Updated security awareness info / Gauteng meeting details / New local infosec cartoon

[Information Security Group of Africa]

---

This e-mail is subject to a disclaimer, available by clicking here

---

	Risk Management Governance Compliance Business Continuity Information Security Awareness
	+++ ISG Africa News +++ ===================================================== 1.   Security Awareness Update (Thanks to all the folk in the industry who send me these updates!)   Phony greeting card websites – Be sure to ensure your users are aware of the dangers of using these types of sites! A message is received supposedly from a greeting card website (Eg. Blue Mountain) telling the user to log into their website to pick up a greeting card. The website address varies from mail to mail with different ip addresses being used. Malicious card may then be run on the user’s machine when the link is clicked!   Digital Forensics - Are you working as a cyber crime investigator and looking for something which can prove in court of law that there was some pornographic content on the suspect’s machine? http://www.niiconsulting.com/checkmate/2007/06/importance-of-thumbsdb-in-digital-forensic-world   iPhones and security? http://www.networkworld.com/news/2007/061907-apple-iphone-gartner.html http://www.nist.org/news.php?extend.241 http://mycsosolutions.net/2007/06/27/iphone-and-security-vulnerabilities/   2.   ISG Africa Awareness Cartoon   My first attempt at creating an awareness cartoon. Feel free to use it as part of your awareness initiatives or to send me any concepts / ideas around future themes for cartoons.       3.   Next ISG Africa chapter meetings   Next Gauteng Meeting NOTE: Please take note of the earlier meeting time for this month! Date: Thursday 26 July 2007 Time: 09:00 (08:15 registration) Venue sponsors: Continuity SA Unit 4 Growthpoint Park Midrand (Please email marelda...@continuitysa.co.za for a map to the venue) RSVP: Craig Rosewarne – cr...@isgafrica.org  / +27 832314707     Meeting Agenda   08:15 Registration opens / Welcome coffee 09:00 ISG Africa news update Craig Rosewarne 09:10 Protection of private information, Identity theft and “Dumpster diving” Duncan Waugh, Loss Adjuster / Forensic Investigator 09:40 When disaster strikes Anthony Askew, ContinuitySA (Venue sponsors) (An optional site tour of ContinuitySA’s facilities has been arranged for after the break) 10:10 Meeting ends followed by a few drinks & snacks with friends in the industry!   The venue can only accommodate a max of 100 people so please ensure you RSVP timeously.   ====================================================  Plus see below for the latest training & events Regards Craig Rosewarne Founder & Chairman Information Security Group of Africa (A Section 21 company 2006/001533/08)   3. Training Courses HBN – Extended (5 days) (*NEW*)   ‘Extended’ is our ‘introduction to hacking’ course. It is strongly method based and emphasizes structure, approach and thinking over tools and tricks. The course is popular with beginners, who gain their first view into the world of hacking, and experts, who appreciate the sound, structured approach. The course has evolved significantly since 2001 and now offers new content, a new structure, new tools and new techniques.This course is in essence a five-day version of HBN – Bootcamp Edition and has been extremely successful ever since its inception in 2001. It was also the first course of this kind to be offered in South Africa and remains a firm favorite with clients. Training Provider www.sensepost.com Contact details sh...@sensepost.com  / +27 12 460 0880 Dates 9-13 July (Pretoria) HBN – Combat edition (2 days) (*NEW*)   This course is the most technical of the Hacking by Numbers series. >From the first hour, to the final minutes students are placed in different attacker scenarios as they race the clock to "capture the flag". In the SensePost tradition, the solutions lie much more in technique and an out-of-box thought process than in the use of "skriptz" or "toolz". Each exercise is designed to teach a specific lesson and will be discussed in detail after they are completed. In this way you learn from your instructors, your colleagues and your own successes and failures Training Provider www.sensepost.com Contact details sh...@sensepost.com  / +27 12 460 0880 Dates 19-20 July (Pretoria) BSI-ISO/IEC 27001:2005 - Information Security Management System Lead Auditor Course (5 days)   IRCA registered BSI’s “ISO/IEC 27001:2005 – Information Security Management System Lead Auditor” teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001:2005.  This five-day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO/IEC 27001:2005 registration process.  