IISF Calendar
Upcoming Events
2012 Events
IISF Chapter Meeting Thursday January 26th - 16:00 in Buswells Hotel, D2
Topic: Presentations from several members, associate members - What’s hot in Information Security in 2012, followed by an interactive panel session
Agenda:
16:00     Introduction by Chairman – Derek O Neil
16:05 Â Â Â Â Presentations from a number of Irelands leading IS professionals
16:50 Â Â Â Â Break for Tea / Coffee
17:05 Â Â Â Â Presentations continued followed by an interactive Q & A session
17:50 Â Â Â Â Wrap-Up & close out of workshop
18:00     Close & informal networking in Buswell’s Bar
Presentation topics : An overview of emerging threats and technologies presented by Ireland’s leading Information Security experts including:
:BH Consulting, Asavie, BCC Risk Advisory, Espion, Deloitte, Ernst & Young, Zinopy, RITS .
Past Events
2011 Events
IISF Chapter Meeting Thursday May 12th - 16:15 in Buswells Hotel, D2
Topic: IISF Chapter Meeting. Presentation on the Cloud and Privacy followed by Annual Table Quiz.
Agenda:
16:15 Â Â Â Â Tea/Coffee
16:25     Introduction by Chairman – Brian Cooke
16:30 Â Â Â Â Presentation : Privacy and The Cloud - Pearse Ryan from Arthur Cox
17:15 Â Â Â Â Interactive Q & A workshop
17:45 Â Â Â Â Wrap-Up & close out of workshop
17:50 Â Â Â Â Close & informal networking
18:30 Â Â Â Â IISF Annual Table Quiz - hosted Valerie Lyons
Following the Cloud Computing presentation we will hold our annual social event, the now legendary IISF Table Quiz - 2011hosted by Valerie "Quiz Mizz" Lyons.
This is always a great night out, and bound to be well attended. If you've never been to one of our Table Quiz nights before, you are in for an absolute treat.
For IISF Table Quiz veterans, I'm told Valerie has prepared the most fiendish set of questions ever, so make sure to book your place early! Just send an email to secretary@iisf.ie
IISF Chapter Meeting Thursday March 10th - 16:00 in Buswells Hotel, D2
Topic: DLP / Data Loss Prevention / Information Leakage
Agenda:
16:00     Introduction by Chairman – Brian Cooke
16:05 Â Â Â Â A business focus on DLP / Information Leakage (Real World) - Presented by Patricia O'Gara of Ernst & Young
16:50 Â Â Â Â Break for Tea / Coffee
17:05 Â Â Â Â Interactive Q & A workshop - led by Brian Cooke
17:50 Â Â Â Â Wrap-Up & close out of workshop
18:00     Close & informal networking in Buswell’s Bar
Presentation topic : Data leakage is often seen as a technology issue with technology solutions, however the people and process controls are vital to the success of a DLP programme;
Patricia O'Gara will present on the governance and process elements of DLP programmes based on recent experience in a large European financial services client.
Speaker Bio: Patricia O'Gara
Patricia is a  Manager in Ernst & Young's Advisory Services group within the EMEIA Financial Services Office. She has extensive experience in developing strategic information security improvement programmes in the areas of data loss prevention, data protection and information security governance. She holds the CISSP, CISA and Data Protection Practitioner certifications.
The stated aim for the March 10th Chapter Meeting is to develop a DLP framework that we can share with the IISF Members.
This is likely to reference Data Classification (Public, Confidential, Highly Restricted etc. etc) and also take into account the various DLP channels (Web, eMail, USB, SmartPhones, 3rd Parties / Vendors, Laptops etc. etc).  Aspects such as monitoring, restricting & reporting will also be included. The goal will be to help IISF members avoid jumping headfirst into a technology driven solution, without understanding what DLP “looks like” first, and what are the various aspects that must be considered for any solution to be a success.
Building on the E&Y presentation, the workshop will tease out what aspects of DLP are of most interest to the attendant members, and tailor the bare bones / framework to make sure these are considered & covered in some detail.
