The insider threat / Final RSVP chance for Gauteng event / Local infosec survey results

3 views

Skip to first unread message

Information Security Group of Africa

unread,

Jul 19, 2007, 5:40:33 AM7/19/07

to Information Security Group of Africa

This e-mail is subject to a disclaimer, available by clicking here

Risk Management

Governance

Compliance

Business Continuity

Information Security

Awareness

--+ ISG Africa News +--

========================================================

This week we focus on the insider threat – the fact that on average more data breaches occur within your security perimeter from “trusted” employees / contractors.

The common thread in all these articles is the fact that you cannot rely on technology alone to protect your information assets. All too often, technology whirrs away in the background, doing its job, but it takes human skill to analyse what is happening and to make a proper evaluation of the risks facing your organisation. This again, raises the need for a managed information security system that can either prevent or minimise the impact of incidents. (Refer to ISO 27001 / ISO 27002 (previously 17799) for more info)

Ensure you keep yourself updated by attending our free monthly user group meetings, joining one of our Special Interest Groups (SIGs) & budgeting for relevant training / events…see below for all the details.

Regards

Craig Rosewarne

Founder & Chairman
Information Security Group of Africa
(A Section 21 company 2006/001533/08)

========================================================

1. Security Awareness Update

(Thanks to all the folk in the industry who send me updates!)

Employee leaks 2.3 million users’ files

The data breach that occurred at Fidelity National Information Services last week was a security professional's nightmare. And not just because of the amount of raw consumer data spilled onto the black market. By that measure, the 2.3 million users' files that were leaked can't compare with the 45 million customers' account information lost by retailer T.J. Maxx just last January.

http://www.forbes.com/business/2007/07/10/computer-security-internal-biz-biztech-cx_ag_0710mcafee.html

DIY Phishing kit
Cybercriminals have created a "Plug and Play" phishing kit that dramatically increases the speed with which servers can be attacked. The toolkit - contained in a single file - makes it possible for even technically-illiterate would-be fraudsters to create phishing sites on a compromised server within the the blink of an eye (or two seconds, to be more exact).

http://www.theregister.co.uk/2007/07/10/plug_and_play_phishing/

Update from the Scottish police

IT is often said - and quite rightly - that IT security is at least as much about acquiring the right culture or mindset as it is about implementing this or that technology. There are so many layers to security, from basic things, such as the way people behave, to complex technical aspects such as implementing firewall rules, or knowing how to respond to alerts from intrusion detection logs. Getting all the pieces in place and keeping them in order is something that takes both vigilance and skill. Get it wrong and your whole business could be at risk.

http://news.scotsman.com/topics.cfm?tid=1127&id=639802007

Your DBA has his/her hand in the till!
I have written and pontificated often enough on the dangers of trusted employees. One of the biggest shifts underway in the threatscape is due to the increased value of personal identity information and the emergence of markets for that information. This change means that traditional security measures which were focussed on keeping viruses and worms out, and the occasional malicious hacker, are not going to protect you from today's threat: your own employees and contractors.

http://blogs.zdnet.com/threatchaos/?p=460

2. Timbukone Information Security Survey Results

You can use the link below to download the TimBukOne Information Security Surveys.

Simply unzip the file and run the contained analysis application from any folder you like. You *must* extract the program from the zip file. It cannot be run from within the zip file.

The analysis program is completely self contained and requires no setup. The program has been built for Windows 2000, Windows XP, & Vista versions of Windows.

2007 - http://www.timbukone.com/survey/zip/TBO_IS_Survey_2007.zip

2006 - http://www.timbukone.com/survey/zip/TBO_IS_Survey_2006.zip

Sincerely,

The TimBukOne Team

3. Next ISG Africa chapter meetings

Next Gauteng Meeting
NOTE:	Please take note of the earlier meeting time for this month!
Date:	Thursday 26 July 2007
Time:	09:00 (08:15 registration)
Venue sponsors:	Continuity SA Unit 4 Growthpoint Park Midrand (Please email marelda...@continuitysa.co.za for a map to the venue)
RSVP:	Craig Rosewarne – cr...@isgafrica.org / +27 832314707

Meeting Agenda
08:15	Registration opens / Welcome coffee
09:00	ISG Africa news update Craig Rosewarne
09:10	Protection of private information, Identity theft and “Dumpster diving” Duncan Waugh, Loss Adjuster / Forensic Investigator
09:40	When disaster strikes Anthony Askew, ContinuitySA (Venue sponsors) (An optional site tour of ContinuitySA’s facilities has been arranged for after the break)
10:10	Meeting ends followed by a few drinks & snacks with friends in the industry!

