July 2012 Newsletter

Message From the President

Dear Members,
“Just a reminder that we still have spaces for the CISO’s Den event this Thursday, where you can join John Walker and Ira Winkler as keynote speakers and Integralis, Venafi, Exonar, Quotium, MetaCompliance, WhiteBox Security, Verdasys, Threatscape, Tripwire, Ciphercloud, Trustwave and Thycotic Software as our CISO’s Den Participants.

Each vendor will be given 10 minutes to tell us what makes their product the best – I’m sure you know the drill, and it looks set to be one of our most popular events this year.

To register, please visit here –

We have also secured Ira Winkler to run a security awareness masterclass the day before, Wednesday     11th July.  A limited number of spaces remain – please register here

I look forward to seeing you there!

Best regards,

Tim Holman

In this months issue:

 

Ira Winkler’s Security MasterClass
Wednesday 11th July 2012
London

A unique one day ISSA Master Class for Corporate Executives, Security Professionals and Business Leaders – Learn ways to protect yourself, your family, your livelihood and your business from organised crime – This is information that every business leader must know!   Delegates will be able to take away a unique 3 month security awanress programme which they can implement within their organisations.  Agenda & Registration

 

CISO’s Den
Thursday 12th July
HMS President, London

In the CISO’s Den event, ten security software/solution vendors battle it out for the best Speaker and best Product prizes, given at the end of the day and voted on by the audience.  We offer each vendor a 10 minute speaking pitch and split the sessions over an hour in the morning and an hour in the afternoon.

We welcome Ira Winkler, a world renowned expert on Social Engineering and author of “Spies Among Us” and “Zen and the Art of Information Security” as our keynote speaker. Agenda & Registration

Partner Events:  Please see our partner section

 

 

 

 

 

May 2012 Newsletter

Message From the President

Dear Members,

We have had a busy few weeks with Infosec 2012 and have also been planning our events for the rest of the year.  Next week on May 10th we see our annual applications security event take place at Bletchley Park and I hope to see many of you there.  This is the first event we’ve done in conjunction with OWASP and we are looking to consolidate future events, especially in the regions, to bring together security communities in the regions – South West, East Midlands, Northern England and Scotland.  If you live outside of London and wanted to establish a local ISSA-UK Chapter or community, please do get in touch as we do have funds and support available to do this.

If you are an (ISC)2 member, you might also note that (ISC)2 are setting up local chapters.  We are working together as best we can to bring these events together under the same roof and also are talking to other industry associations to develop strong regional security communities.

As always, we love hearing from our members at events.  If you would like to come and talk at one of our meetings, perhaps about the job you do, how you face daily security challenges or discuss research you are involved in, then do contact us.

We have now got the security academy off the ground and are planning our first Security Leadership masterclass on May 22nd in London.  We aim to bring high quality training that is academically recognised to our members, focussing on soft-skills and helping aspiring CISOs achieve their leadership goals.

The HMS President agenda is almost ready to go and do watch out for the line-up in our next newsletter, as this is our most popular event, then of course the Olympics hit London and needless to say, there won’t be any ISSA-UK events in London a few weeks either side.

For those that made it to our open evening last week, thank you for coming along and it was nice to see you and we look forward to seeing you again very soon!

Best wishes,

Tim Holman
ISSA UK President

In this month’s Newsletter…

ISSA-UK / OWASP Web Application Security Training Day
10th May, Bletchley Park, Milton Keynes

The Mansion, Bletchley Park

ISSA-UK and OWASP are partnering for the first time to bring you a joint application security training conference.

This unique event will attact attendees from both ISSA-UK’s information security membership base, and OWASP’s web application specialists, bringing new thoughts and perspectives to both groups.

Join us for a full day of application security education, tools and methodologies at the historic Bletchley Park.   After the day’s talks are over, please join us for a tour of the famous WWII codebreaking facility!  The event is free for both ISSA and OWASP members. Agenda & Registration: Eventbrite

Regional Event – Avoidance Evasion, Compliance
15th May, Bristol

The event will focus on Governance, Regulation and Compliance, inline with our planned ISSA-5173 missiles for this year.

