Free ticket to Black Hat Las Vegas / CISSP study groups / ISG Chapter meeting details

4 views

Skip to first unread message

Information Security Group of Africa

unread,

Jun 12, 2007, 7:24:57 PM6/12/07

to Information Security Group of Africa

This e-mail is subject to a disclaimer, available by clicking here

Risk Management

Governance

Compliance

Business Continuity

Information Security

Awareness

+++ ISG Africa news +++

1. BSI ISO 27001 Lead Auditor training now available in Johannesbburg

The British Standards ISO 27001 Lead Auditor training is aimed at those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001:2005 requirements. Existing security auditors who wish to expand their auditing skills, as well as consultants who wish to provide advice on ISO 27001:2005 systems certification will benefit from this course

++Why is this exciting you may ask?++

Because if you look at Japan, who has some of the strictest Privacy laws in the world & is leading the pack with 2199 ISMS certified organisations - have a look at how many have been certified by BSI compared to other certification bodies…now do you understand why it is important to obtain this qualification? (http://www.isms.jipdec.jp/en/list/org2.html )

2. Free Black Hat ticket worth $1600 for the Las Vegas conference in August 2007

I have been offered a free ticket to attend by the event sponsors but unfortunately will not be able to make it. Who would like to represent ISG Africa on my behalf?

Drop me an email if you are serious about going! (Bearing in mind you still need to purchase a plane ticket + accomodation + hopefully get your USA visa sorted in time…despite the strike!)

The lineup really looks great:

(http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html )

3. CISSP study group in Gauteng

It is that time of the year again and I have a number of people that have asked if I will host a CISSP study group again for the exams that may be available later this year. Well with only a few days left for the Pretoria exam and close on a month for the one in Cape Town, I guess it is time to see what the real interest is like.

With that in mind please email me at cissp (at) telkomsa.net with subject - CISSP Study. I plan to convene the first study group on Wednesday 20/06/2007 from 17h30 at the CA offices (6 Kikuyu Rd, Sunninghill). The plan will be to provide you all with an overview, allocate chapters and agree on a meeting schedule. Ok and if we can secure a meeting venue say in Midrand or more central to the benefit of collective, then so be it.

Lastly, I cannot do this on my own, so I ask all CURRENT CISSP's to send me their notes of interest as I will be drawing on the many other domain experts to present the various chapters.

Karel

4. Next ISG Africa chapter meetings

Next Gauteng Meeting

We are not having a June Gauteng meeting but I have confirmed venue sponsors for both July & August. I will send the meeting details through soon as the speakers are finalised…

Next Durban Meeting
TOPIC:	Ethical Hacking - Starting and Recon
Date:	Thursday 14 June 2007
Time:	18:00 – 20:00 (17:30 registration)
Venue sponsors:	CTI Building – 1^st floor 36 Essex Terrace Westville, Durban
RSVP:	Erich Samuel - er...@adeptus-mechanicus.com / 083 788 9277

Plus see below for the latest training & events

Regards

Craig Rosewarne

Founder & Chairman
Information Security Group of Africa
(A Section 21 company 2006/001533/08)

3. Training Courses
BSI-ISO/IEC 27001:2005 - Information Security Management System Lead Auditor Course (5 days) (NEW) IRCA registered	BSI’s “ISO/IEC 27001:2005 – Information Security Management System Lead Auditor” teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001:2005. This five-day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO/IEC 27001:2005 registration process. The auditing exercises and lectures are based on ISO 19011:2002, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO/IEC 27001:2005, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	30 July - 3 August / 17-21 September (Johannesburg)
COSO Enterprise Risk management training (2 days)	The COSO Enterprise Risk Management – Integrated Framework is designed to provide best practice guidance for management of businesses and other entities to improve the way they are dealing with these challenges. COSO – ERM integrates various risk management concepts into a framework in which a common definition is established, components are identified, and key concepts described.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	24-25 July / 20-21 September (Johannesburg)
SAP R/3 CONCEPTS & AUDITING RISKS (3 days)	This training is for auditors who have no previous experience with SAP“ R/3“. You will cover the major risk areas for SAP 4.6 and beyond. You will explore the organisational and audit department challenges inherent in managing SAP“ R/3“ during implementation, delivery and production processing, focusing on the skills required to perform project and audit tasks.
Training Provider	www.mistieurope.com
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	20 – 22^nd August (Johannesburg)
AUDITING & SECURING SAP’S ENTERPRISE SERVICES ARCHITECTURE (2 days)	This two-day seminar is for auditors and security professionals who have to audit the risks associated with the new ESA of SAP“ R/3“. You will cover the major risk areas for the latest SAP release, including Sarbanes-Oxley compliance controls related to the protection of organisational financial data accessible via the open architecture tool set. You will review each architectural component, including mySAP.com, ECC, WebAS, NetWeaver, Master Data Manager, Enterprise Portal and Exchange and Mobile Infrastructure in terms of risks, system defaults, segregation of duties, and other key controls necessary to ensure the integrity and confidentiality of data are properly established.
Training Provider	www.mistieurope.com
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	23 – 24^th August (Johannesburg)
Governance, Risk management & Compliance workshop (2 days)	This comprehensive 2 day workshop analyses over 30 different public and commercially-oriented standards, frameworks and methodologies in the Governance, Risk Management, Compliance and Information Security arenas. It furthermore investigates the legislative compliance imperatives applicable to companies trading in South Africa. Each delegate will receive a complete cd packed with useful information related to the workshop!
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	6-7 August / 11-12 October (Johannesburg)
CobiT Implementation (2 days)	This comprehensive 2 day Course is designed for IT management and professionals, Internal and IT Auditors and Management that deal with the complexities of IT control functions on a daily basis.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	28 – 29 June / 26 – 27 July / 30-31 August (Johannesburg)
Information Security (2 days)	ISO/IEC 17799 - Code of practice for Information Security Management ISO/IEC 27001 - A Specification for an Information Security Management System (ISMS)
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	26 – 27 June / 28-29 August (Johannesburg)
Business Continuity (2 days)	The British Standards Institute (BSI) has published a new Standard (BS 25999) that clearly defines the process, principles and terminology of Business Continuity Management (BCM) and Business Continuity Plan (BCP) Development. BS 25999 replaces PAS 56, which has been withdrawn.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	21 – 22 June / 16-17 August (Johannesburg) 30-31 August (Cape Town)

