile Have an event you would like to list? Please get in touch with administration@issa-uk.org.  follow on Twitter | friend on Facebook | forward to a friend Copyright © 2012 ISSA-UK, All rights reserved.

August 2012 Newsletter

Welcome to the August edition of the ISSA-UK Newsletter Message from the President Dear Member, I hope you are all enjoying the Olympics and are as proud as I am to count Team GB as one of the world’s best athletic teams, with only USA and China ahead of Team GB in the medals table it’s been a great excuse for people not to do any work.  London has been empty.  Boris told us all to keep away.  No doubt there will be a pile of security incidents for us to deal with upon our return! August is a quiet month for us and we don’t plan any events, conscious that members are taking a break, but September and beyond, things kick back into action. On September 6th, we are running the FutureShock! event, featuring Mike Neumann, Lt Col Bill Hagestad (RET), Check Point, and a panel full of the UK’s top CISOs. On September 7th we are running a very unique workshop – “21st Century Chinese Cyber Warfare”, tackling the issue of APTs co-ordinated by China.   We offer ISSA-UK members a hefty discount and the opportunity to learn how to tackle the threat from nation states, in amongst your peers in an informal workshop environment.  Places are limited for both events, and please book quick if you are interested. On September 20th, we have a regional event in Bristol – if you would like to help out or have a topic that you’re especially keen on talking about, do get in touch and will do what we can to accommodate you. If you’ve not yet joined the ISSA-UK LinkedIn group, please do, as we will be posting last minute offers and updates on the site. Finally, we are looking for help on the team, both with Events and Sponsorship.  Please do get in touch if you are interested, as elections are coming up soon and you may be able to get yourself a prestigious position on the board As always, stay secure and look forward to seeing you soon. Best wishes, Tim Holman Partner Event 44con – UK’s Premier Information Security Conference 5th to 7th September, London Last September the inaugural 44Con security conference was held at the Grange City Hotel to critical acclaim.  ISSA-UK has arranged for a special discount for all of its members who wish to attend it this year.  With an infosec day, two technical days, and pre-conference training, there should be something here for everyone. This year the conference is bigger and better, being held at the Millennium Gloucester Conference Centre in Kensington from the 5th – 7th September 2012.  ISSA is happy to be able to offer its members a 15% discount, granting reduced admission to what is rapidly becoming THE annual technical security conference within the United Kingdom. The discount is available for three, two, or one day tickets.  Please use the link below to activate it. http://44con-2012.eventbrite.com/?discount=44Con2012-ISSA-abf5eede7 Partner Event Winter SASIG “Security – why should anyone listen to us?” Hosted by PricewaterhouseCoopers, 7 More London Riverside, London SE1 2RT 30th October 2012, 8:45am to 3:30pm One of the toughest challenges faced by the CSO and CISO is building the case for investment in security and fraud prevention. Meanwhile in a period of austerity the search is always on for ways to cut costs. Security and fraud prevention are often seen as easy targets at the very time when companies are particularly vulnerable to the whole range of traditional and emerging internal and external security threats, and when the need for our services is even greater. The C-Suite cannot afford to ignore the threats to the business but it is often difficult to get their attention. For them a thorough business case for investment in security and fraud prevention is an essential rather than an optional extra. At the Winter SASIG we will be exploring: The importance of a long-term strategic, business focussed approach to security and fraud prevention How to get the attention of our C-Suite colleagues over the noise of the many other urgent business challenges, and achieve their buy-in How to show that effective security risk management and fraud prevention can be both business enablers and a contributor to profits/the bottom line How to demonstrate ROI for our security and fraud prevention programmes through effective measurement Please register using the new registration form by visiting the following link http://bit.ly/L85L6N or calling +44 (0)1234 708456. Friend on Facebook Follow on Twitter Forward to a Friend Platinum Sponsors Gold Sponsors Silver Sponsors Bronze Sponsors Have a story?  Want to be involved? We’re always looking for involvement from our members.  If you want to get involved, either with a committee, in helping with regional events, or to engage the association with a research study or interesting project, just contact us. Our main point of contact is administration@issa-uk.org – or just contact anyone on the management team directly. Partner Event ‘Business Continuity around Major Events in the UAE’ Central London, 2-6pm Wednesday 19th September Hosted by Major Events International £50 plus VAT for non-members of MEI (discounted to £30 plus VAT for members of ISSA). If interested, please contact Piers Lawson Applicants will need to mention ISSA in their correspondence for the discount  follow on Twitter | friend on Facebook | forward to a friend Copyright © 2012 ISSA-UK, All rights reserved.

May 2012 Newsletter

Message From the President

Dear Members,

We have had a busy few weeks with Infosec 2012 and have also been planning our events for the rest of the year.  Next week on May 10th we see our annual applications security event take place at Bletchley Park and I hope to see many of you there.  This is the first event we’ve done in conjunction with OWASP and we are looking to consolidate future events, especially in the regions, to bring together security communities in the regions – South West, East Midlands, Northern England and Scotland.  If you live outside of London and wanted to establish a local ISSA-UK Chapter or community, please do get in touch as we do have funds and support available to do this.

If you are an (ISC)2 member, you might also note that (ISC)2 are setting up local chapters.  We are working together as best we can to bring these events together under the same roof and also are talking to other industry associations to develop strong regional security communities.

As always, we love hearing from our members at events.  If you would like to come and talk at one of our meetings, perhaps about the job you do, how you face daily security challenges or discuss research you are involved in, then do contact us.

