IISF Calendar

Upcoming Events

April Chapter Meeting: Cybercrime, Cybercriminal gangs and the Law.

Speakers:

• Robert McArdle from Trend Micro will explore the current threat landscape in terms of how cyber criminals operate and the response of the law enforcement agencies.

• TJ McIntyre from UCD will then discuss what legal remedies are available to law enforcement agencies when investigating cybercrime, and will consider how effective those remedies are.

Past Events

2010 Events

February Chapter Meeting: "Practical advice and techniques for improving Application Security"

An overview of Web Application Security threats and technologies presented by OWASP.

· Introduction to OWASP and OWASP Top Ten

· Demonstration video of typical web based attacks with high level explanation

· Live SQL injection demo using WebGoat & WebScarab

· Live Cross Site Scripting demo using WebGoat & WebScarab

· Application Security: "The problems we are faced with"

· The Application Security Verification Standard

· SDLC & Security Assurance Maturity Model

· Code Review versus traditional Runtime Testing.

Venue: Buswells Hotel, Molesworth St., Dublin 2

Date & Time: Thursday February 28th 2010 at 2.00PM

January Chapter Meeting: “What’s hot in Information Security in 2010”

An overview of emerging threats and technologies presented by Ireland’s leading Information Security experts including

Rits

BH Consulting

Grant Thornton

Espion

Deloitte

Ernst & Young

PWC

Venue: Buswells Hotel, Molesworth St., Dublin 2

Date & Time: Thursday January 28th 2010 at 2.00PM

2009 Events

December Chapter Meeting & AGM

Venue: Buswells Hotel, Molesworth St., Dublin 2

Date & Time: Friday December 4th 2009 at 12.00PM

Followed by Christmas Lunch @ 2.30pm

September Chapter Meeting

Venue: Buswells Hotel, Molesworth St., Dublin 2

Date & Time: Thursday 24th September 2009 at 3.00PM

3:00pm - Introduction by Chairman

The Chairman Martin Kerrigan welcomed members to the meeting.

Martin noted that the IISF was particularly pleased to have two high calibre presenters at today's Chapter meeting and introduced the first speaker.

3:10pm - Topic: 'Challenges and Solutions for Internet commerce'

Michael Hofmeyr of Deloitte and Touche gave a very comprehensive overview of the threat landscape facing Internet transactions. Using Deloitte's "attack tree" methodology, Michael discussed some of the threats and possible mitigations, and mentioned some of technology solutions such as Sitekey and Trust Defender.
Speaker Bio:
Michael is a Senior Manager in the Enterprise Risk Services (ERS) division of Deloitte & Touche in Dublin with 10 years consulting experience in security and privacy services. Michael's areas of expertise are: security management and governance; information security architecture and metrics; security Infrastructure design; penetration testing and web application security assessments; threat modelling, risk analysis; and security related training.

4:00pm - Coffee

4:15pm - Topic 'Risk Management and Information Security in a downturn'

Martin introduced the second speaker, French Caldwell of Gartner Research. Combining anecdotes and words of wisdom from his time as a US nuclear submarine officer French spoke about the utilising effective Risk Management and Risk Assessment techniques and the requirement to communicate risks in terms of business impact.
Speaker Bio:
French Caldwell is a vice president in Gartner Research, where he leads governance, risk and compliance research. He also writes and presents on knowledge management. His research includes analysis of the impact regulatory developments on IT, compliance technologies, corporate governance, risk management and knowledge management. Prior to joining Gartner, Mr. Caldwell was the director of knowledge services in a global consulting practice, where he worked with strategic clients, including the Central Intelligence Agency and the Department of Defense. Mr. Caldwell completed a career as a nuclear submarine officer, and he has directed special congressional projects for the Secretary of the Navy and the Secretary of Defense.

5:30pm - Close of Meeting

Martin expressed the appreciation of the IISF to both speakers for the taking the time to present to the Chapter and share their knowledge.

