Officers & Contacts
President's Message
Academic Relations
Meetings & Events
Newsletters
Membership
Employment
Certification
Links and Resources
The Official Newsletter of the Silicon Valley Chapter Information Systems Audit and Control Association (ISACA) Editor: Lawrence R. Halme I recently came across an article describing how ISSA in the UK has started offering expertise in security and auditing to local registered charities that would otherwise hesitate to seek the help due to consultancy fees. I’m wondering if our website (and/or this newsletter) could be used as a Craigslist type volunteer forum to connect STUBBED TOE RESEARCH with an auditor with spare time to offer assistance, or someone who would be willing to do gratis security scanning for the folks over at SAVE THE BANANA SLUG who run its nonprofit ecommerce website. Do ISACA-SV members have thoughts about pursuing this? Suggestions and ideas can be sent to Isaca-sv-board@westbay.net. Visit the Chapter’s web site at http://www.isaca-sv.org. September ISACA-SV Meeting Summary: Our 9 September meeting consisted of two excellent presentations, dinner, and the always popular door prizes. Gene Kim, the CTO of Tripwire, spoke about how an organization can move towards repeatable, predictable, secure operational processes. Mr. Kim presented the Visible Ops methodology, a freely available process that describes how "best in class" ITO organizations conduct daily processes. You can find out more about Visible Ops at http://www.itpi.org/home/visibleops.php. John Thielens, the CTO of Tumbleweed Communications, spoke about the risks inherent in Internet messaging. Mr. Thielens defined the security issues of Internet Messaging as: • Privacy – Email is a postcard • Authentication – Who really sent it? • Integrity – What happened in transit? • Non-Repudiation – Deliberate deception Mr. Thielens addressed these security issues in his presentation and concluded by stating lessons learned: • Email is complex • Solutions are limited by the least capable Mail User Agent deployed • Unilateral solutions are preferred • DNS is de facto global directory • The War is not over. ISACA-SV Member Survey: The ISACA-SV board would like to obtain input from the chapter membership as to what you would like to get out of your chapter. To kick this off, look out for a survey in the next issue of The Chip. This will be a great opportunity for you to provide feedback to the board about what you do and do not want from your chapter. Upcoming Quarterly ISACA-SV Meeting: We want to announce our next quarterly meeting to get it onto your Winter calendar: December 2004 ISACA-SV Dinner Meeting Thursday, 9 December 2004 Registration - 3pm Program – 3:30pm to 7:30pm Ramada Inn, Sunnyvale Cost: ISACA Members $25 Non-Members $30 Students $15 As usual, this next quarterly meeting will be anchored by two presentations. Note that we are always looking for good speakers for our meetings. We are still evaluating options for one of the presentations. If anyone has a topic they want to present, please send us your bio and a synopsis of your proposed topic. This meeting will also give us the opportunity to announce the names of those who passed the CISA and CISM certification exams. Please attend to hear your name announced and bask in the light of fine achievement! Also be there to encourage and applaud the efforts of those who took the exams. Next month’s newsletter will provide further information about the December meeting and seminar topics and how to make reservations. Attendance of both seminars will represent three (3) CPE Hours. JOB OPPORTUNITIES ON THE ISACA-SV WEBSITE: We invite you to visit the Chapter’s website to view employment opportunities at http://www.isaca-sv.org/employment.html. We are accepting job descriptions for open positions you wish to post on our web site. See the web site for job postings and contact information NEW MEMBERS: Welcome to all new members of our Chapter! Our membership has grown to over 250 members with growing numbers of CISMs. Our growing ranks and diversity of backgrounds give all of us increased opportunity to meet and network. with varied individuals in the coming meetings. We invite all this new blood to join us at the December meeting! ------------------------------------------------------------------------------------------- Related Security Practitioner / Auditor Events: ISACA-National: ISACA and the IT Governance Institute (ITGI) are holding a two-day event focusing on everything anyone would want to know about the use of COBIT (Control Objectives for Information and related Technology). This is a first-ever event and is taking place 4-5 November 2004 in Rosemont, Illinois. The cost is $900 for ISACA members. http://www.isaca.org/Template.cfm?Section=Education_and_Conferences1&CONTENTID=14151&TEMPLATE=/ContentManagement/ContentDisplay.cfm ISACA-SF: Our Sister chapter in San Francisco is having their 4th annual Fall Conference from October 4 through October 6, 2004. This will take place at The Palace Hotel in San Francisco. For ISACA members, it is $450 for the 3 days and $200 for any single day. http://www.sfisaca.org/events/conference04/announcement.htm. (ISC)2: The International Information Systems Security Certification Consortium is holding their Annual Constituent Briefing and Reception in Miami on October 2 at 6:00 PM. EDT. They plan to provide refreshments, an organization update, and hold the Annual (ISC)² Annual Awards Ceremony, recognizing those constituents who’ve given valuable time and energy toward professionalizing t he information security field. http://www.isc2.org/cgi/content.cgi?category=61. IIA-SJ: The San Jose chapter of the Institute of Internal Auditors is holding a luncheon seminar on Wednesday, 6 October 2004 from 11:30AM to 2:00PM at the Santa Clara Biltmore Hotel. The topic of this seminar is, “Continuous Monitoring,” presented by Doug Burton of ACL. http://www.theiia.org/chapters/index.cfm?cid=79. ISSA-SV: The next meeting of the Silicon Valley chapter of the Information Systems Security Association will be held on Wednesday, 6 October 2004 from 11:30AM-2:00PM at Cisco Systems - Building 9, 260 E. Tasman Rd, San Jose. The topic of this seminar is, “Building a Secure Extended Enterprise Messaging System” presented by Don Nadir of Frontbridge. http://www.sv-issa.org/calendar.html ------------------------------------------------------------------------------------------- UCSC Extension in Silicon Valley: ISACA members are offered a 10% discount applicable to regular fees, for the following 5 technical courses: 1) Network Security Architecture and Protocols 2) Firewall and Access Controls 3) Enterprise Security/Security+ Certification Training 4) Intrusion Detection 5) Wireless Security: 802.11b and Other Protocols Contact: Sean Nihalani, DSc. Director, Engineering and Technologies UCSC Extension in Silicon Valley 10420 Bubb Road Cupertino, CA 95014 (408) 861-3759 www.ucsc-extension.edu ------------------------------------------------------------------------------------------- 2004-2005 CHAPTER OFFICERS Yogita Parulekar, President Swami Ramachandran, Co-Vice President Sudha Chadalavada, Co-Vice President Oliver Wong, Treasurer Meena Kapasi, Assistant Treasurer Rick Kest, Secretary Nicholas Green, Program Director Terry Barnhart, Membership and Meeting Arrangements Director Janie Chang, Academic Relations Director Swee Fuller, Assistant Academic Relations Director Edmund Lam, CISA/CISM Coordinator Nils Puhlmann, Seminar Director Larry Halme, Newsletter Editor Tamara DeMarco, Co-Webmaster Roger Delgado, Co-Webmaster Kishor Kapasi, Past President Desmond Low-Kum, Chapter Advisor Ranjita Chakravarty, Chapter Advisor DISCLAIMER As it is the objective of the Silicon Valley Chapter of the Information Systems Audit and Control Association to provide a forum for the expression of ideas and opinions, statements of opinion appearing herein are not necessarily those of the Chapter or its directors and officers.Previous Issues of the CHIP