IISF Chapter Meeting Thursday January 27th - 16:00 in Buswells Hotel, D2
What’s hot in Information Security in 2011 -  An overview of emerging threats and technologies presented by Ireland’s leading Information Security experts
Brian Honan - BH Consulting:
• Improving Layer 8 Security
• Changes in Incident Response
• Changing Malware attack vectors
• Consumer Tech
• Compliance & Privacy concerns
Eoin Keary - Ernst & Young:
• Advanced persistent threats
• Zero day defence
• Software security food chain
Stephen O'Boyle - Espion:
• Information Leakage
• Mobile device management and security
• Make Do and Mend – “An approach to maximise existing technology use to serve the business better”
Leonard McCauliffe - Deloitte:
• Topics to be confirmed.
Conor Flynn - RITS:
• Incident Response challenges.
• Wikileaks + Data LeakageÂ
• Social MediaÂ
• Doing more with less (people & resource)
• Mobile devices and data /Mobile Platform ManagementÂ
• Cloud based apps and data location issuesÂ
Venue : The Georgian Suite, Buswells Hotel, D2
Time  : Thursday January 27th 2011 - Starting at 16:00 - Please note the later start time of 16:00
Topic  : What’s hot in Information Security in 2011 -  An overview of emerging threats and technologies presented by Ireland’s leading Information Security experts
We held a similar session last year, in which the associate & consultant IISF members gave their predictions on key information security business issues, technologies and risks for the year ahead.
Feedback last time was very positive, and we will be aiming to repeat that success by combining the expert sessions with an interactive Q & A session open to all IISF members.
We will also be using this session to inform the "Hot Topics" list for 2011, which will drive the agenda and topics of interest for our Chapter Meetings during the year.
Output from this session will help identify and rank the Information Security concerns for all IISF members, and then use the various Chapter Meetings in 2011 to tackle those topics of greatest interest, so make sure to get your spoke in.
Agenda:
16:00 Â Â Â Â Introduction by Chairman
16:05 Â Â Â Â Treasurer's report (carried over from December Chapter Meeting and AGM)
16:10     Brief reminder of the “What’s Hot for 2010” predictions
16:10     What’s Hot for 2011 - An overview of emerging threats and technologies presented by Ireland’s leading Information Security experts
17:00 Â Â Â Â Break for light refreshments
17:10 Â Â Â Â Q & A session on emerging threats and technologies, from the Enterprise perspective - open to all members.
17:50 Â Â Â Â AOB
18:00 Â Â Â Â Informal networking in Boswell's Bar
2010 Events
IISF AGM 2010 and December Chapter Meeting
Venue: The Georgian Suite, Buswells Hotel, D2
Time: Friday December 3rd 2010, starting at 12:30
12:30 : AGM
• Chairman’s remarks for the year
• Treasurer's report
• Charitable Donation
• Nominations & Election of 2011 IISF Committee
• AOB
13:00 Chapter Meeting
• Applications for membership to be considered (Bord Gais and Asavie).
• Decision on start times for 2011 Chapter Meetings. Several members have expressed a preference for the later start time of 16:00.
• The proposal is to host all 2011 meetings at this time. Decision will be made by show of hands on the day.
• In lieu of a presentation – the IISF will host a review of the “Predictions for 2010” as made at the January 2010 Chapter Meeting.
• We will be comparing the predictions made against the members view of 2010, in a light hearted manner.
• We will also consider Information Security related events of 2010 which may not have featured on the prediction list at all.
• This session will be by way of closing out 2010, and will not feature detailed predictions for 2011, which is likely to form part of the January 2011 Chapter Meeting.
Followed by IISF Christmas Lunch – Fallon & Byrne
• Places for the much sought after lunch are limited this year, so early booking is essential to avoid disappointment.
November Chapter Meeting November 4th 2010 in Georgian Suite, Buswells Hotel, Mollesworth St, Dublin 2.
This Chapter meeting will focus on Smart Phones & Mobile Devices, which was one of the most popular "Hot Topic" areas highlighted by the IISF members at the start of the year.