May Chapter Meeting / Social Event

Venue: Buswells Hotel, Molesworth St., Dublin 2

Date & Time: Thursday 28th May 2009 at 5.00PM

5:00 Introduction by Chairman

Martin Kerrigan welcomed members to the final Chapter meeting before the summer break.

5:10 IISF Member Survey results

Martin thanked members for their participation and outlined some of the highlights including topics of interest, format and timing of meetings. The survey results will be summarized and shared with the membership. Martin thanked Brian Honan for creating the survey. Finally, he drew two winners from among the respondents. John Geary and Dermot O’Brien were rewarded with €50 vouchers.

5:20 UCD

Martin welcomed Pavel Gladyshev and Andy Harbison who introduced the new Graduate Diploma and MSc in Digital Investigation. This is a programme which includes much of the material from the similar law enforcement only course, however it is aimed at information technology specialists who need to acquire skills for investigation of computer-related incidents. It introduces the concepts, principles, and professional practice in digital investigation. The programme is delivered in cooperation with the leading Irish experts in the field. See http://www.csi.ucd.ie/content/gdip-msc-digital-investigation for further information.

6:00 Table Quiz

After some refreshments, six tables formed and settled down to test their collective knowledge. Bravely battling an injured leg (as well as brisk arguments about the answers!), Valerie Lyons reprised her role as Quiz Mizz for the 2009 table quiz with a twist, including one round of CISSP type questions. Participation was lively and the quiz thoroughly enjoyed by all. At the end of six rounds there was a tie-break and congratulations to Harry Buckley, John Geary and Michael Brophy who were the eventual winners. Many thanks to both Espion and Grant Thornton who supplied the prizes.

April Chapter Meeting

Venue: Buswells Hotel, Molesworth St., Dublin 2

Date & Time: Thursday 30th April 2009 at 2.00PM

2:00 Introduction by Chairman

Martin Kerrigan welcomed members to the April Chapter meeting. He began the meeting by announcing the launch of the IISF Members' Survey. Martin explained that the purpose of this short survey is to help the IISF committee understand how the Forum can best respond to the needs of all its members, and what members' preferences are in terms of the content, format, timing etc of meetings.

The IISF website has been revamped recently and content is being added all the time. Members are encouraged to visit the site periodically.

The following companies are accepted for membership of the IISF;

·    Certification Europe Associate)

·    Ernst & Young (Associate)

·    Microsoft (Associate)

·    Irish Credit Bureau (Full)

·    Davy Stockbrokers (Full)

·    National Treasury Management Agency (Full)

·    SM Consulting (Associate)

·    FBD Insurance (Full)

·    Kerry Group (Full)

Finally, Martin passed on condolences of all the members to committee member Noel Comerford on a recent family bereavement.

2:15 - Interactive Workshop – ‘The Enemy Within’

Following the Chapter meeting business, the attendees broke into groups for the workshop. Many experts agree that the risk from insider attacks is increasing, and recent reports indicate that 30% of attacks to information systems are conducted by internal staff with a further 20% perpetrated by trusted business partners.

The workshop was facilitated by Martina Costelloe, Martin and Orlagh Lynch. This was a lively session and obviously a topic of keen interest to the attendees.

Output from the workshop has been documented and it is intended to publish this on the IISF website*, as a framework that members can take into their own organisations to help in addressing this risk. In addition, the proceedings (in conjunction with the results of the planned member needs survey) will inform the Forum workplan and content for the Autumn schedule of meetings.

* This document is now available for download as a PDF file

4:45 Close of Meeting

Martin thanked all members for their contribution and all were rewarded with the traditional IISF networking in Buswells bar.