The venue can only accommodate a max of 100 people so please ensure you RSVP timeously.

=====================================================

4. Training Courses
Live Web-based Holistic Information Security Practitioner (HISP)(NEW)	This is the only integration class that provides practical education on the integration of best practices for Information Security Management, Information Systems Auditing and how to map COBIT, COSO and ITIL as well as multiple regulatory requirements to the internationally accepted best practices framework of ISO/IEC 17799:2005.
Training Provider	http://www.efortresses.com/refdocs/HISP-Live-Web-Based-Class-02.pdf
Contact details	ho...@eFortresses.ie
Dates	19 September – 21 November 3 evening hours per week for 10 consecutive weeks (every Wednesday)
I S A - Information Security Architecture (3 days) (NEW)	The primary objective of this course is to familiarize delegates with Information Security Architectures and how the Information Security Framework fit into the modern organisation. The course also covers a vast number of implementation strategies and includes policy example documentation. Delegates will also be exposed to the roles and responsibilities of the Security Team and incident response procedures. (R 4 370-00 excl VAT)
Training Provider	www.calkis.co.za
Contact details	in...@calkis.co.za / +27 86 111 222 1
Dates	26-28 September (Cape Town) 19-21 November (Centurion - Pretoria)
F I S T - Fundamental Information Security Training (3 days) (NEW)	The Fundamental Information Security Training course's primary objective is to familiarize delegates with Information Security, methodologies, mechanisms and processes integrated with the Information Security Life Cycle. The course is based on a phased approach which includes the Preliminary, Protection, Detection, Reaction and Reflection phases. This will ensure that the delegate will understand that Information is a business asset, security is a business process and Information Security a business requirement. (R 3 850-00 excl VAT)
Training Provider	www.calkis.co.za
Contact details	in...@calkis.co.za / +27 86 111 222 1
Dates	12-14 September (Centurion - Pretoria) 07-09 November (Cape Town)
The Human Factor - Workshop (3 days) (NEW)	The primary objective of this workshop is to help delegates understand common human behavior and the best practices to help change attitudes. The workshop doesn't only explore proven user awareness methodologies and best practices, but also help equip delegates with an awareness strategy tailor-made for their environment and helps them to think "outside-the-box". Delegates are exposed to personality variables and how to develop an effective awareness strategy for the appropriate target group. (R 3 999-00 excl VAT)
Training Provider	www.calkis.co.za
Contact details	in...@calkis.co.za / +27 86 111 222 1
Dates	01-03 August (Cape Town) 17-19 October (Centurion - Pretoria)
Network Fundamentals (2 days) (NEW)	The primary objective of this condensed network fundamentals course is to equip delegates that have very little or outdated network knowledge with basic network skills enabling them to understand and grasp the network related concepts needed when attending the official CompTIA Security+ course. This is a basic course and not a formal network course. (R 1 790-00 excl VAT)
Training Provider	www.calkis.co.za
Contact details	in...@calkis.co.za / +27 86 111 222 1
Dates	16-17 August (Centurion - Pretoria)
HBN – Extended (5 days)	‘Extended’ is our ‘introduction to hacking’ course. It is strongly method based and emphasizes structure, approach and thinking over tools and tricks. The course is popular with beginners, who gain their first view into the world of hacking, and experts, who appreciate the sound, structured approach. The course has evolved significantly since 2001 and now offers new content, a new structure, new tools and new techniques.This course is in essence a five-day version of HBN – Bootcamp Edition and has been extremely successful ever since its inception in 2001. It was also the first course of this kind to be offered in South Africa and remains a firm favorite with clients.
Training Provider	www.sensepost.com
Contact details	sh...@sensepost.com / +27 12 460 0880
Dates	9-13 July (Pretoria)
HBN – Combat edition (2 days)	This course is the most technical of the Hacking by Numbers series. >From the first hour, to the final minutes students are placed in different attacker scenarios as they race the clock to "capture the flag". In the SensePost tradition, the solutions lie much more in technique and an out-of-box thought process than in the use of "skriptz" or "toolz". Each exercise is designed to teach a specific lesson and will be discussed in detail after they are completed. In this way you learn from your instructors, your colleagues and your own successes and failures