The format of the meeting will be a series of short presentations from industry experts on each of the major mobile platforms, followed by Threats / Vulnerabilities and Recommended Controls workshops; the aim of the workshops is to produce output that will inform and support the IISF member organisations in creating Standards & Policies positioned to deal effectively with the Smart Phone & Mobile Device landscape, from an Information Security perspective.
September Chapter Meeting Thursday 30th 2010 in Georgian Suite, Buswells Hotel, Mollesworth St, Dublin 2.
An overview of Data Loss Prevention, followed by
Experience of a real-life implementation of Data Loss Prevention technology
2:00 - Introduction by Chairman
2:05 - Presentation : “An overview of Data Loss Prevention” - Leonard McCauliffe (Deloitte)
• Setting the scene for DLP
• Developments in DLP technology
• Q & A
3:00 - Coffee
3:20 – Presentation : "Experience of a real-life implementation of DLP” – David Cahill (EBS)
• A real-life implementation … including the “speed bumps”
• Q & A
4:00 - Close of Meeting
4:05 - Traditional networking in Buswells Bar
May Chapter Meeting Thursday 27th May. The Ginger Man Pub
· 4:00pm Presentation – Social Networking opportunities and risks, Derek O'Neill AIB
· 5:15pm Food & networking
· 6:30pm IISF Table Quiz (Teams of four per table).
April Chapter Meeting: Cybercrime, Cybercriminal gangs and the Law.
Speakers:
• Robert McArdle from Trend Micro will explore the current threat landscape in terms of how cyber criminals operate and the response of the law enforcement agencies.
• TJ McIntyre from UCD will then discuss what legal remedies are available to law enforcement agencies when investigating cybercrime, and will consider how effective those remedies are.
February Chapter Meeting: "Practical advice and techniques for improving Application Security"
An overview of Web Application Security threats and technologies presented by OWASP.
· Introduction to OWASP and OWASP Top Ten
· Demonstration video of typical web based attacks with high level explanation
· Live SQL injection demo using WebGoat & WebScarab
· Live Cross Site Scripting demo using WebGoat & WebScarab
· Application Security: "The problems we are faced with"
· The Application Security Verification Standard
· SDLC & Security Assurance Maturity Model
· Code Review versus traditional Runtime Testing.
Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Thursday February 28th 2010 at 2.00PM
January Chapter Meeting: “What’s hot in Information Security in 2010”
An overview of emerging threats and technologies presented by Ireland’s leading Information Security experts including
Rits
BH Consulting
Grant Thornton
Espion
Deloitte
Ernst & Young
PWC
Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Thursday January 28th 2010 at 2.00PM
2009 Events
December Chapter Meeting & AGM
Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Friday December 4th 2009 at 12.00PM
Followed by Christmas Lunch @ 2.30pm
September Chapter Meeting
Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Thursday 24th September 2009 at 3.00PM
3:00pm - Introduction by Chairman
The Chairman Martin Kerrigan welcomed members to the meeting.
Martin noted that the IISF was particularly pleased to have two high calibre presenters at today's Chapter meeting and introduced the first speaker.
3:10pm - Topic: 'Challenges and Solutions for Internet commerce'
Michael Hofmeyr of Deloitte and Touche gave a very
comprehensive overview of the threat landscape facing Internet transactions.
Using Deloitte's "attack tree" methodology, Michael discussed some
of the threats and possible mitigations, and mentioned some of technology
solutions such as Sitekey and Trust Defender.
Speaker Bio:
Michael is a Senior Manager in the Enterprise Risk Services (ERS) division of
Deloitte & Touche in Dublin with 10 years consulting experience in
security and privacy services. Michael's areas of expertise are: security
management and governance; information security architecture and metrics;
security Infrastructure design; penetration testing and web application
security assessments; threat modelling, risk analysis; and security related
training.
4:00pm - Coffee
4:15pm - Topic 'Risk Management and Information Security in a downturn'
Martin introduced the second speaker, French Caldwell of
Gartner Research. Combining anecdotes and words of wisdom from his time as a
US nuclear submarine officer French spoke about the utilising effective Risk
Management and Risk Assessment techniques and the requirement to communicate
risks in terms of business impact.