March Chapter Meeting

Venue: Buswells Hotel, Molesworth St., Dublin 2

Date & Time: Thursday 26th March 2009 at 2.00PM

2:00 Introduction by Chairman  

2:15 Presentation – The journey towards ISO27001 accreditation - Declan Murray, National Lottery

The ISO 27000 set of standards provide generally accepted good practice guidance on Information Security Management Systems designed to protect the confidentiality, integrity and availability of the information content and information systems on which we all depend.
ISO 27001 specifies a set of requirements for the establishment, implementation, monitoring and review, maintenance and improvement of an ISMS, which is a management system (a framework of policies, procedures, physical, legal and technical security controls forming part of the organisation’s overall risk management processes) aimed at managing information security risks.

The presentation will outline:

·    the reasons why the National Lottery implemented an ISMS compliant with ISO27001

·    how certification was achieved

·    the key issues

·    the lessons learned

Speaker Bio:

Declan Murray joined the National Lottery as Systems Analyst during the first year of operation after its launch in March 1987. In his capacity as Security Executive since the mid-nineties, he has been involved in all aspects of Lottery Security, physical security, game and ticket security, Draw and TV Game Show Security and information security. In the last year he has fulfilled the role of Project Manager – Accreditation and Compliance, with responsibility for certification to ISO 9001, World Lottery Association Security Control Standards including ISO 27001, Data Protection and National Lottery Operating Licence Compliance.

3:00 Coffee

3:15 Presentation – Data protection practices as implemented by EBS to date – David Cahill EBS

Speaker Bio:

David Cahill is the Information Security Officer within EBS Building Society.  As part of this role he consults with all EBS departments on the security aspects of their business activities, including advising on the analysis and design of the EBS email & web security infrastructure. David was heavily involved with the planning and implementation of the network end point control solution.
David is a BSc Computer Science & Software Engineering, MSc Electronic Commerce, Dip Project Management. His is also a CISSP and CISA.

4:00 Close of Meeting

4:05 Traditional networking in Buswells Bar

January Chapter Meeting Topic – Information Security: Can the 'good guys' win?

Venue: Buswells Hotel, Molesworth St., Dublin 2
Date & Time: Wednesday 28th January 2009 at 3.00PM

3:00 Introduction by Chairman

3:05 Presentation – Professor Fred Piper - Information Security: Can the 'good guys' win?

Abstract:

We will begin the talk by looking back at some of the historical development of Information Security and look at what influenced some of the most significant changes.

We will then assess where we are now and end by having an interactive discussion about where we may be going.

Speaker Bio:

Professor Fred Piper, BSc, PhD (London), ARCS, DIC, CEng, CMath, FIEE, FIMA, BCS, CISSP, CISM, Director of External Relations, Information Security Group.

Fred Piper was appointed Professor of Mathematics at the University of London in 1975 and has worked in information security since 1979.  In 1985, he formed a company, Codes & Ciphers Ltd, which offers consultancy advice in all aspects of information security. He has acted as a consultant to over 80 companies including a number of financial institutions and major industrial companies in the UK, Europe, Asia, Australia, South Africa and the USA. The consultancy work has been varied and has included algorithm design and analysis, work on EFTPOS and ATM networks, data systems, security audits, risk analysis and the formulation of security policies. He has lectured worldwide on information security, both academically and commercially, has published more than 100 papers and is joint author of Cipher Systems (1982), one of the first books to be published on the subject of protection of communications, Secure Speech Communications (1985), Digital Signatures - Security & Controls (1999) and Cryptography: A Very Short Introduction (2002).

Fred has been a member of a number of UK Department of Trade and Industry advisory groups.  He has also served on a number of Foresight Crime Prevention Panels and task forces concerned with fraud control, security and privacy.  He is currently a member of the Scientific Council of the Smith Institute, the Board of Trustees for Bletchley Park and the Board of the Institute of Information Security professionals. He is also a member of (ISC)2’s European Advisory Board, the steering group of the DTI’s Cyber Security KTN, ISSA’s advisory panel and the BCS’s Information Security Forum.