The auditing exercises and lectures are based on ISO 19011:2002, “Guidelines for Quality and/or Environmental Management Systems Auditing.”  The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO/IEC 27001:2005, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard. Training Provider www.analytix.co.za Contact details charlene...@analytix.co.za / +27 11 215-2480 Dates 30 July - 3 August / 17-21 September (Johannesburg) COSO Enterprise Risk management training (2 days)   The COSO Enterprise Risk Management – Integrated Framework is designed to provide best practice guidance for management of businesses and other entities to improve the way they are dealing with these challenges. COSO – ERM integrates various risk management concepts into a framework in which a common definition is established, components are identified, and key concepts described.   Training Provider www.analytix.co.za Contact details charlene...@analytix.co.za / +27 11 215-2480 Dates 24-25 July / 20-21 September (Johannesburg) SAP R/3 CONCEPTS & AUDITING RISKS  (3 days)     This training is for auditors who have no previous experience with SAP“ R/3“. You will cover the major risk areas for SAP 4.6 and beyond. You will explore the organisational and audit department challenges inherent in managing SAP“ R/3“ during implementation, delivery and production processing, focusing on the skills required to perform project and audit tasks. Training Provider www.mistieurope.com   Contact details charlene...@analytix.co.za / +27 11 215-2480 Dates 20 – 22nd August (Johannesburg) AUDITING & SECURING SAP’S ENTERPRISE SERVICES ARCHITECTURE  (2 days) This two-day seminar is for auditors and security professionals who have to audit the risks associated with the new ESA of SAP“ R/3“. You will cover the major risk areas for the latest SAP release, including Sarbanes-Oxley compliance controls related to the protection of organisational financial data accessible via the open architecture tool set. You will review each architectural component, including mySAP.com, ECC, WebAS, NetWeaver, Master Data Manager, Enterprise Portal and Exchange and Mobile Infrastructure in terms of risks, system defaults, segregation of duties, and other key controls necessary to ensure the integrity and confidentiality of data are properly established. Training Provider www.mistieurope.com   Contact details charlene...@analytix.co.za / +27 11 215-2480 Dates 23 – 24th August (Johannesburg) Governance, Risk management & Compliance workshop (2 days)   This comprehensive 2 day workshop analyses over 30 different public and commercially-oriented standards, frameworks and methodologies in the Governance, Risk Management, Compliance and Information Security arenas. It furthermore investigates the legislative compliance imperatives applicable to companies trading in South Africa. Each delegate will receive a complete cd packed with useful information related to the workshop! Training Provider www.analytix.co.za Contact details charlene...@analytix.co.za / +27 11 215-2480 Dates 6-7 August / 11-12 October (Johannesburg) CobiT Implementation (2 days)   This comprehensive 2 day Course is designed for IT management and professionals, Internal and IT Auditors and Management that deal with the complexities of IT control functions on a daily basis.  Training Provider www.analytix.co.za Contact details charlene...@analytix.co.za / +27 11 215-2480 Dates 26 – 27 July / 30-31 August (Johannesburg)   Information Security (2 days)   ISO/IEC 17799 - Code of practice for Information Security Management ISO/IEC 27001 - A Specification for an Information Security Management System (ISMS) Training Provider www.analytix.co.za Contact details charlene...@analytix.co.za / +27 11 215-2480 Dates 28-29 August (Johannesburg) Business Continuity (2 days)   The British Standards Institute (BSI) has published a new Standard (BS 25999) that clearly defines the process, principles and terminology of Business Continuity Management (BCM) and Business Continuity Plan (BCP) Development. BS 25999 replaces PAS 56, which has been withdrawn. Training Provider www.analytix.co.za Contact details charlene...@analytix.co.za / +27 11 215-2480 Dates 16-17 August (Johannesburg) 30-31 August (Cape Town)   If you have training relevant to the group please send me through the details   4. Special Interest Groups (SIGs)   1. Business Continuity   SIG is focused on best practices around business continuity and disaster recovery SIG Leader Azaad Sathar   Contact details azaad....