February 2010 Chapter Meeting
What: A Year of ISO 27001 and 27002 (17799)
Topic: Access Control
Speakers: Gary Sheehan and Rick Blanch
When: February 11, 2010 - 1pm to 5pm
Where: Parma South Branch of the Cuyahoga County Library
Click Here for Directions and Registration
Cost: Free!
Sponsored By: RSA, Inc.
As we will continue in our series titled: "A Year of ISO 27001 and 27002," we are very pleased to have Gary Sheehan and Rick Blanch teach us about access control as it pertains to the ISO standard. You will find a brief overviews of Gary and Rick and their presentations at the end of this article.
In this month's Tech Talk, Craig Campbell will give an overview of a very popular open source port scanner: Nmap and it's graphical user interface called Zenmap.
Finally, Steven Dove will give us an update on our hacking challenge. If you missed January's meeting and would like to participate in our hacking challenge, please find the link to it in the "Links of Interest" section of our website. And remember, prizes will be given to the challenge winners.
February's Presentation Overviews:
ISO 27002 - ACCESS CONTROL (Gary Sheehan)
Information technology governance, compliance and security play an integral role in managing enterprise risk. To be effective, risk and security must be addressed from a business perspective, using business terminology and metrics. In this presentation we will discuss how ISO 27002 guides you through managing access to your IT infrastructure, while ensuring you focus on those controls that support your organization's goals and objectives. In particular we will cover:
* ISO 27002 Basics, Terminology & Definitions
* User Access Management
* Network Access Management
* OS Access Management
* Application Access Management
* Remote Access Management
AUTHENTICATION STRATEGIES FOR IDENTITY ASSURANCE (Rick Blanch)
There are a variety of authentication solutions on the market today ranging from simple, password driven, single sign-on solutions to complex risk based engines. We will discuss what these solutions are, when they should be used and what some of the compliance drivers are.
Gary Sheehan's Professional Summary:
Gary Sheehan possesses over 20 years of information security experience and has worked with companies in the financial, insurance, manufacturing, retail, academic, health care and aerospace sectors. As Director of GRC Services at ASMGi, Gary is responsible for managing the design, delivery and implementation of governance, risk, security and compliance solutions that meet customer needs and keep pace with the constantly evolving regulatory and security requirements. Prior to ASMGi, Gary was a Managing Consultant at Wolcott Group.
Gary has a Bachelor's degree in Business Administration from Baldwin-Wallace College. He received a Certificate of Appreciation and a Letter of Commendation from the Cleveland FBI office for exemplary service to the local InfraGard chapter and for exceptional service in the public interest. He was awarded the Linda Franklin Award in 2003 for his service to InfraGard. In 2003 Gary founded the Information Security Summit which will hold its 8th Annual conferencing event later this year. Current Gary is the President of the Northern Ohio Members Alliance of InfraGard, the Executive Director of the Information Security Summit, sits on the Advisory Board of the Northeast Ohio Think Tank and is a member of the Board of Directors for the HISP Institute.
Rick Blanch's Bio:
Rick Blanch is an information security consultant at RSA, The Security Division of EMC, and also serves on the Board of the Central Ohio ISSA Chapter as Education Director. Rick has over 15 years of combined experience in information technology and information security. He holds a bachelor’s degree in Computer Information Systems from Youngstown State University and is a Certified Information Systems Security Professional and Certified Ethical Hacker. His areas of specialization include application security, access control systems, data loss prevention, vulnerability management, information risk management and governance, risk, and compliance.