4. Special Interest Groups (SIGs)

1. Business Continuity	SIG is focused on best practices around business continuity and disaster recovery
SIG Leader	Azaad Sathar
Contact details	azaad....@firstrandbank.co.za / 011 371 7021
Next meeting details	TBC
Venue provider	Analytix, Illovo, Gauteng (Ask for Craig Rosewarne upon arrival)
2. Digital Forensics	SIG focused on digital forensics
SIG Leader	Karel Rode
Contact details	Karel...@ca.com / 011 236 9111
Next meeting details	TBC
Venue provider	CA offices in Sunninghill, Gauteng
3. Risk	SIG focused on Risk management, Governance & Standards
SIG Leader	Joss Bernstein
Contact details	yose...@telkomsa.net / 082 882 8024
Next meeting details	18^th June – 5pm to 7pm ISO 27001 – use the first three monthly SIG meetings to read through and explain the application of ISO 27001, with practical examples
Venue provider	McAfee, Didata Campus (ask for Gary Boniface)
4. IDM	SIG focused on Identity Management
SIG Leader	Leon Fouche
Contact details	leon.f...@kpmg.co.za / 011 647 5232
Next meeting details	TBC
Venue provider	KPMG, Empire Road, Gauteng
5. CERT	SIG is focused on the establishment of an independent incident response centre for Africa.
SIG Leader	Allen Baranov
Contact details	all...@Angloplat.com / 011 373 6868
Next meeting details	TBC
Venue provider	TBC
6. Legal	SIG focused to shaping cyber law in our legal system
SIG Leader	Adv. Johann Hershensohn
Contact details	joh...@hershensohn.com / 082 600 1175
Next meeting details	Tuesday 19^th June – 5:30 to 7pm
Venue provider	Lawtrust, Centurion
7. OS security	SIG focused on using open source tools such as Nessus & Snort (as a start!)
SIG Leader	Jacques van Heerden
Contact details	jvanh...@gtsp.co.za / 083 680 0990
Next meeting details	TBC - Starts 4pm to 6pm
Venue provider	Centurion venue at GTSP offices
8. CISSP Study group	SIG focused on assisting those who wish to attain their CISSP certification
SIG Leader - Cape	Hein Mulder
Contact details	he...@sd.co.za / 0824683202
Next meeting details	Every Tuesday - Starts 6pm
Venue provider	Progressive room at BP Head Office in the V&A Waterfront, Cape Town

SIG Leader Gauteng (NEW)	Karel Rode
Contact details	Karel...@ca.com / 011 236 9111
Next meeting details	Wednesday 20^th June
Venue provider	CA offices in Sunninghill, Gauteng
If you would like to start a SIG in your area please send me through the relevant details

5. Upcoming Events
Date	Details
1-2^nd August	Blackhat USA 2007 Type – 10 different tracks over 2 days comprising over 90 infosec specialists Location – Caesars Palace, Las Vegas, USA Costs – $1600 ($100 discount to ISG members) *Note* - We have been approached by Blackhat to send an African delegation through. Contact me if you plan to attend this year for more info (Craig) Contact - http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
13 September (8:00 to 17:00)	BMI-T SA IT Security Forum 2007 Type –Provides attendees with reliable content and expert advice on how to use modern information technologies to secure and protect the enterprise. Location – Gallagher Estate, Midrand, South Africa Costs – Free to selected end users Contact - +27 82 466 2317/ an...@bmi-t.co.za (http://www.bmi-t.co.za )
25 October (8:00 to 17:00)	BMI-T IT Infrastructure Forum 2007 Type –The cornerstone of success for any enterprise — today and in the future — is its IT infrastructure. IT professionals are increasingly required to think of the long-term implications of their IT decisions to ensure that all the pieces work together effectively. Location – Gallagher Estate, Midrand, South Africa Costs – Free to selected end users Contact - +27 82 466 2317/ an...@bmi-t.co.za (http://www.bmi-t.co.za )
9-11^th December	ISF 18th ANNUAL WORLD CONGRESS (Exclusive to ISF Members) Type - The ISF's Annual World Congress is continually rated 'the best information security conference in the world' by its delegates. It offers ISF Members an opportunity to come together for three days in an exclusive and confidential environment to discuss and debate the key issues facing information security professionals - and get practical advice they can take back and use Location – Cape Town, South Africa Costs – TBC excl (3 days) Contact - http://www.securityforum.org

Contact Person Craig Rosewarne | Telephone +27 83 231 4707 | Web http://www.isgafrica.org/ | Email cr...@isgafrica.org

Information Security Group of Africa
Name:	Craig Rosewarne
Email:	cr...@isgafrica.org
Mobile:	+27 83 231 4707
Fax:	086 688 5796
Website:	ISG Africa
Forum:	Security Related Discussion Group
Mail list	Click Here to Subscribe

ISG Africa’s e-mail business continuity, compliancy, security and warehousing is powered by Mimecast

Reply all

Reply to author

Forward

0 new messages