Speaker Bio:
French Caldwell is a vice president in Gartner Research, where he leads
governance, risk and compliance research. He also writes and presents on
knowledge management. His research includes analysis of the impact regulatory
developments on IT, compliance technologies, corporate governance, risk
management and knowledge management. Prior to joining Gartner, Mr. Caldwell
was the director of knowledge services in a global consulting practice, where
he worked with strategic clients, including the Central Intelligence Agency
and the Department of Defense. Mr. Caldwell completed a career as a nuclear
submarine officer, and he has directed special congressional projects for the
Secretary of the Navy and the Secretary of Defense.
5:30pm - Close of Meeting
Martin expressed the appreciation of the IISF to both speakers for the taking the time to present to the Chapter and share their knowledge.
May Chapter Meeting / Social Event
Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Thursday 28th May 2009 at 5.00PM
5:00 Introduction by Chairman
Martin Kerrigan welcomed members to the final Chapter meeting before the summer break.
5:10 IISF Member Survey results
Martin thanked members for their participation and outlined some of the highlights including topics of interest, format and timing of meetings. The survey results will be summarized and shared with the membership. Martin thanked Brian Honan for creating the survey. Finally, he drew two winners from among the respondents. John Geary and Dermot O’Brien were rewarded with €50 vouchers.
5:20 UCD
Martin welcomed Pavel Gladyshev and Andy Harbison who introduced the new Graduate Diploma and MSc in Digital Investigation. This is a programme which includes much of the material from the similar law enforcement only course, however it is aimed at information technology specialists who need to acquire skills for investigation of computer-related incidents. It introduces the concepts, principles, and professional practice in digital investigation. The programme is delivered in cooperation with the leading Irish experts in the field. See http://www.csi.ucd.ie/content/gdip-msc-digital-investigation for further information.
6:00 Table Quiz
After some refreshments, six tables formed and settled down to test their collective knowledge. Bravely battling an injured leg (as well as brisk arguments about the answers!), Valerie Lyons reprised her role as Quiz Mizz for the 2009 table quiz with a twist, including one round of CISSP type questions. Participation was lively and the quiz thoroughly enjoyed by all. At the end of six rounds there was a tie-break and congratulations to Harry Buckley, John Geary and Michael Brophy who were the eventual winners. Many thanks to both Espion and Grant Thornton who supplied the prizes.
April Chapter Meeting
Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Thursday 30th April 2009 at 2.00PM
2:00 Introduction by Chairman
Martin Kerrigan welcomed members to the April Chapter meeting. He began the meeting by announcing the launch of the IISF Members' Survey. Martin explained that the purpose of this short survey is to help the IISF committee understand how the Forum can best respond to the needs of all its members, and what members' preferences are in terms of the content, format, timing etc of meetings.
The IISF website has been revamped recently and content is being added all the time. Members are encouraged to visit the site periodically.
The following companies are accepted for membership of the IISF;
· Certification Europe Associate)
· Ernst & Young (Associate)
· Microsoft (Associate)
· Irish Credit Bureau (Full)
· Davy Stockbrokers (Full)
· National Treasury Management Agency (Full)
· SM Consulting (Associate)
· FBD Insurance (Full)
· Kerry Group (Full)
Finally, Martin passed on condolences of all the members to committee member Noel Comerford on a recent family bereavement.
2:15 - Interactive Workshop – ‘The Enemy Within’
Following the Chapter meeting business, the attendees broke into groups for the workshop. Many experts agree that the risk from insider attacks is increasing, and recent reports indicate that 30% of attacks to information systems are conducted by internal staff with a further 20% perpetrated by trusted business partners.
The workshop was facilitated by Martina Costelloe, Martin and Orlagh Lynch. This was a lively session and obviously a topic of keen interest to the attendees.
Output from the workshop has been documented and it is intended to publish this on the IISF website*, as a framework that members can take into their own organisations to help in addressing this risk. In addition, the proceedings (in conjunction with the results of the planned member needs survey) will inform the Forum workplan and content for the Autumn schedule of meetings.