Over the last few years and very recently it seems, all companies have been hit by Regulatory requirements, such as PCI DSS, DPA and ensuring sufficient protection against those that still breach the Computer Misuse Act, more often than not, from within the organisation itself.

Companies that we work with either seem to Avoid regulatory requirements, ignore them and Evade, or choose to Comply, and the title of the event, “Avoidance, Evasion, Compliance” has stuck with us for quite a while, as reflects the knee-jerk approach that most companies, particular smaller ones, would take if faced with looming regulatory or compliance requirements.

Agenda & Registration:  Eventbrite

ISSA Security Leadership Academy
22nd May, London

Our ISSA Security Leadership Academy will kick off  on 22nd May at Grant Thornton, London with  four Business Skills Workshops for IT and Security Professionals with the intention of developing these first steps through to an Executive MBA for CISO’s and Security Leaders, delegates will receive a University certified ISSA Security Leadership Academy Certificate on successful completion of the programme:

They will cover the following topics:

1. Presenting Security (Credibly) to ‘C’ Level Executives  Communication & presentation skills for security leaders

2. Managing Teams and Group Dynamics – working effectively with technical and non technical staff

3. The Situational Leader in Security – Adaptability, choosing the right leadership style for the task in hand.

4. The Psychology of Enterprise Wide Security  – Developing a more mature security culture and awakening the organisation.

Full agenda & registration:  Eventbrite

International Board Election
Voting  Information 

The election of the International Board will be held online between June 1 and 30. Members will elect the President and five directors to lead the association for the next two years.

All members should visit www.issa.org to review and update their profiles by May 1. Memberships scheduled to lapse need to be renewed by May 31.

Unique voter credentials for the election will be sent to active General, CISO Executive, Lifetime and assigned Corporate, and Government Organizational members in good standing who have a current email address in their membership profiles.

Questions regarding membership status or the election should be directed to member@issa.org.

Senior, Fellow & Distinguished Fellow Nominations

Applications for Senior Member and your nominations for Fellow and Distinguished Fellow are now open again. The Fellow Program recognises sustained membership, volunteer leadership, and contributions to the profession. If you qualify then please submit an application as not only only are you gaining personal recognition but you’re also demonstrating the strength of the UK chapter.

Application forms are available on the International website and then should be sent to Andrew Cunnington, VP, Member Development for endorsement:  (andrew.cunnington@issa-uk.org)

April 2012 Newsletter

Message From the President

Dear Members,

I hope you are enjoying our programme of 2012 events so far.

In March we held our first meeting of the year and AGM at Grant Thornton’s offices in London, and had very good feedback.  Please do keep this coming as your opinions genuinely do help us put together better events.  Last week we ran the same theme at our regional event in Glasgow and this is an area we very much need help with.  Do you know an information security professionals in the area that we could or should be inviting along?  As the UK Chapter it is important that we meet the needs of security professionals all over the country, and not just in London.

In April, we have our inaugural networking evening on Wednesday 25th during Infosec 2012.

You may have noticed we have launched a series of Security Leadership workshops in this year’s programme.  This is to help aspiring CISOs get to grips with the challenges and operational procedures they will face in taking up senior positions within the industry.  Do let us know if you are interested, as places are limited.

Best wishes,

Tim Holman
ISSA UK President

In this month’s Newsletter…

Continue reading

March 2012 Newsletter

Message From the Secretary

Dear Members,

Our 2012 programme kicks off in earnest next week on 7^th March in London with our first event of 2012 –  our Annual General Meeting for members and then main event -‘Avoidance, Evasion, Compliance’. Our first Scottish event takes place on 29^th March in Glasgow. March will also see the publication of the first in our series of guidance documents for ISSA 5173 – our security standard aimed at the SME community.

Since our last newsletter, there has been the publication of the EU’s new proposals for data protection regulations, as well as the UK Information Commissioner’s response to them. These new EU proposals aim to harmonise data protection rights for the EU’s data subjects, regardless of where the data subject lives in the EU.  They also recognise that, currently, EU member state’s national data protection regulators have different levels of enforcement powers and thus data protection rulings are applied in an inconsistent manner across the EU.