Training Provider	www.sensepost.com
Contact details	sh...@sensepost.com / +27 12 460 0880
Dates	19-20 July (Pretoria)
BSI-ISO/IEC 27001:2005 - Information Security Management System Lead Auditor Course (5 days) IRCA registered	BSI’s “ISO/IEC 27001:2005 – Information Security Management System Lead Auditor” teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001:2005. This five-day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO/IEC 27001:2005 registration process. The auditing exercises and lectures are based on ISO 19011:2002, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO/IEC 27001:2005, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	30 July - 3 August (FULL)/ 17-21 September (Only 5 seats left) (Johannesburg)
COSO Enterprise Risk management training (2 days)	The COSO Enterprise Risk Management – Integrated Framework is designed to provide best practice guidance for management of businesses and other entities to improve the way they are dealing with these challenges. COSO – ERM integrates various risk management concepts into a framework in which a common definition is established, components are identified, and key concepts described.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	24-25 July / 20-21 September (Johannesburg)
SAP R/3 CONCEPTS & AUDITING RISKS (3 days)	This training is for auditors who have no previous experience with SAP“ R/3“. You will cover the major risk areas for SAP 4.6 and beyond. You will explore the organisational and audit department challenges inherent in managing SAP“ R/3“ during implementation, delivery and production processing, focusing on the skills required to perform project and audit tasks.
Training Provider	www.mistieurope.com
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	20 – 22^nd August (Johannesburg)
AUDITING & SECURING SAP’S ENTERPRISE SERVICES ARCHITECTURE (2 days)	This two-day seminar is for auditors and security professionals who have to audit the risks associated with the new ESA of SAP“ R/3“. You will cover the major risk areas for the latest SAP release, including Sarbanes-Oxley compliance controls related to the protection of organisational financial data accessible via the open architecture tool set. You will review each architectural component, including mySAP.com, ECC, WebAS, NetWeaver, Master Data Manager, Enterprise Portal and Exchange and Mobile Infrastructure in terms of risks, system defaults, segregation of duties, and other key controls necessary to ensure the integrity and confidentiality of data are properly established.
Training Provider	www.mistieurope.com
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	23 – 24^th August (Johannesburg)
Governance, Risk management & Compliance workshop (2 days)	This comprehensive 2 day workshop analyses over 30 different public and commercially-oriented standards, frameworks and methodologies in the Governance, Risk Management, Compliance and Information Security arenas. It furthermore investigates the legislative compliance imperatives applicable to companies trading in South Africa. Each delegate will receive a complete cd packed with useful information related to the workshop!
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	6-7 August / 11-12 October (Johannesburg)
CobiT Implementation (2 days)	This comprehensive 2 day Course is designed for IT management and professionals, Internal and IT Auditors and Management that deal with the complexities of IT control functions on a daily basis.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	26 – 27 July / 30-31 August (Johannesburg)
Information Security (2 days)	ISO/IEC 17799 - Code of practice for Information Security Management ISO/IEC 27001 - A Specification for an Information Security Management System (ISMS)
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	28-29 August (Johannesburg)
Business Continuity (2 days)	The British Standards Institute (BSI) has published a new Standard (BS 25999) that clearly defines the process, principles and terminology of Business Continuity Management (BCM) and Business Continuity Plan (BCP) Development. BS 25999 replaces PAS 56, which has been withdrawn.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	16-17 August (Johannesburg) 30-31 August (Cape Town)
	If you have training relevant to the group please send me through the details

