CSI conference in Washington / ISG Gauteng, Durban & Cape Town meeting details / New threats unveiled at Black Hat

2 views

Skip to first unread message

Information Security Group of Africa

unread,

Aug 12, 2007, 7:30:14 AM8/12/07

to Information Security Group of Africa

This e-mail is subject to a disclaimer, available by clicking here

Risk Management

Governance

Compliance

Business Continuity

Information Security

Awareness

--+ ISG Africa News +--

========================================================

In the last newsletter we looked at the insider threat from employees & contractors. This week using some findings from the recent Vegas Black Hat conference, we will focus on some new “outsider” threats!

In the past, these gatherings have been sort of a Wild West of hacking, with researchers unveiling previously unknown security holes in widely used software and hardware. That's largely missing this time around. After chatting this year with a number of speakers and attendees, something of a theme emerged: Namely, that the mainstream security research community appears to be maturing, perhaps borne out of a complex interplay of corporate acquisitions and a general realization that publishing unpatched software exploits has real and quantifiable social and economic costs.

Ensure you keep yourself updated by attending our free monthly user group meetings, joining one of our Special Interest Groups (SIGs) & budgeting for relevant training / events…see below for all the details.

Regards

Craig Rosewarne

Founder & Chairman
Information Security Group of Africa
(A Section 21 company 2006/001533/08)

========================================================

1. Security Awareness Update

(Thanks to folk in the industry for the updates!)

Hackers click locks open
Hackers gathered in Las Vegas on Saturday showed ways to crack electronic key-card systems and deadbolt locks used at security-sensitive places including the White House and the Pentagon. "If you can't physically protect your computer, you are screwed," said Zac Franken, a hacker who engineered a way to outwit door locks relying on key cards.

http://www.physorg.com/news105532486.html

New Tool Automates Webmail Account Hijacks

Logging into your MySpace, Facebook, Yahoo!, Gmail or Hotmail account over a wireless connection just got a lot more dicey, as researchers here at the Black Hat hacker conference today demonstrated a new set of tools that help automate the hijacking of those accounts.

http://blog.washingtonpost.com/securityfix/2007/08/new_tool_automates_webmail_acc.html

Russian hackers steal over $500,000 from Turkish banks

Two un-named hackers from the Russian city of Togliatti on the Volga River stole over $500,000 over a period of two years from bank accounts in Turkey, Interior Ministry investigators said Monday. The two men purchased a dedicated server with remote access to a desktop hosted in a U.S. data center, and a special application capable of infecting banking computers in Turkey with a Trojan virus to obtain information on bank accounts, investigators said. One of the hackers has been arrested, and the other is on a federal wanted list.

http://en.rian.ru/world/20070730/69939519.html

2. ISG Africa involvement in CSI conference in Washington

We have once again been approached to send an African delegation through to the upcoming CSI conference scheduled to take place in Washington DC from 5-7 November 2007. This conference focuses on the business of infosecurity and attracts a very high level audience including C-level delegates from the enterprise, carriers and the public sector. They project a global audience of around 1500 federal and military infosec professionals, as well as key systems integrators.

If you plan to attend please contact me to discuss discounts etc that we have been offered. See www.csiannual.com for more details.

3. Next ISG Africa chapter meetings

3.1 Next Gauteng Meeting
Date:	Thursday 23 August 2007
Time:	9:30 (8:45 registration)
Venue sponsors:	Gijima AST Samrand Head Office 47 Landmarks Avenue Samrand (Contact sakkie....@gijima.com for directions)
RSVP:	Craig Rosewarne – cr...@isgafrica.org / +27 83 231 4707

Meeting Agenda
09:00	Registration opens / Welcome coffee
10:00	ISG Africa news update Craig Rosewarne
10:10	Software as a service (with a security slant) Dan vd Westhuizen, GijimaAST (Venue sponsors)
10:40	Information Security awareness & culture assessments Adele da Veiga, KPMG
11:10	Meeting ends followed by a few drinks & snacks with friends in the industry!