* This document is now available for download as a PDF file
4:45 Close of Meeting
Martin thanked all members for their contribution and all were rewarded with the traditional IISF networking in Buswells bar.
March Chapter Meeting
Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Thursday 26th March 2009 at 2.00PM
2:00 Introduction by Chairman
2:15 Presentation – The journey towards ISO27001 accreditation - Declan Murray, National Lottery
The ISO 27000 set of standards provide generally accepted
good practice guidance on Information Security Management Systems designed to
protect the confidentiality, integrity and availability of the
information content and information systems on which we all depend.
ISO 27001 specifies a set of requirements for the establishment,
implementation, monitoring and review, maintenance and improvement of an
ISMS, which is a management system (a framework of policies, procedures,
physical, legal and technical security controls forming part of the
organisation’s overall risk management processes) aimed at managing information
security risks.
The presentation will outline:
· the reasons why the National Lottery implemented an ISMS compliant with ISO27001
· how certification was achieved
· the key issues
· the lessons learned
Speaker Bio:
Declan Murray joined the National Lottery as Systems Analyst during the first year of operation after its launch in March 1987. In his capacity as Security Executive since the mid-nineties, he has been involved in all aspects of Lottery Security, physical security, game and ticket security, Draw and TV Game Show Security and information security. In the last year he has fulfilled the role of Project Manager – Accreditation and Compliance, with responsibility for certification to ISO 9001, World Lottery Association Security Control Standards including ISO 27001, Data Protection and National Lottery Operating Licence Compliance.
3:00 Coffee
3:15 Presentation – Data protection practices as implemented by EBS to date – David Cahill EBS
Speaker Bio:
David Cahill is the Information Security Officer within
EBS Building Society. As part of this role he consults with all EBS
departments on the security aspects of their business activities, including
advising on the analysis and design of the EBS email & web security
infrastructure. David was heavily involved with the planning and
implementation of the network end point control solution.
David is a BSc Computer Science & Software Engineering, MSc Electronic
Commerce, Dip Project Management. His is also a CISSP and CISA.
4:00 Close of Meeting
4:05 Traditional networking in Buswells Bar
January Chapter Meeting Topic – Information Security: Can the 'good guys' win?
Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Wednesday 28th January 2009 at 3.00PM
3:00 Introduction by Chairman
3:05 Presentation – Professor Fred Piper - Information Security: Can the 'good guys' win?
Abstract:
We will begin the talk by looking back at some of the historical development of Information Security and look at what influenced some of the most significant changes.
We will then assess where we are now and end by having an interactive discussion about where we may be going.
Speaker Bio:
Professor Fred Piper, BSc, PhD (London), ARCS, DIC, CEng, CMath, FIEE, FIMA, BCS, CISSP, CISM, Director of External Relations, Information Security Group.
Fred Piper was appointed Professor of Mathematics at the University of London in 1975 and has worked in information security since 1979. In 1985, he formed a company, Codes & Ciphers Ltd, which offers consultancy advice in all aspects of information security. He has acted as a consultant to over 80 companies including a number of financial institutions and major industrial companies in the UK, Europe, Asia, Australia, South Africa and the USA. The consultancy work has been varied and has included algorithm design and analysis, work on EFTPOS and ATM networks, data systems, security audits, risk analysis and the formulation of security policies. He has lectured worldwide on information security, both academically and commercially, has published more than 100 papers and is joint author of Cipher Systems (1982), one of the first books to be published on the subject of protection of communications, Secure Speech Communications (1985), Digital Signatures - Security & Controls (1999) and Cryptography: A Very Short Introduction (2002).
Fred has been a member of a number of UK Department of Trade and Industry advisory groups. He has also served on a number of Foresight Crime Prevention Panels and task forces concerned with fraud control, security and privacy. He is currently a member of the Scientific Council of the Smith Institute, the Board of Trustees for Bletchley Park and the Board of the Institute of Information Security professionals. He is also a member of (ISC)2’s European Advisory Board, the steering group of the DTI’s Cyber Security KTN, ISSA’s advisory panel and the BCS’s Information Security Forum.