@firstrandbank.co.za / 011 371 7021   Next meeting details Tuesday 28th July – 4pm to 6pm Venue provider Ernst & Young (Ask for Dheshnee Ramadu upon arrival) 2. Digital Forensics   SIG focused on digital forensics SIG Leader Karel Rode   Contact details Karel...@ca.com / 011 236 9111   Next meeting details TBC Venue provider CA offices in Sunninghill, Gauteng   3. Risk   SIG focused on Risk management, Governance & Standards SIG Leader Joss Bernstein   Contact details yose...@telkomsa.net / 082 882 8024 Next meeting details 5th July – 5pm to 7pm ISO 27001 – use the first three monthly SIG meetings to read through and explain the application of ISO 27001, with practical examples Venue provider McAfee, Didata Campus, Wrigley Field Building (ask for Gary Boniface) 4. IDM   SIG focused on Identity Management SIG Leader Leon Fouche   Contact details leon.f...@kpmg.co.za / 011 647 5232 Next meeting details TBC Venue provider KPMG, Empire Road, Gauteng   5. CERT   SIG is focused on the establishment of an independent incident response centre for Africa. SIG Leader Allen Baranov   Contact details all...@Angloplat.com / 011 373 6868   Next meeting details TBC   Venue provider TBC   6. Legal   SIG focused to shaping cyber law in our legal system SIG Leader Adv. Johann Hershensohn   Contact details joh...@hershensohn.com   / 082 600 1175 Next meeting details Tuesday 17th July – 5:30 to 7pm Discussion around the South African Accreditation Authority, who has invited Authentication and Certification Service Providers to apply for accreditation of their products and services Venue provider Lawtrust, Centurion   7. OS security   SIG focused on using open source tools such as Nessus & Snort (as a start!) SIG Leader Jacques van Heerden   Contact details jvanh...@gtsp.co.za   / 083 680 0990 Next meeting details TBC - Starts 4pm to 6pm   Venue provider Centurion venue at GTSP offices   8. CISSP Study group   SIG focused on assisting those who wish to attain their CISSP certification SIG Leader - Cape Hein Mulder   Contact details he...@sd.co.za   / 0824683202 Next meeting details Every Tuesday - Starts 6pm   Venue provider Progressive room at BP Head Office in the V&A Waterfront, Cape Town     SIG Leader Gauteng (NEW) Karel Rode   Contact details Karel...@ca.com / 011 236 9111   Next meeting details TBC Venue provider CA offices in Sunninghill, Gauteng   If you would like to start a SIG in your area please send me through the relevant details   5. Upcoming Events Date Details 1-2nd August   Blackhat USA 2007 Type – 10 different tracks over 2 days comprising over 90 infosec specialists Location – Caesars Palace, Las Vegas, USA Costs – $1195 if you register by May 31 ($100 discount to ISG members) *Note* - We have been approached by Blackhat to send an African delegation through. Contact me if you plan to attend this year for more info (Craig) Contact -  http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html 13 September (8:00 to 17:00) BMI-T SA IT Security Forum 2007 Type –Provides attendees with reliable content and expert advice on how to use modern information technologies to secure and protect the enterprise. Location – Gallagher Estate, Midrand, South Africa Costs – Free to selected end users Contact -  +27 82 466 2317/ an...@bmi-t.co.za (http://www.bmi-t.co.za ) 25 October (8:00 to 17:00) BMI-T IT Infrastructure Forum 2007 Type –The cornerstone of success for any enterprise — today and in the future — is its IT infrastructure. IT professionals are increasingly required to think of the long-term implications of their IT decisions to ensure that all the pieces work together effectively. Location – Gallagher Estate, Midrand, South Africa Costs – Free to selected end users Contact -  +27 82 466 2317/ an...@bmi-t.co.za (http://www.bmi-t.co.za )  9-11th December   ISF 18th ANNUAL WORLD CONGRESS (Exclusive to ISF Members) Type - The ISF's Annual World Congress is continually rated 'the best information security conference in the world' by its delegates. It offers ISF Members an opportunity to come together for three days in an exclusive and confidential environment to discuss and debate the key issues facing information security professionals - and get practical advice they can take back and use Location – Cape Town, South Africa Costs – TBC excl (3 days) Contact -  http://www.securityforum.org
	Contact Person Craig Rosewarne | Telephone +27 83 231 4707 | Web http://www.isgafrica.org/ | Email cr...@isgafrica.org

 

	Information Security Group of Africa Name: Craig Rosewarne Email: cr...@isgafrica.org Mobile: +27 83 231 4707 Fax: 086 688 5796 Website: ISG Africa Forum: Security Related Discussion Group Mail list Click here to Unsubscribe

ISG Africa’s e-mail business continuity, compliancy, security and warehousing is powered by Mimecast