Certain key changes also recognise the prevalence and realities of cloud computing – data no longer simply resides in the country of the data subject, but across national geographies, and frequently outside the EU itself. Companies will now have to have standard contractual clauses to specify appropriate safeguards when transferring data to a data processor. The new regulations also require data processors to have adequate safeguards themselves in place, and potential fines for those processors that are negligent.

Two of the biggest changes though which have been making the headlines though  is the power to fine organisations for data breaches for up to 2% of annual turnover; and the imposition of mandatory breach reporting to the regulator within 24 hours of a breach taking place, as well as notifying data subjects. These changes have certainly attracted a lot of debate, and will change the way companies view data protection.

The initial response from the UK’s Information Commissioner, whilst welcoming the new EU proposals, has also highlighted a number of key areas which require further debate and consideration.  I am sure the debate will go on and, as with all legislation; the detail of the final form will be different from the initial proposals.  The debate is certainly raising the profile and awareness of data protection, which can only be a good thing!

Best wishes,

Phil Stewart
ISSA Secretary & Director, Communications

In this month’s Newsletter…

Continue reading

January 2012 Newsletter

Message From the President

Dear Members,

A belated Happy New Year, thank you all for your support over 2011 and wishing you a prosperous 2012.

The New Year brings fresh challenges, and one of the first alleged data breaches of the year was carried out by Saudi Arabian hacktivists.  One or two inevitable losses of personal data have hit the press and we eagerly await the announcement of upcoming EU data protection legislation, which I’m told might carry a minimum fine of 100,000 Euros for those that beligerently mis-handled their customer’s information.  I am a firm advocate of our own ICO’s approach, which, rather than waving a big stick, is about educating data controllers in the public and private sector.  So we are all wondering when the elephant and the iceberg will collide and what will remain!

The cloud brings with it fresh threats as more and more organisations put the integrity and availability of their data at risk.  I’m assuming they’re not too bothered about confidentiality by virtue of putting it in the cloud in the first place, but to have it there one day and disappear the next is a huge risk that often gets diluted with promises of a great price and service.

Law enforcement agencies have also been seizing shared parts of cloud infrastructure, the, illegal actions of one cloud consumer putting thousands of others offline.  The cloud is so great that even criminal organisations are reaping cost saving benefits, surely a testament to the ubiquity of cloud based solutions.

In this newsletter we have announced our schedule for 2012.  If you would like to help then please do get in touch – we are currently looking for an Events Co-ordinator and as always, fresh invigorating security speakers whom know their subject areas well.  If you do know of any speakers you would like to see at our events, please do let us know.  Likewise, any new security solution, way of doing things or technology – we would love to hear from you.

Best wishes,

Tim Holman
ISSA UK President

In this month’s Newsletter…

Continue reading

December 2011 Newsletter

Message From the President

Dear Members,

Thank you all for your support over the past year – I hope our events schedule has exceeded your expectations and you have enjoyed being a member of the UK’s largest independent association of security practitioners.


We announce Gabe Chomic and Les Fraser as winners of this year’s elections.  Les will continue in his role as VP Scottish Region and Gabe joins us as VP of Alliances.  Congratulations to you both.

This month we put together a successful Incident Response Planning workshop in Bristol and thank Adrian Wright for his assistance.  We also ran events in Leeds and Glasgow on Trends in Information Security and thank Les Fraser for his help.

I am looking forward to seeing you at our December events – we have a Social Networking event planned for December 8th, and our annual Microsoft Security Day planned for December 13th.

If you have enjoyed our events, do remember that you can invite a friend or colleague as part of our guest programme (first meeting free) – please feel free to distribute this link, as we continue our efforts to top Northern Virginia and become the largest ISSA Chapter in the world – https://www. issa.org/Join/Visit.html.

Following our December events, our schedule will start again on the 8th of March, with our first chapter meeting.  We will announce the full schedule along with new member benefits in January.

In the meantime, we are looking for a member in the South West area (Bristol /  South Wales) to assist with events in that region. If you do know of anybody or would like to help, please do get in touch.

Best regards,

Tim Holman
ISSA UK President

In this month’s Newsletter…

Check out our new-look on-line newsletter, which will better reflect changes to news, events and partner events as they happen, as well as integration with our news updates from Twitter and EventBrite (for ISSA events agenda and bookings).

Continue reading