ISACA New England

Home Chapter Events Certifications Career Ads Links News Contact Us

All Upcoming Events

Seminars

Breakfast Meetings

CISM/CISA Reviews

Board Meetings

Past Events

ISACA International Events

Event Cancellation
Policy

Refund
Policy

Topic:	“The 2010 Maine Event”
Type:	Seminar
Date:	Thursday, May 20, 2010
Time:	9:00AM to 4:00PM - Registration/breakfast begins at 8:00AM
Price:	ISACA Members: $75; Non-members: $100; Students: $20 (Student ID & Proof of Full Time Status is required at check-in)
CPE's:	6
Registration Deadline:	May 16, 2010
Location:	University of Southern Maine - Abromson Center 88 Bedford Street Portland, ME 04101
Description:	ISACA New England is proud to present a full day seminar on a variety of IT Audit and Security Sessions. The conference will include both a light breakfast and lunch. Topics to include: Keynote Presentation (9:00-10:15AM): “Selecting and Applying GRC Frameworks and Standards” * Presented by John Morency, Gartner Research GRC standards and control frameworks are useful to guide IT risk and security management programs, but not all are applicable and not all are practical. Which standards are most appropriate to align with IT risk management and compliance programs, and what tools are there to support their implementation? These and related topics, such as COBIT 5.0, will be discussed along with practical recommendations for both planning and implementation. Session 1A (10:30-11:45AM): “Real Business Threats for SMBs - Don’t be a Hacker’s Unsuspecting Target” * Presented by Gary Mullen, Kaspersky Lab It’s not news that threats are growing across the IT security landscape. Today’s malware imposes significant business risks due to the highly organized nature of attacks – applications, web sites and social networks are all subject to attacks and vulnerabilities. Hackers are highly organized professionals with vast networks who are able to precisely target an unsuspecting victim, including many small businesses and their employees. Users may not even realize his/her machine has been compromised for days, weeks or even months due to the nature of these attacks. During this presentation, Gary Mullen will examine what this means for business owners and what IT managers need to look for to stay on top of these threats. Session 1B (10:30-11:45AM): “Web Application Security Introduction to OWASP Top 10” * Presented by Martin Dolphin, RBSCitizens As more legacy applications move from standalone client application to web based applications many benefits are realized such as version control, support for more systems, and reduced cost to deploy. On the flipside, poor coding and new attack vectors have unleashed security holes that have allowed exposure of sensitive information such as credit card information and patient records. This session aims to introduce the OWASP top ten risk for Web Application security. Attendees will leave the session with an understanding of top issues with respect to Web applications, examples of the business impact from these issues, and questions and tools to help assess the security focus of the development group. Lunch (11:45AM-1:00PM): Provided by ISACA New England Session 2A (1:00-2:15PM): “Internet Security: Threats, Trends and Actions for 2010” * Presented by Barb Armstrong, L.L. Bean Inc. We've seen a lot of news stories over the past few months on data breaches, attacks against governments, major companies, proliferation of malware and botnets, and privacy concerns sparking legislation across many levels. Names such as Aurora and Mariposa have been common topics in IS Security forums, as well as national news. New trends are emerging as the threats move from 'attack and grab' to 'infiltrate and harvest'. Is this a new wave of threat or an escalation of previous and known threats? What controls are needed going forward to counter these threats? This presentation presents a high-level look at what occurred, what we know (or think we know) from publicly disclosed information, and what the potential impacts could be from an IT security, controls and risk perspective. Specific topics will include headlines from Q1 2010 (what they are and their impacts), new technology Trends, and Impacts and Actions Session 2B (1:00-2:15PM): “Best Practices for Virtualization” * Presented by Lou Harle, Systems Engineering Moving from the physical server world to a virtual infrastructure requires adherence to industry best practices to ensure performance and security are optimal. What are these best practices and how do they differ from a physical environment? Session 3A (2:30-3:45PM): “Cloud Computing - Critical Areas of Focus to Manage Risk” * Presented by Thomas Witwicki, Assurance Point LLC For those organizations who want to leverage the economic benefits of the Cloud Computing service models, the task of managing information risk especially challenging. The fundamental nature of the hosting model is to abstract and hide from the view of the user the