In 2002, he was awarded an IMA Gold Medal for “services to mathematics” and received an honorary CISSP for “leadership in Information Security”.  In 2003, Fred received an honorary CISM for “globally recognised leadership” and “contribution to the Information Security Profession”.  In 2005 he was elected to the ISSA Hall of Fame.

4:15 Q & A Session

All are invited to take this opportunity to pose questions to Professor Piper.

5:00 Close of Meeting and traditional networking in Buswells Bar

2008 Events

05/12 Buswells Hotel

Chris Taylor - Senior Forensics Consultant, Espion Ltd.
"Taking forensic evidence to court - a case study on presenting technical findings effectively in court"

02/10 The Vaults in IFSC

Unauthorised Use of Applications in the Workplace - a case study from AIB (Speaker Derek O'Neill AIB) Towards Assurance: Moving beyond Tools and Tactics (Speaker Andrew S. Townley)

22/05 MV CillAirne, Spencer Dock

Guest speaker - David Prendergast Group Information Security Standards, Training and Awareness AIB CISSP CISM CISMP
IISF Table Quiz

09/04 The Morgan Hotel, Temple Bar.

Presentation by Dr. Eric Cole on Preventing and Detecting Employees and Contractors from Stealing Corporate Data

13/03 D4 Hotel (Old Jury's Hotel) in Ballsbridge

Presentation - Generation Y and IT Security: 'Same Same, but Different'?
Bob Semple,  PricewaterhouseCoopers

07/02 Four Seasons Hotel, Ballsbridge

Andy Harbison, Deloitte: 'Responding to E-Discovery requests'
Michael Coady, CA :'How to identify key business/financial benefits of Identity & Access Management'

05/12/08 - Buswells Hotel, Molesworth Street

The AGM and meeting venue will be Buswells Hotel in Molesworth Street, and our lunch will be in George's Restaurant & Wine Bar on South Frederick Street.  Start time will be 1pm in Buswells Hotel, and we are booked for lunch at 3.30pm.

Our guest speaker will be Chris Taylor of Espion and I give a brief synopsis below:

Chris Taylor - Senior Forensics Consultant, Espion Ltd.
"Taking forensic evidence to court - a case study on presenting technical findings effectively in court" The latest in tools and techniques are undoubtedly essential to gathering the facts in a case - but this is only one step in the process. A successful case hinges on accurate and compelling evidence and how it is presented in a structured meaningful way in court. This presentation will detail a recent case in the Old Bailey (Operation Wanderer - an investigation that led to the successful prosecution of seven ultra right wing criminals) to illustrate how highly technical evidence - critical to the prosecution's - case was prepared for jury presentation. The successful outcome makes this presentation of interest to anyone facing the challenges of presenting forensic evidence in a court environment.

[TOP]

02/10/08 -The Vaults in the IFSC

2.15-3.00 pm Unauthorised Use of Applications in the Workplace - a case study from AIB (Speaker Derek O'Neill AIB)
A routine & automated desktop scan in AIB found evidence of a popular software application on some  desktops. This scan showed that the application existed, but couldn't determine if the application was being actively used. Although the application is blocked within the company - as a 'triangulation' exercise, an investigation took place into possible traffic relating to this application over the internal LAN. This presentation covers the methods and findings of the investigation and poses some serious questions about the use of unauthorised applications in our workplace.

About the speaker:

Derek O'Neill works for AIB. Previously he has worked for Microsoft and Gateway 2000. He's held support & developer roles for Client/Server / eMail / IT Research / Intranet / Midrange and Internet. He led the team working AIBs Internet Infrastructure refresh, and has been the SME on content switch / firewall / proxy / and eMail chains. His significant focus has always been Information Security, and he joined the Information Security team in AIB in August 07. He's currently studying for the SSCP exam and will sit it on November 15th.
3:00-3:15pm break for tea/coffee
3.15-4.00 pm Towards Assurance: Moving beyond Tools and Tactics (Speaker Andrew S. Townley)
Information assurance is about managing risks. It establishes the "what", "why" and "how much" of your information security programme, and leaves the tools, tactics and techniques - the "how" - to be determined by the information security practitioners. With today's increasing focus on privacy, data protection, business continuity, disaster recovery and identity management, it is no longer sufficient to focus on ways to provide these things to your organisation. The focus must be on how these issues affect, influence, constrain and enable your organisation. This presentation will help Information Assurance and Security Managers answer the following questions:
What is Information Assurance, and how does it relate to our organisations’ vision/strategic objectives? What is the relationship between security strategy & governance and technology strategy & governance? How can we integrate Information Assurance into an organisation's daily operations?

About the Speaker:

Andrew S. Townley is the Founder and Managing Director of Archistry Limited, a professional services firm dedicated to helping clients more effectively manage, use and secure ICT to deliver their corporate performance goals. He is an international speaker and author of several papers and articles on Enterprise Architecture, SOA and Information Assurance. Andrew has extensive experience in the Mobile & Wireless Telecommunications, Public Sector, Financial Services and Software industries and has worked with top-tier professional services firms including BearingPoint and Deloitte in delivering multi-million Euro projects. Andrew is an active member of the SOA, Security and Knowledge Management communities, including holding the CISSP security certification and regularly speaking on these topics at conferences such as COSAC, worldwide OASIS events, InfoSeCon, InfoSecWeek and the SOA for E-Government conference hosted by the U.S. Federal SOA Community of Practice.

[TOP]

22/05/08 - IISF Meeting Notice and Agenda

Venue: MV CillAirne, Spencer Dock.
Date & Time: Thursday 22nd May 2008 at 4.30pm

Agenda

4.30pm Welcome and introduction by IISF chairman Jim Smith
4.40pm Guest speaker - David Prendergast Group Information Security Standards, Training and Awareness AIB CISSP CISM CISMP
Dave hails from the North East of England having grown up in Washington CD (that's County Durham to the un-initiated). He joined AIB as their Group Information Security Standards, Training & Awareness Manager in October 2006 having previously worked for IBM in Ireland and the UK.
Dave has over 20 years in IT and over 10 years in IT Security specifically, working in variety of large companies covering global manufacturing, health service and local government. This presentation is Dave's view of how we need to use marketing tactics and ideas to help us sell the Information Security message to our audience.
5.30pm End of meeting
6.00pm IISF Table Quiz

[TOP]

09/04/08 - IISF Meeting Agenda

Venue: The Morgan Hotel, Temple Bar.
Date & Time: Wednesday 9th April 2008 at 6.30pm
Agenda
6.30pm Tea/Coffee
7.00pm Welcome and introduction by IISF chairman Jim Smith
7.05pm Presentation by Dr. Eric Cole on Preventing and Detecting Employees and Contractors from Stealing Corporate Data
Organisations tend to think that once they hire an employee or a contractor, that person is now part of a trusted group. Although an organisation might give an employee additional access that an ordinary person would not have, why should it trust that person? If competitors or similar entities want to cause damage to an organisation, steal critical secrets, or put the organisation out of business, they just have to find a job opportunity, prep someone to 'ace' the interview, and have that person get hired. Depending on your adversary's objectives and patience, you may never know you've been compromised until it is too late.
So how do we detect that an organisations 'trusted' personnel are not acting in the best interests of the organisation? - Dr. Eric Cole outlines the various mechanisms that are available to an organisation to prevent and detect such 'insider' incidents.