In 2002, he was awarded an IMA Gold Medal for “services to mathematics” and received an honorary CISSP for “leadership in Information Security”. In 2003, Fred received an honorary CISM for “globally recognised leadership” and “contribution to the Information Security Profession”. In 2005 he was elected to the ISSA Hall of Fame.
4:15 Q & A Session
All are invited to take this opportunity to pose questions to Professor Piper.
5:00 Close of Meeting and traditional networking in Buswells Bar
2008 Events
05/12 Buswells Hotel
Chris Taylor - Senior Forensics Consultant, Espion Ltd.
"Taking forensic evidence to court - a case study on presenting
technical findings effectively in court"
02/10 The Vaults in IFSC
Unauthorised Use of Applications in the Workplace - a case study from AIB (Speaker Derek O'Neill AIB) Towards Assurance: Moving beyond Tools and Tactics (Speaker Andrew S. Townley)
22/05 MV CillAirne, Spencer Dock
Guest speaker - David Prendergast Group Information
Security Standards, Training and Awareness AIB CISSP CISM CISMP
IISF Table Quiz
09/04 The Morgan Hotel, Temple Bar.
Presentation by Dr. Eric Cole on Preventing and Detecting Employees and Contractors from Stealing Corporate Data
13/03 D4 Hotel (Old Jury's Hotel) in Ballsbridge
Presentation - Generation Y and IT Security: 'Same Same,
but Different'?
Bob Semple, PricewaterhouseCoopers
07/02 Four Seasons Hotel, Ballsbridge
Andy Harbison, Deloitte: 'Responding to E-Discovery
requests'
Michael Coady, CA :'How to identify key business/financial benefits of
Identity & Access Management'
05/12/08 - Buswells Hotel, Molesworth Street
The AGM and meeting venue will be Buswells Hotel in Molesworth Street, and our lunch will be in George's Restaurant & Wine Bar on South Frederick Street. Start time will be 1pm in Buswells Hotel, and we are booked for lunch at 3.30pm.
Our guest speaker will be Chris Taylor of Espion and I give a brief synopsis below:
Chris Taylor - Senior Forensics Consultant, Espion Ltd.
"Taking forensic evidence to court - a case study on presenting
technical findings effectively in court" The latest in tools and
techniques are undoubtedly essential to gathering the facts in a case - but
this is only one step in the process. A successful case hinges on accurate
and compelling evidence and how it is presented in a structured meaningful
way in court. This presentation will detail a recent case in the Old Bailey
(Operation Wanderer - an investigation that led to the successful prosecution
of seven ultra right wing criminals) to illustrate how highly technical
evidence - critical to the prosecution's - case was prepared for jury
presentation. The successful outcome makes this presentation of interest to
anyone facing the challenges of presenting forensic evidence in a court
environment.
02/10/08 -The Vaults in the IFSC
2.15-3.00 pm Unauthorised Use of Applications in the
Workplace - a case study from AIB (Speaker Derek O'Neill AIB)
A routine & automated desktop scan in AIB found evidence of a popular
software application on some desktops. This scan showed that the
application existed, but couldn't determine if the application was being
actively used. Although the application is blocked within the company - as a
'triangulation' exercise, an investigation took place into possible traffic
relating to this application over the internal LAN. This presentation covers
the methods and findings of the investigation and poses some serious
questions about the use of unauthorised applications in our workplace.
About the speaker:
Derek O'Neill works for AIB. Previously he has worked for
Microsoft and Gateway 2000. He's held support & developer roles for
Client/Server / eMail / IT Research / Intranet / Midrange and Internet. He
led the team working AIBs Internet Infrastructure refresh, and has been the
SME on content switch / firewall / proxy / and eMail chains. His significant
focus has always been Information Security, and he joined the Information
Security team in AIB in August 07. He's currently studying for the SSCP exam
and will sit it on November 15th.