underlying infrastructure behind the service. This presentation will explore the information risk and security requirements of the three Cloud Computing service delivery models, SaaS, PaaS and IaaS, from various perspectives including Legal, Audit, Compliance, Information Lifecycle Management, Portability and Interoperability, Incident Response, Business Continuity, Operations, Encryption, Identity and Access Management. Session 3B (2:30-3:45PM): “Effectively Managing Security Risk” * Presented by Karl Klaessig, Q1 Labs Log Management and Security Information and Event Management (SIEM) solutions have become a trusted solution for network and security operators, to quickly detect and isolate security incidents and meet specific compliance requirements, as well as a growing number of regulatory mandates. Information and security professionals, tasked with keeping their organizations secure, are constantly challenged to improve their abilities to manage risk across an ever-growing spectrum of vulnerabilities and compliance mandates. A solution that successfully integrates risk management, SIEM, log management and network behavior analysis can provide organizations with a comprehensive network security solution, allowing them to get not only the forensics of the “during” and “after” an attack, but also enabling them to answer the “What if?”, minimizing the risk on their networks and their operations. Attendees will leave the session with an understanding of how an integrated SIEM and Risk Management solution leverages powerful network security management and simulation and visualization to enable organizations to move away from day-to-day security firefighting while minimizing risk of exploits. IT managers will be able to simulate threats against their data centers and networks; they will also be able to simulate the introduction of new applications, allowing them to see the impact of vulnerabilities that could arise before certain aspects of a network are changed.
Speaker:	*John Morency -* *Research Director,Disaster Recovery & Operations Continuity, Gartner Research* John Morency is Gartner’s lead analyst for worldwide disaster recovery and IT operations management research. Prior to joining Gartner, Mr. Morency was a Principal at Transitional Data Services (TDS). In addition to being a TDS co-founder, he also developed, delivered and managed the company’s Governance, Risk Management & Compliance (GRC) services, which included a broad set of both disaster recovery and business continuity service solutions. Mr. Morency has nearly thirty six years of software development, IT operations and IT consulting experience in the systems, applications and network management arena, including operations recovery, availability, performance, configuration, security and regulatory compliance management. He is a load balancing technology patent holder, a pioneer of IT Operations Cost of Ownership assessment methodologies, the author of over 480 IT industry publications and is a frequent presenter at Gartner conferences. Gary Mullen - Director, Field Marketing Americas, Kaspersky Lab Gary Mullen brings more than 20 years of technology service delivery, sales and marketing experience to Kaspersky. Gary leads Field Marketing efforts across the Americas and is responsible for enabling strategic partners to grow their business. Prior to joining Kaspersky, Gary served as Vice President of Managed Security Services at TruSecure, Inc., where he delivered high quality outsourced security services to a global client base. Prior to TruSecure, Gary served as Director of ENMS/OSS at Predictive Systems, Inc., Director of Consulting Services at Entex Information Systems, Inc., and Director of Network Technology at GE IT Solutions. Martin Dolphin - Information Security Specialist, RBSCitizens Martin Dolphin is currently an Information Security Specialist with RBSCitizens, assisting business lines to address security requirements as they deploy new applications and update existing technology. Prior to RBSCitizens, Mr. Dolphin was a senior manager at Ernst & Young LLP in the Information Technology Risk Management group. He has over 15 years of experience performing and managing a variety of security projects that range from Wireless audits, UNIX and Windows operating system audits, to web based architecture audits, application control assessments, security policy development, security awareness training and other special security projects for clients in a wide variety of industries. Mr. Dolphin is a Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Project Management Professional (PMP), and Certified in the Governance of Enterprise IT (CGEIT). Barb Armstrong - Information Security, L.L. Bean Barb Armstrong’s work experience includes roles as Sr. Systems Auditor, IS Security Manager, IS Compliance Manager and Sr. Security Analyst at L.L. Bean, Inc. After Graduate school, she also worked for a large accounting firm in the field of Information Technology and