About the speaker

Dr. Eric Cole is currently chief scientist for Lockheed Martin Information Technology (LMIT), specializing in advanced technology research. Eric is a highly sought-after network security consultant and speaker. Eric has consulted for international banks and Fortune 500 companies. He also has advised Venture Capitalist Firms on what start-ups should be funded. He has in-depth knowledge of network security and has come up with creative ways to secure his clients' assets. He is the author of several books, including Hackers Beware: Defending Your Network from the Wiley Hacker, Hiding in Plain Sight, and the Network Security Bible. Eric holds several patents and has written numerous magazine and journal articles. Eric worked for the CIA for more than seven years and has created several successful network security practices. Eric is an invited keynote speaker at government and international conferences and has appeared in interviews on CBS News, "60 Minutes," and CNN.  Dr. Cole's most recent book Insider Threat reminds us that insiders - trusted employees and contractors - can do more damage more quickly to an organization than any outside hacker.

[TOP]

13/03/08 - March Chapter Meeting Topic

Generation Y and IT Security: 'Same Same, but Different'?
Venue: D4 Hotel (Old Jury's Hotel) in Ballsbridge
Date & Time: Thursday 13th March 2008 at 2.30PM
2:30 Introduction by Chairman
2:35 Presentation - Generation Y and IT Security: 'Same Same, but Different'? Bob Semple, PricewaterhouseCoopers
"Although they are better educated, more techno-savvy, and quicker to adapt than those who come before them, they refuse to blindly conform to traditional standards and time-honoured institutions.  Instead, they boldly ask, "Why?"

Eric Chester from "Employing Generation Why?"
Generation Y (born between 1977 and 1994) makes up over 70 million in the US. They are already having a huge social and economic impact: diversity, independence and an attitude of entitlement are among the most striking characteristics.  The key questions for IT Security practitioners are: how relevant is Gen Y to Ireland? What difference if any will Gen Y make to the everyday practice of security? What do we need to do differently to maintain high levels of protection for the organisations we serve?

In this talk, Bob Semple will explore just what makes Gen Y so special. He will identify a number of areas that could prove particularly troublesome and then outline an approach that security practitioners might like to adopt to address these new challenges.

Bob Semple is a partner in the Risk Management Services department of PricewaterhouseCoopers. He has over 30 years' professional experience providing a range of advisory and assurance services to clients.

Over the years Bob has specialised in auditing, IT security, forensic investigation and, more recently, corporate governance and risk management.  His clients include major government departments, major PLCs, state companies and private companies across many industries. Bob has lectured widely on risk, control and security issues and is the author of several reports and books on these subjects.
3:30 Coffee
4:00 Presentation - Details to follow Hugh Callaghan, Ernst & Young
4:30 Close of Meeting

[TOP]

07/02/08 - IISF Meeting Notification and Agenda

Venue: Four Seasons Hotel, Ballsbridge.
Date & Time: Thursday 7th February 2008 at 11.00AM
10.45 End of CA/Deloitte Breakfast session followed by tea/coffee
11.00 IISF February meeting commences, with an Introduction by IISF Chairman
11:05 Andy Harbison, Deloitte:
'Responding to E-Discovery requests'
Andrew Harbison leads the IT Forensics and Litigation Support practice at Deloitte, Dublin.  He has provided support to companies and litigators in over 200 cases. He has written extensively on IT Forensics, Computer Fraud and Incident Management, and is a co-author of the Law Society's Practice Guides in Computer Fraud and Electronic Discovery.  He has advised many of Ireland's largest financial services firms on information security incident response planning.
11.40 Michael Coady, CA :
'How to identify key business/financial benefits of Identity & Access Management'
Michael Coady is a Global Vice President with CA Inc. He has led several Forensic/Security investigations both in the public and private sector.
He has developed an enterprise security methodology and using this methodology, has managed the implementation of Identity and Access Management technologies within large corporations. He is a renowned National Speaker for Privacy and Security as it relates to HIPAA, GLBA and SOX compliance. He has managed over 60+ Health Insurance Portability and Accountability Act (HIPAA), EU Privacy Directive (EUPD), Gramm-Leach-Bliley Act (GLBA), Sarbanes Oxley (SOX) engagements nationwide for clients in the public and private sector.
12.30 Networking and finger-buffet lunch in Four Seasons hotel