• Implementing Controls
• Preventing Identity Theft
• Avoid Technology Mistakes
• Recommendations

WHEN:
Friday, April 23th 2010
11:30 – 12:00 Networking
12:00 – 1:00 Speaker

WHERE:
Waterfront Plaza (Directions)
10 Floor east tower
321 W Main Street
Louisville, KY

COST: FREE – 1 Hour of CPE (Jimmy Johns provided for lunch)
Please RSVP to meetings@isacaky.org before April 21, 2010 at 5pm.
Please include your selection of sandwich from Jimmy Johns listed below:

(Note: All lunches will be box lunches and will include a bag of chips + cookie)
BIO:

Brian Jackson MCSE, MCITPEA, CCNA, CISA
Senior Technology Manager

A tour of the data center will be available after the presentation. Partcipants will be required to sign a waiver prior to the tour.

MaximumASP, based in Louisville, Kentucky, was founded in 2000 as an outsourcing firm for Windows-based hosting services. MaximumASP was named by Microsoft as its 2009 Hosting Solutions Partner of the Year. The company currently hosts more than 50,000 domains for customers in over 120 countries. With a strong focus on hosting solutions that combine advanced monitoring and management tools, MaximumASP has become a top choice for Microsoft developers seeking a robust hosting platform for mission-critical web applications. For more information visit www.maximumasp.com.
 

WHEN:
Friday, March 26th 2010
11:30 – 12:00 Networking
12:00 – 1:00 Speaker

WHERE:
MaximumASP
2080 Nelson Miller Parkway (map)
Suite 100
Louisville, KY 40223
866.925.4678

COST: FREE – 1 Hour of CPE (Jimmy Johns provided for lunch)
Please RSVP to meetings@isacaky.org  before March 24, 2010 at 5pm.
Please include your selection of sandwich from Jimmy Johns listed below:

(Note: All lunches will be box lunches and will include a bag of chips + cookie)
BIO:
Dominic Foster is Chief Technology Officer of MaximumASP, a Microsoft Gold Certified Provider of web hosting and managed IT services, as well as the star left wing for a two-time Stanley Keg winning ice hockey team in Louisville, Kentucky. Foster, known in certain circles as the Punk Rock CTO,  joined MaximumASP in 2000 and currently has more than ten years experience designing, implementing and administering Windows technologies. New product and emerging technology research and development are primary responsibilities with key areas of focus on  Virtualization, and IIS. Foster also oversees a systems engineer team responsible for maintaining  more than 48,000 domains for customers in over 60 countries.
 
Foster’s expertise and active involvement in early builds of both technologies was a large factor in the success of MaximumASP’s partnership with Microsoft as the first to offer hosted accounts on Hyper-V and IIS 7. Foster, topped by his signature funky hair, has been a valued speaker at conferences, user groups and various interviews with online publications for his no-nonsense, unbiased opinions.

WHEN:
Friday, February 26th 2010
11:30 – 12:00 Networking
12:00 – 1:00 Speaker

WHERE:
The Council on Developmental Disabilities
1151 S. 4th Street (map)
Louisville, KY 40203
http://www.councilonmr.org/
(502) 582-1995

Parking is available across the street in the old Winn-Dixie lot.

COST: FREE – 1 Hour of CPE (Pizza provided for lunch)
Please RSVP to meetings@isacaky.org before February 24, 2010 at 5pm.

BIO:
Nancy Burns, CISA, has worked in Information Technology for 39 years, the past 21 years at Brown-Forman Corporation.  Over her career, she has held several management positions in IT including technical support, network management, telecommunications, operations and IT auditing.  Her experience with segregation of duty issues began with the Sarbanes-Oxley Act where she managed a large project to mitigate over 15,000 SoDs.  Today, Ms. Burns is Brown-Forman’s IT Compliance Analyst, which includes the monitoring and resolution of SoDs, as well as control compliance and testing.

WHEN:
Friday, January 22nd 2010
11:30 – 12:00 Networking
12:00 – 1:00 Speaker

WHERE:
Waterfront Plaza (Directions)
10 Floor east tower
321 W Main Street
Louisville, KY

Mark R. Trinidad, Application Security, Inc.

Mark R. Trinidad is a Product Manager at Application Security, Inc.  He is responsible for the direction of AppDetectivePro, all scanning technology, and the vulnerability knowledgebase for all products.

Over the years, Mark has established trusted partnerships with IT auditors and security professionals, working with them to understand how database audit and security controls fit into audit and compliance frameworks.  He has spoken at various ISSA, ISACA, and OWASP chapters around the country, is a frequent DefCon attendee, and an active committee member of the ISACA and ISSA New York Metro chapters.

Mark holds a BS in MIS and Marketing from Drexel University.