We have now got the security academy off the ground and are planning our first Security Leadership masterclass on May 22nd in London.  We aim to bring high quality training that is academically recognised to our members, focussing on soft-skills and helping aspiring CISOs achieve their leadership goals.

The HMS President agenda is almost ready to go and do watch out for the line-up in our next newsletter, as this is our most popular event, then of course the Olympics hit London and needless to say, there won’t be any ISSA-UK events in London a few weeks either side.

For those that made it to our open evening last week, thank you for coming along and it was nice to see you and we look forward to seeing you again very soon!

Best wishes,

Tim Holman
ISSA UK President

In this month’s Newsletter…

ISSA-UK / OWASP Web Application Security Training Day
10th May, Bletchley Park, Milton Keynes

The Mansion, Bletchley Park

ISSA-UK and OWASP are partnering for the first time to bring you a joint application security training conference.

This unique event will attact attendees from both ISSA-UK’s information security membership base, and OWASP’s web application specialists, bringing new thoughts and perspectives to both groups.

Join us for a full day of application security education, tools and methodologies at the historic Bletchley Park.   After the day’s talks are over, please join us for a tour of the famous WWII codebreaking facility!  The event is free for both ISSA and OWASP members. Agenda & Registration: Eventbrite

Regional Event – Avoidance Evasion, Compliance
15th May, Bristol

The event will focus on Governance, Regulation and Compliance, inline with our planned ISSA-5173 missiles for this year.

Over the last few years and very recently it seems, all companies have been hit by Regulatory requirements, such as PCI DSS, DPA and ensuring sufficient protection against those that still breach the Computer Misuse Act, more often than not, from within the organisation itself.

Companies that we work with either seem to Avoid regulatory requirements, ignore them and Evade, or choose to Comply, and the title of the event, “Avoidance, Evasion, Compliance” has stuck with us for quite a while, as reflects the knee-jerk approach that most companies, particular smaller ones, would take if faced with looming regulatory or compliance requirements.

Agenda & Registration:  Eventbrite

ISSA Security Leadership Academy
22nd May, London

Our ISSA Security Leadership Academy will kick off  on 22nd May at Grant Thornton, London with  four Business Skills Workshops for IT and Security Professionals with the intention of developing these first steps through to an Executive MBA for CISO’s and Security Leaders, delegates will receive a University certified ISSA Security Leadership Academy Certificate on successful completion of the programme:

They will cover the following topics:

1. Presenting Security (Credibly) to ‘C’ Level Executives  Communication & presentation skills for security leaders

2. Managing Teams and Group Dynamics – working effectively with technical and non technical staff

3. The Situational Leader in Security – Adaptability, choosing the right leadership style for the task in hand.

4. The Psychology of Enterprise Wide Security  – Developing a more mature security culture and awakening the organisation.

Full agenda & registration:  Eventbrite

International Board Election
Voting  Information 

The election of the International Board will be held online between June 1 and 30. Members will elect the President and five directors to lead the association for the next two years.

All members should visit www.issa.org to review and update their profiles by May 1. Memberships scheduled to lapse need to be renewed by May 31.

Unique voter credentials for the election will be sent to active General, CISO Executive, Lifetime and assigned Corporate, and Government Organizational members in good standing who have a current email address in their membership profiles.

Questions regarding membership status or the election should be directed to member@issa.org.

Senior, Fellow & Distinguished Fellow Nominations

Applications for Senior Member and your nominations for Fellow and Distinguished Fellow are now open again. The Fellow Program recognises sustained membership, volunteer leadership, and contributions to the profession. If you qualify then please submit an application as not only only are you gaining personal recognition but you’re also demonstrating the strength of the UK chapter.

Application forms are available on the International website and then should be sent to Andrew Cunnington, VP, Member Development for endorsement:  (andrew.cunnington@issa-uk.org)

December 2011 Newsletter

Message From the President

Dear Members,

Thank you all for your support over the past year – I hope our events schedule has exceeded your expectations and you have enjoyed being a member of the UK’s largest independent association of security practitioners.


We announce Gabe Chomic and Les Fraser as winners of this year’s elections.  Les will continue in his role as VP Scottish Region and Gabe joins us as VP of Alliances.  Congratulations to you both.

This month we put together a successful Incident Response Planning workshop in Bristol and thank Adrian Wright for his assistance.  We also ran events in Leeds and Glasgow on Trends in Information Security and thank Les Fraser for his help.

I am looking forward to seeing you at our December events – we have a Social Networking event planned for December 8th, and our annual Microsoft Security Day planned for December 13th.

If you have enjoyed our events, do remember that you can invite a friend or colleague as part of our guest programme (first meeting free) – please feel free to distribute this link, as we continue our efforts to top Northern Virginia and become the largest ISSA Chapter in the world – https://www. issa.org/Join/Visit.html.

Following our December events, our schedule will start again on the 8th of March, with our first chapter meeting.  We will announce the full schedule along with new member benefits in January.

In the meantime, we are looking for a member in the South West area (Bristol /  South Wales) to assist with events in that region. If you do know of anybody or would like to help, please do get in touch.

Best regards,

Tim Holman
ISSA UK President

In this month’s Newsletter…

Check out our new-look on-line newsletter, which will better reflect changes to news, events and partner events as they happen, as well as integration with our news updates from Twitter and EventBrite (for ISSA events agenda and bookings).

Continue reading