3.2 Next Durban Meeting
TOPIC:	Ethical Hacking – Hiding & Reporting
Date:	Thursday 16 August 2007
Time:	18:00 – 20:00 (17:30 registration)
Venue sponsors:	CTI Building – 1^st floor 36 Essex Terrace Westville, Durban
RSVP:	Erich Samuel - er...@adeptus-mechanicus.com / +27 83 788 9277

3.3 Next Cape Town Meeting
Date:	Wednesday 29 August 2007
Time:	10:00 – 12:00 (09:30 registration)
Venue sponsors:	Dimension Data Gleneagles Building Riverpark Mowbray - St.Andrews Room Directions - http://www.dimensiondata.com/NR/rdonlyres/D10981E4-714A-4542-A890-96263779EA5B/1203/MapToTheCapeTownOffice1.jpg
RSVP:	Anna Brauniger - Anna.Br...@za.didata.com / +27 82 770 3805

Meeting Agenda
00:30	Registration opens / Welcome coffee
10:15 – 11:00	CISO's challenges - specific focus on implementing an effective security awareness campaign Ebrahim Parker, Deloitte
11:15 – 12:00	An Introduction to the Data Protection Act Louis Stanford, Old Mutual
12:00	Meeting ends

4. Training Courses
Live Web-based Holistic Information Security Practitioner (HISP)(NEW)	This is the only integration class that provides practical education on the integration of best practices for Information Security Management, Information Systems Auditing and how to map COBIT, COSO and ITIL as well as multiple regulatory requirements to the internationally accepted best practices framework of ISO/IEC 17799:2005.
Training Provider	http://www.efortresses.com/refdocs/HISP-Live-Web-Based-Class-02.pdf
Contact details	ho...@eFortresses.ie
Dates	19 September – 21 November 3 evening hours per week for 10 consecutive weeks (every Wednesday)
I S A - Information Security Architecture (3 days) (NEW)	The primary objective of this course is to familiarize delegates with Information Security Architectures and how the Information Security Framework fit into the modern organisation. The course also covers a vast number of implementation strategies and includes policy example documentation. Delegates will also be exposed to the roles and responsibilities of the Security Team and incident response procedures. (R 4 370-00 excl VAT)
Training Provider	www.calkis.co.za
Contact details	in...@calkis.co.za / +27 86 111 222 1
Dates	26-28 September (Cape Town) 19-21 November (Centurion - Pretoria)
F I S T - Fundamental Information Security Training (3 days) (NEW)	The Fundamental Information Security Training course's primary objective is to familiarize delegates with Information Security, methodologies, mechanisms and processes integrated with the Information Security Life Cycle. The course is based on a phased approach which includes the Preliminary, Protection, Detection, Reaction and Reflection phases. This will ensure that the delegate will understand that Information is a business asset, security is a business process and Information Security a business requirement. (R 3 850-00 excl VAT)
Training Provider	www.calkis.co.za
Contact details	in...@calkis.co.za / +27 86 111 222 1
Dates	12-14 September (Centurion - Pretoria) 07-09 November (Cape Town)
The Human Factor - Workshop (3 days) (NEW)	The primary objective of this workshop is to help delegates understand common human behavior and the best practices to help change attitudes. The workshop doesn't only explore proven user awareness methodologies and best practices, but also help equip delegates with an awareness strategy tailor-made for their environment and helps them to think "outside-the-box". Delegates are exposed to personality variables and how to develop an effective awareness strategy for the appropriate target group. (R 3 999-00 excl VAT)
Training Provider	www.calkis.co.za
Contact details	in...@calkis.co.za / +27 86 111 222 1
Dates	17-19 October (Centurion - Pretoria)
Network Fundamentals (2 days) (NEW)	The primary objective of this condensed network fundamentals course is to equip delegates that have very little or outdated network knowledge with basic network skills enabling them to understand and grasp the network related concepts needed when attending the official CompTIA Security+ course. This is a basic course and not a formal network course. (R 1 790-00 excl VAT)
Training Provider	www.calkis.co.za
Contact details	in...@calkis.co.za / +27 86 111 222 1
Dates	16-17 August (Centurion - Pretoria)