Financial audit. Today, tracking what is going on in the IT Risk area is critical to her responsibilities. In addition to IT Security responsibilities, she also serves as the IT Incident Coordinator. Barb holds a Masters of Science in Accountancy (MSA), specializing in Information Technology Audit. She is a Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM), as well as a Board Member of InfraGuard (Maine). Lou Harle - Senior Network Engineer & Product Development Lead, Systems Engineering Lou Harle has nineteen years of IT experience ranging from programming, IT Management, network engineering, systems analysis and system design. He maintains industry standard certifications from Microsoft, Citrix, VMWare, Double-Take and Cisco. Specializations include high-end VMWare Virtualization projects, highly available Double-Take implementations, storage area network implementations, and network assessment/design. Lou has been with Systems Engineering for 9 years and has been an integral member of the company; filling the role of Sr. Network Engineer, Team Leader, and Product Development Lead. Tom Witwicki – Principal, Assurance Point LLC Thomas Witwicki is founder and Principal of Assurance Point LLC, an organization dedicated to helping businesses manage information risk. Thomas has 25+ years experience in all aspects of Information Technology and is very passionate about information privacy issues. He is a fully accredited information security and privacy consultant who excels at working with senior management to help organizations implement strong security governance and achieve their security and compliance objectives. Prior to founding Assurance Point, Thomas led an enterprise information security program for Hannaford Bros. Co., a Fortune 500 publicly held company. He frequently speaks to groups on the subject of security and privacy and is an active member of IAPP, ISACA and ISSA. He is also a member of TechMaine and manages its INFOSEC User Group. Karl Klaessig - Senior Manager of Industry Marketing, Q1 Labs** Karl Klaessig is the Senior Manager of Industry Marketing at Q1 Labs, a global provider of high-value, cost-effective, security information and event management (SIEM) products. Karl has 15+ years experience in product and industry marketing and sales of network security and performance solutions. Prior to joining Q1 Labs, he has held product marketing and industry marketing roles at Arbor Networks, Netscout Systems, WatchGuard Technologies and other B2B technology solution providers.
Directions:	• From North of Gardiner in Maine: I-95 South to I-295 South via exit 103, then directions via I-295 below. • From North of Portland, South of Gardiner: I-95 South to I-295 South via exit 52. • From South of Portland: I-95 North to I-295 North via exit 44. NEXT - • From I-295: take exit 6B ( Forest Avenue North) in Portland. Off the exit, immediately move to the far left lane on Forest Avenue to prepare for a left turn at the first stoplight (intersection of Forest Avenue and Bedford Street). Turn left onto Bedford Street at the stoplight and continue underneath the USM Alumni Skywalk. Immediately after the Skywalk, turn left onto Surrenden Street and continue into the USM Parking Garage. • If approaching the campus from Brighton Avenue: follow Brighton Avenue towards downtown until it turns into Bedford Street. Turn right onto Surrenden Street immediately before the USM Alumni Skywalk, and continue into the USM Parking Garage. For more information, please visit: http://usm.maine.edu/conferences/abromson/directions.html

Questions?:	Send an email to maine_breakfast@isacane.org

Return to Events

______________________________________________________________

Cancellation Policy

ISACANE will make every effort to hold events at the times, dates and locations specified. However, ISACANE holds the right to cancel and/or change ISACANE event times, dates and locations under certain conditions. These conditions usually include, but are not limited to, inclement weather, event venue cancellation or rescheduling, speaker cancellation or rescheduling, and insufficient number of participants for the event. ISACANE holds the right to cancel the event for any reason up to and including the day of the event. In the event that ISACANE must cancel the event, you will be refunded your money in full.

In the event of predicted inclement weather, a decision will be made by 5pm on the prior day. If the event is cancelled, the notice will be posted on the website and an email will be sent to all registered participants. ISACA ® New England will attempt to reschedule the program\seminar if space allows.

Refund Policy

All Registrants are required to pay for a session. Full refunds will be given for a cancellation if a participant emails the Programs and Seminar committee of the cancellation two (2) weeks prior to the seminar date. A refund transaction fee will be charged. Canceled reservations after the deadline date will be billed.