WHEN:
Friday, November 20th 2009
11:30 – 12:00 Networking
12:00 – 1:00 Speaker

WHERE:
Waterfront Plaza (Directions)
10 Floor east tower
321 W Main Street
Louisville, KY

COST: $5 (Pizza will be served) – RSVP Closed

ABOUT:

In today’s enterprise, Web Application Security has come front and center for security managers as well as the business. The reason many well-funded, well-backed programs fail is because they miss the fundamental rule of problem solving – understand the problem. The secret to success is simple – understand your business context and build a program around that.

How can you develop an actionable, business-risk driven program for your enterprise? Understanding your role within the business is key, followed by successful identification of a cornerstone upon which to base the program. Evaluating data value, application visibility and business exposure one step at-a-time, and assigning real, measurable risk are the necessary steps to making sure your program is well-grounded in business value. Participants will be given a strong foundation to succeed, so they don’t end up solving problems the business doesn’t have.

WHEN:
Thursday, October 29th 2009
11:30 – 12:00 Networking
12:00 – 1:00 Speaker

WHERE:
Council on Mental Retardation, Inc.
1151 S. 4th Street (map)
Louisville, KY 40203
http://councilonmr.org
(502) 582-1995

Parking is available across the street in the old Winn-Dixie lot.

COST: FREE (courtesy of nCircle) – 1 Hour of CPE
Please RSVP to meetings@isacaky.org before October 27, 2009 at 5pm.

Please include your selection of sandwich from Jimmy Johns listed below:

(Note: All lunches will be box lunches and will include a bag of chips + cookie)

Mark Wood is responsible for product management for the Configuration Compliance Manager business. He has more than 21 years of technology marketing experience, with significant expertise in product management, marketing and new product market strategies. Prior to joining nCircle, Mark was vice president of product management and marketing for Cambia Security, the leader in agentless configuration compliance that was acquired by nCircle in May, 2007. At Cambia, Mark directed product strategy, product marketing and marketing initiatives.

ABOUT COMPANY:

nCircle has a proven track record of innovation in security and compliance auditing. nCircle was the first to deliver a complete vulnerability and risk management system, moving the market beyond simple penetration tests and enabling enterprise customers to focus on security processes rather than simply one-time vulnerability assessments. nCircle has built on that expertise, uniquely delivering a fully integrated, best-in-class agentless product line for auditing the entire information technology stack across a global network.

nCircle is the only provider of a true appliance-based solution, minimizing cost and complexity in enterprise deployment and management, while providing virtually unlimited scalability. nCircle is the only vulnerability and risk management system to be Common Criteria certified at EAL level 3. This is a comprehensive third party certification recognized in 23 countries on the strength of the security processes in the company and the processes around creating and delivering products.

nCircle currently holds five U.S. patents and has another four patents pending. nCircle is the only vendor with a 24-hour SLA for critical Microsoft vulnerabilities, ensuring that within 24 hours of the announcement of the advisory by Microsoft, nCircle will provide a check with which they can test their systems for the vulnerability. nCircle supports this guarantee with the largest and most productive Vulnerability and Exposure Research Team (nCircle VERT) in the industry.

nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,000 enterprises, government agencies and service providers around the world rely on nCircle’s proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto.

WHERE:
Bristol Bar & Grille (Directions)
614 W Main St # 1000
Louisville, KY 40202-4211
(502) 582-1995

RSVP Closed

SPEAKERS: (Verizon Business)
Mike Broering, Business Solutions Consultant
Jim Aull, Senior Security System Engineer

TOPIC:
Verizon Business Data Breach Report

ABSTRACT:
Verizon Business will present the findings of the Data Breach Report, a first of its kind look at the trends and statistics from real-world data theft.

This unique and comprehensive, data-driven report on forensics and computer crime investigations, gathered from 500+ cases over a 5-year period, offers an objective, first-hand view of data breaches directly from the casebooks of Verizon Business’ Investigative Response team. Mike Broering, Business Solutions Consultant and Jim Aull, Senior Security Engineer, will share insights gathered from real-world security incidents and examine critical trends in data theft, including:

• 87% of data breaches could have been avoided if reasonable security controls had been in place.
  
• 66% of breaches involved data that the organization did not even know was on their system.
  
• 39% of the breaches involved business partners.
  
• Between 2004 and 2007, the number of breaches involving partners increased five-fold.

ABOUT SPEAKERS:

About Mike Broering

Mike Broering is a Business Solutions Consultant, working with companies, governments and educational institutions to secure data, protect identities and demonstrate compliance. Mike has been in the IT field for over 10 years and in IT Security the past seven.

About Jim Aull

Jim Aull is a Senior Security System Engineer for Verizon Business. Jim helps clients secure their infrastructure and data by designing solutions that incorporate all three pillars of security – people, process and technology. Jim has worked in IT for over 13 years and in Information Security for the past four years. Jim holds CISSP, HISP, COBIT and ITIL certifications.