3:00-3:15pm break for tea/coffee
3.15-4.00 pm Towards Assurance: Moving beyond Tools and Tactics (Speaker
Andrew S. Townley)
Information assurance is about managing risks. It establishes the
"what", "why" and "how much" of your
information security programme, and leaves the tools, tactics and techniques
- the "how" - to be determined by the information security practitioners.
With today's increasing focus on privacy, data protection, business
continuity, disaster recovery and identity management, it is no longer
sufficient to focus on ways to provide these things to your organisation. The
focus must be on how these issues affect, influence, constrain and enable
your organisation. This presentation will help Information Assurance and
Security Managers answer the following questions:
What is Information Assurance, and how does it relate to our organisations’
vision/strategic objectives? What is the relationship between security
strategy & governance and technology strategy & governance? How can
we integrate Information Assurance into an organisation's daily operations?
About the Speaker:
Andrew S. Townley is the Founder and Managing Director of Archistry Limited, a professional services firm dedicated to helping clients more effectively manage, use and secure ICT to deliver their corporate performance goals. He is an international speaker and author of several papers and articles on Enterprise Architecture, SOA and Information Assurance. Andrew has extensive experience in the Mobile & Wireless Telecommunications, Public Sector, Financial Services and Software industries and has worked with top-tier professional services firms including BearingPoint and Deloitte in delivering multi-million Euro projects. Andrew is an active member of the SOA, Security and Knowledge Management communities, including holding the CISSP security certification and regularly speaking on these topics at conferences such as COSAC, worldwide OASIS events, InfoSeCon, InfoSecWeek and the SOA for E-Government conference hosted by the U.S. Federal SOA Community of Practice.
22/05/08 - IISF Meeting Notice and Agenda
Venue: MV CillAirne, Spencer Dock.
Date & Time: Thursday 22nd May 2008 at 4.30pm
Agenda
4.30pm Welcome and introduction by IISF chairman Jim
Smith
4.40pm Guest speaker - David Prendergast Group Information Security
Standards, Training and Awareness AIB CISSP CISM CISMP
Dave hails from the North East of England having grown up in Washington CD
(that's County Durham to the un-initiated). He joined AIB as their Group
Information Security Standards, Training & Awareness Manager in October
2006 having previously worked for IBM in Ireland and the UK.
Dave has over 20 years in IT and over 10 years in IT Security specifically,
working in variety of large companies covering global manufacturing, health
service and local government. This presentation is Dave's view of how we need
to use marketing tactics and ideas to help us sell the Information Security
message to our audience.
5.30pm End of meeting
6.00pm IISF Table Quiz
09/04/08 - IISF Meeting Agenda
Venue: The Morgan Hotel, Temple Bar.
Date & Time: Wednesday 9th April 2008 at 6.30pm
Agenda
6.30pm Tea/Coffee
7.00pm Welcome and introduction by IISF chairman Jim Smith
7.05pm Presentation by Dr. Eric Cole on Preventing and Detecting Employees
and Contractors from Stealing Corporate Data
Organisations tend to think that once they hire an employee or a contractor,
that person is now part of a trusted group. Although an organisation might
give an employee additional access that an ordinary person would not have,
why should it trust that person? If competitors or similar entities want to
cause damage to an organisation, steal critical secrets, or put the
organisation out of business, they just have to find a job opportunity, prep
someone to 'ace' the interview, and have that person get hired. Depending on
your adversary's objectives and patience, you may never know you've been
compromised until it is too late.
So how do we detect that an organisations 'trusted' personnel are not acting
in the best interests of the organisation? - Dr. Eric Cole outlines the
various mechanisms that are available to an organisation to prevent and
detect such 'insider' incidents.