5. Special Interest Groups (SIGs)

1. Business Continuity	SIG is focused on best practices around business continuity and disaster recovery
SIG Leader	Azaad Sathar
Contact details	azaad....@firstrandbank.co.za / 011 371 7021
Next meeting details	Tuesday 28^th August – 4pm to 6pm
Venue provider	Ernst & Young (Ask for Dheshnee Ramadu upon arrival)
2. Digital Forensics	SIG focused on digital forensics
SIG Leader	Karel Rode
Contact details	Karel...@ca.com / 011 236 9111
Next meeting details	TBC
Venue provider	CA offices in Sunninghill, Gauteng
3. Risk	SIG focused on Risk management, Governance & Standards
SIG Leader	Joss Bernstein
Contact details	yose...@telkomsa.net / 082 882 8024
Next meeting details	1^st August – 5pm to 7pm ISO 27001 – use the first three monthly SIG meetings to read through and explain the application of ISO 27001, with practical examples
Venue provider	McAfee, Didata Campus, Wrigley Field Building (ask for Gary Boniface)
4. IDM	SIG focused on Identity Management
SIG Leader	Leon Fouche
Contact details	leon.f...@kpmg.co.za / 011 647 5232
Next meeting details	TBC
Venue provider	KPMG, Empire Road, Gauteng
5. CERT	SIG is focused on the establishment of an independent incident response centre for Africa.
SIG Leader	Allen Baranov
Contact details	all...@Angloplat.com / 011 373 6868
Next meeting details	TBC
Venue provider	TBC
6. Legal	SIG focused to shaping cyber law in our legal system
SIG Leader	Adv. Johann Hershensohn
Contact details	joh...@hershensohn.com / 082 600 1175
Next meeting details	Tuesday 17th July – 5:30 to 7pm Discussion around the South African Accreditation Authority, who has invited Authentication and Certification Service Providers to apply for accreditation of their products and services
Venue provider	Lawtrust, Centurion
7. OS security	SIG focused on using open source tools such as Nessus & Snort (as a start!)
SIG Leader	Jacques van Heerden
Contact details	jvanh...@gtsp.co.za / 083 680 0990
Next meeting details	TBC - Starts 4pm to 6pm
Venue provider	Centurion venue at GTSP offices
8. CISSP Study group	SIG focused on assisting those who wish to attain their CISSP certification
SIG Leader - Cape	Hein Mulder
Contact details	he...@sd.co.za / 0824683202
Next meeting details	Every Tuesday - Starts 6pm
Venue provider	Progressive room at BP Head Office in the V&A Waterfront, Cape Town

SIG Leader - Gauteng	Karel Rode
Contact details	Karel...@ca.com / 011 236 9111
Next meeting details	TBC
Venue provider	CA offices in Sunninghill, Gauteng
If you would like to start a SIG in your area please send me through the relevant details

6. Upcoming Events
Date	Details
1-2^nd August	Blackhat USA 2007 Type – 10 different tracks over 2 days comprising over 90 infosec specialists Location – Caesars Palace, Las Vegas, USA Costs – $1195 if you register by May 31 ($100 discount to ISG members) Contact - http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
13 September (8:00 to 17:00)	BMI-T SA IT Security Forum 2007 Type –Provides attendees with reliable content and expert advice on how to use modern information technologies to secure and protect the enterprise. Location – Gallagher Estate, Midrand, South Africa Costs – Free to selected end users Contact - +27 82 466 2317/ an...@bmi-t.co.za (http://www.bmi-t.co.za )
25 October (8:00 to 17:00)	BMI-T IT Infrastructure Forum 2007 Type –The cornerstone of success for any enterprise — today and in the future — is its IT infrastructure. IT professionals are increasingly required to think of the long-term implications of their IT decisions to ensure that all the pieces work together effectively. Location – Gallagher Estate, Midrand, South Africa Costs – Free to selected end users Contact - +27 82 466 2317/ an...@bmi-t.co.za (http://www.bmi-t.co.za )
5-7^th November (NEW)	CSI USA 2007 Type – Get illuminated at the most comprehensive conference in the industry. 17 topic themes, covering everything from awareness to risk to wireless. Make connections with other attendees at networking receptions, roundtables and evening activities. Location – Washington, D.C. at the Hyatt Regency Crystal City Costs – ($100 discount to ISG Africa members) Contact - *Note* We have been approached by CSI to send an African delegation through. Contact me if you plan to attend this year for more info (http://www.csiannual.com/ )
9-11^th December	ISF 18th ANNUAL WORLD CONGRESS (Exclusive to ISF Members) Type - The ISF's Annual World Congress is continually rated 'the best information security conference in the world' by its delegates. It offers ISF Members an opportunity to come together for three days in an exclusive and confidential environment to discuss and debate the key issues facing information security professionals - and get practical advice they can take back and use Location – Cape Town, South Africa Costs – TBC excl (3 days) Contact - http://www.securityforum.org

Contact Person Craig Rosewarne | Telephone +27 83 231 4707 | Web http://www.isgafrica.org/ | Email cr...@isgafrica.org

Information Security Group of Africa
Name:	Craig Rosewarne
Email:	cr...@isgafrica.org
Mobile:	+27 83 231 4707
Fax:	086 688 5796
Website:	ISG Africa
Forum:	Security Related Discussion Group
Mail list	Click here to Unsubscribe

ISG Africa’s e-mail business continuity, compliancy, security and warehousing is powered by Mimecast

Reply all

Reply to author

Forward

0 new messages