BSI-ISO/IEC 27001:2005 - Information Security Management System Lead Auditor Course (5 days) IRCA registered	BSI’s “ISO/IEC 27001:2005 – Information Security Management System Lead Auditor” teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001:2005. This five-day intensive course trains students on how to conduct audits for certification bodies and facilitate the ISO/IEC 27001:2005 registration process. The auditing exercises and lectures are based on ISO 19011:2002, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course is designed specifically for those people who wish to conduct external assessments or internal audits to ISO/IEC 27001:2005, although students will also gain the knowledge and understanding necessary to give practical help and information to other individuals and organizations working toward conformance to the standard.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	17-21 September (Johannesburg)
COSO Enterprise Risk management training (2 days)	The COSO Enterprise Risk Management – Integrated Framework is designed to provide best practice guidance for management of businesses and other entities to improve the way they are dealing with these challenges. COSO – ERM integrates various risk management concepts into a framework in which a common definition is established, components are identified, and key concepts described.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	20-21 September (Johannesburg)
SAP R/3 CONCEPTS & AUDITING RISKS (3 days)	This training is for auditors who have no previous experience with SAP“ R/3“. You will cover the major risk areas for SAP 4.6 and beyond. You will explore the organisational and audit department challenges inherent in managing SAP“ R/3“ during implementation, delivery and production processing, focusing on the skills required to perform project and audit tasks.
Training Provider	www.mistieurope.com
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	20 – 22^nd August (Johannesburg)
AUDITING & SECURING SAP’S ENTERPRISE SERVICES ARCHITECTURE (2 days)	This two-day seminar is for auditors and security professionals who have to audit the risks associated with the new ESA of SAP“ R/3“. You will cover the major risk areas for the latest SAP release, including Sarbanes-Oxley compliance controls related to the protection of organisational financial data accessible via the open architecture tool set. You will review each architectural component, including mySAP.com, ECC, WebAS, NetWeaver, Master Data Manager, Enterprise Portal and Exchange and Mobile Infrastructure in terms of risks, system defaults, segregation of duties, and other key controls necessary to ensure the integrity and confidentiality of data are properly established.
Training Provider	www.mistieurope.com
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	23 – 24^th August (Johannesburg)
Governance, Risk management & Compliance workshop (2 days)	This comprehensive 2 day workshop analyses over 30 different public and commercially-oriented standards, frameworks and methodologies in the Governance, Risk Management, Compliance and Information Security arenas. It furthermore investigates the legislative compliance imperatives applicable to companies trading in South Africa. Each delegate will receive a complete cd packed with useful information related to the workshop!
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	11-12 October (Johannesburg)
CobiT Implementation (2 days)	This comprehensive 2 day Course is designed for IT management and professionals, Internal and IT Auditors and Management that deal with the complexities of IT control functions on a daily basis.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	30-31 August (Johannesburg)
Information Security (2 days)	ISO/IEC 17799 - Code of practice for Information Security Management ISO/IEC 27001 - A Specification for an Information Security Management System (ISMS)
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	28-29 August (Johannesburg)
Business Continuity (2 days)	The British Standards Institute (BSI) has published a new Standard (BS 25999) that clearly defines the process, principles and terminology of Business Continuity Management (BCM) and Business Continuity Plan (BCP) Development. BS 25999 replaces PAS 56, which has been withdrawn.
Training Provider	www.analytix.co.za
Contact details	charlene...@analytix.co.za / +27 11 215-2480
Dates	16-17 August (Johannesburg) 30-31 August (Cape Town)
	If you have training relevant to the group please send me through the details

5. Special Interest Groups (SIGs)

1. Business Continuity	SIG is focused on best practices around business continuity and disaster recovery
SIG Leader	Azaad Sathar
Contact details	azaad....@firstrandbank.co.za / 011 371 7021
Next meeting details	Tuesday 28^th August – 4pm to 6pm
Venue provider	Ernst & Young (Ask for Dheshnee Ramadu upon arrival)
2. Digital Forensics	SIG focused on digital forensics
SIG Leader	Karel Rode
Contact details	Karel...@ca.com / 011 236 9111
Next meeting details	Tuesday 14^th August – 5pm (start 5:30pm) to 7pm
Venue provider	CA offices in Sunninghill, Gauteng
3. Risk	SIG focused on Risk management, Governance & Standards
SIG Leader	Joss Bernstein
Contact details	yose...@telkomsa.net / 082 882 8024
Next meeting details	28^th August – 5pm to 7pm Motivating the Benefits of ISO 27001 Certification
Venue provider	Deloitte Building 6, 2nd floor in the “ERS Pub”. (ask for Charl le Roux)
4. IDM	SIG focused on Identity Management
SIG Leader	Leon Fouche
Contact details	leon.f...@kpmg.co.za / 011 647 5232
Next meeting details	TBC
Venue provider	KPMG, Empire Road, Gauteng
5. CERT	SIG is focused on the establishment of an independent incident response centre for Africa.
SIG Leader	Allen Baranov
Contact details	all...@Angloplat.com / 011 373 6868
Next meeting details	TBC
Venue provider	TBC
6. Legal	SIG focused to shaping cyber law in our legal system
SIG Leader	Adv. Johann Hershensohn
Contact details	joh...@hershensohn.com / 082 600 1175
Next meeting details	Tuesday 14th August – 5:30 to 7pm Discussion around IP & the Law & Data base theft
Venue provider	Lawtrust, Centurion
7. OS security	SIG focused on using open source tools such as Nessus & Snort (as a start!)
SIG Leader	Jacques van Heerden
Contact details	jvanh...@gtsp.co.za / 083 680 0990
Next meeting details	TBC - Starts 4pm to 6pm
Venue provider	Centurion venue at GTSP offices
8. CISSP Study group	SIG focused on assisting those who wish to attain their CISSP certification
SIG Leader - Cape	Hein Mulder
Contact details	he...@sd.co.za / 0824683202
Next meeting details	Every Tuesday - Starts 6pm
Venue provider	Progressive room at BP Head Office in the V&A Waterfront, Cape Town

SIG Leader - Gauteng	Karel Rode
Contact details	Karel...@ca.com / 011 236 9111
Next meeting details	TBC
Venue provider	CA offices in Sunninghill, Gauteng
If you would like to start a SIG in your area please send me through the relevant details

6. Upcoming Events
Date	Details
13 September (8:00 to 17:00)	BMI-T SA IT Security Forum 2007 Type –Provides attendees with reliable content and expert advice on how to use modern information technologies to secure and protect the enterprise. Location – Gallagher Estate, Midrand, South Africa Costs – Free to selected end users Contact - +27 82 466 2317/ an...@bmi-t.co.za (http://www.bmi-t.co.za )
25 October (8:00 to 17:00)	BMI-T IT Infrastructure Forum 2007 Type –The cornerstone of success for any enterprise — today and in the future — is its IT infrastructure. IT professionals are increasingly required to think of the long-term implications of their IT decisions to ensure that all the pieces work together effectively. Location – Gallagher Estate, Midrand, South Africa Costs – Free to selected end users Contact - +27 82 466 2317/ an...@bmi-t.co.za (http://www.bmi-t.co.za )
5-7^th November (NEW)	CSI USA 2007 Type – Get illuminated at the most comprehensive conference in the industry. 17 topic themes, covering everything from awareness to risk to wireless. Make connections with other attendees at networking receptions, roundtables and evening activities. Location – Washington, D.C. at the Hyatt Regency Crystal City Costs – ($100 discount to ISG Africa members) Contact - *Note* We have been approached by CSI to send an African delegation through. Contact me if you plan to attend this year for more info (http://www.csiannual.com/ )
9-11^th December	ISF 18th ANNUAL WORLD CONGRESS (Exclusive to ISF Members) Type - The ISF's Annual World Congress is continually rated 'the best information security conference in the world' by its delegates. It offers ISF Members an opportunity to come together for three days in an exclusive and confidential environment to discuss and debate the key issues facing information security professionals - and get practical advice they can take back and use Location – Cape Town, South Africa Costs – TBC excl (3 days) Contact - http://www.securityforum.org

Contact Person Craig Rosewarne | Telephone +27 83 231 4707 | Web http://www.isgafrica.org/ | Email cr...@isgafrica.org

Information Security Group of Africa
Name:	Craig Rosewarne
Email:	cr...@isgafrica.org
Mobile:	+27 83 231 4707
Fax:	086 688 5796
Website:	ISG Africa
Forum:	Security Related Discussion Group
Mail list	Click here to Unsubscribe

ISG Africa’s e-mail business continuity, compliancy, security and warehousing is powered by Mimecast

Reply all

Reply to author

Forward

0 new messages