About the speaker
Dr. Eric Cole is currently chief scientist for Lockheed Martin Information Technology (LMIT), specializing in advanced technology research. Eric is a highly sought-after network security consultant and speaker. Eric has consulted for international banks and Fortune 500 companies. He also has advised Venture Capitalist Firms on what start-ups should be funded. He has in-depth knowledge of network security and has come up with creative ways to secure his clients' assets. He is the author of several books, including Hackers Beware: Defending Your Network from the Wiley Hacker, Hiding in Plain Sight, and the Network Security Bible. Eric holds several patents and has written numerous magazine and journal articles. Eric worked for the CIA for more than seven years and has created several successful network security practices. Eric is an invited keynote speaker at government and international conferences and has appeared in interviews on CBS News, "60 Minutes," and CNN. Dr. Cole's most recent book Insider Threat reminds us that insiders - trusted employees and contractors - can do more damage more quickly to an organization than any outside hacker.
13/03/08 - March Chapter Meeting Topic
Generation Y and IT Security: 'Same Same, but Different'?
Venue: D4 Hotel (Old Jury's Hotel) in Ballsbridge
Date & Time: Thursday 13th March 2008 at 2.30PM
2:30 Introduction by Chairman
2:35 Presentation - Generation Y and IT Security: 'Same Same, but Different'?
Bob Semple, PricewaterhouseCoopers
"Although they are better educated, more techno-savvy, and quicker to
adapt than those who come before them, they refuse to blindly conform to traditional
standards and time-honoured institutions. Instead, they boldly ask,
"Why?"
Eric Chester from "Employing Generation Why?"
Generation Y (born between 1977 and 1994) makes up over 70 million in the US.
They are already having a huge social and economic impact: diversity,
independence and an attitude of entitlement are among the most striking
characteristics. The key questions for IT Security practitioners are:
how relevant is Gen Y to Ireland? What difference if any will Gen Y make to
the everyday practice of security? What do we need to do differently to
maintain high levels of protection for the organisations we serve?
In this talk, Bob Semple will explore just what makes Gen Y so special. He will identify a number of areas that could prove particularly troublesome and then outline an approach that security practitioners might like to adopt to address these new challenges.
Bob Semple is a partner in the Risk Management Services department of PricewaterhouseCoopers. He has over 30 years' professional experience providing a range of advisory and assurance services to clients.
Over the years Bob has specialised in auditing, IT
security, forensic investigation and, more recently, corporate governance and
risk management. His clients include major government departments,
major PLCs, state companies and private companies across many industries. Bob
has lectured widely on risk, control and security issues and is the author of
several reports and books on these subjects.
3:30 Coffee
4:00 Presentation - Details to follow Hugh Callaghan, Ernst & Young
4:30 Close of Meeting
07/02/08 - IISF Meeting Notification and Agenda
Venue: Four Seasons Hotel, Ballsbridge.
Date & Time: Thursday 7th February 2008 at 11.00AM
10.45 End of CA/Deloitte Breakfast session followed by tea/coffee
11.00 IISF February meeting commences, with an Introduction by IISF Chairman
11:05 Andy Harbison, Deloitte:
'Responding to E-Discovery requests'
Andrew Harbison leads the IT Forensics and Litigation Support practice at
Deloitte, Dublin. He has provided support to companies and litigators
in over 200 cases. He has written extensively on IT Forensics, Computer Fraud
and Incident Management, and is a co-author of the Law Society's Practice
Guides in Computer Fraud and Electronic Discovery. He has advised many
of Ireland's largest financial services firms on information security
incident response planning.
11.40 Michael Coady, CA :
'How to identify key business/financial benefits of Identity & Access
Management'
Michael Coady is a Global Vice President with CA Inc. He has led several
Forensic/Security investigations both in the public and private sector.
He has developed an enterprise security methodology and using this
methodology, has managed the implementation of Identity and Access Management
technologies within large corporations. He is a renowned National Speaker for
Privacy and Security as it relates to HIPAA, GLBA and SOX compliance. He has
managed over 60+ Health Insurance Portability and Accountability Act (HIPAA),
EU Privacy Directive (EUPD), Gramm-Leach-Bliley Act (GLBA), Sarbanes Oxley
(SOX) engagements nationwide for clients in the public and private sector.
12.30 Networking and finger-buffet lunch in Four Seasons hotel
Questions or problems regarding this web site should be directed to secretary@iisf.ie.
Copyright ©
IISF. All rights reserved.
Last modified: