FREE SEMINAR – Qualifies for 3 CPEs

Limited Seating – Click here to REGISTER!

The Mankato Chapter ISSA presents its

5^th Annual Information Security Seminar

Thursday March 25th, 2010  1p - 4:30p

AmericInn

240 Stadium Road, Mankato

 

Topics & Speakers

• What is New in Security for Windows 2008 [R2] and Windows Vista/7 by Bob Krone, Benchmark Learning, Senior Educator
• Staying Secure: PCI Compliance for Today’s SMB  by Brad Rossiter, Clear North Technologies, Security Practice Manager
• Discussion Panel with Industry Experts

Who should attend?

Business Leaders, Information Security Practitioners, IT & Technical Staff, Students

Great Door Prizes

 

Presentation details:

Bob Krone | Senior Educator | Benchmark Learning | Edina, MN

Bob has over 20 years of IT and training experience. Bob is the IT Project Lead and has guided the successful rollout of programs such as Benchmark Learning’s Mentored Learning solution.  Bob played a key role in Microsoft's MCDST curriculum development and has created custom course material for key clients.  He has recently developed and designed a Windows 2008 PKI course, Windows 2003 PKI Course, Windows 2003 Clustering Course and several Windows Vista awareness seminars as well as a course for Benchmark Learning on Windows Vista for IT Support Professionals to update their skills from previous versions of Microsoft operating systems.

When he’s not in the classroom or writing curriculum, he provides Windows networks consultative services to both small- and medium-sized businesses, including 3M, MoneyGram, Deluxe Corporation, the Mayo Clinic and Caribou Coffee, just to name a few.  

Bob was requested by Microsoft to serve as a founding member of the MCLC (Microsoft Certified Learning Consultant) board due to his extensive experience in creating customized training solutions; one of six people in North America who approve MCLC applications.

Title: What is New in Security for Windows 2008 [R2] and Windows Vista/7

Description: This presentation will give an overview of several new and improved security features within Windows 2008 [R2] and Windows Vista/7.  This includes:  User Account Control (UAC), AppLocker, Windows Firewall, Network Access Protection (NAP), Public Key Infrastructure (PKI), Direct Access, BitLocker/Bitlocker To Go and Preferences.

Brad Rossiter | Security Practice Manager  | Clear North Technologies | Eden Prairie, MN

Brad Rossiter, CISSP, CISM, CISA, is an expert on information assurance and protection strategies. He manages the Clear North Technologies security services business and leads the effort in advising clients in all phases of assessing, designing, implementing and managing secure information systems. Brad has over 16 years of experience in information technology and is currently pursuing his Master of Science in Management of Technology at the University of Minnesota.  In addition to specializing in the SMB market space, Brad has also worked in Fortune 100 companies and many different business sectors including education, banking, engineering, construction, transportation, marketing and distribution.

Title: Staying Secure: PCI Compliance for Today’s SMB

Description: Don’t compromise your data security! This session will explain what PCI compliance is, why it is critical for today’s business operations, how it is obtained, and how security and compliance relate.  Learn about PCI-DSS compliance and whether it’s necessary for your business, as well as the common myths associated with PCI.  This seminar covers the fundamentals and offers proactive strategies that you can implement to protect your valuable data. Stay secure- register today!

It is my pleasure to welcome Rick Velasquez back as our new chapter Vice President. Rick has also agreed to stay on as Communication Officer during the time being. In other news, we're looking for a chapter Secretary. If no one comes forward, and according to Article IV Section 9 of our bylaws at the next chapter meeting, scheduled as a conference call in January (see chapter calendar).

It's that time of the year again when chapter members come together and decide on the leadership of the group. I will not be seeking another term due to a burgeoning workload and increasing family-time commitments. I call on each of you to renew your commitment to the chapter and its mission to be the home of information security in Southern Minnesota. Looking forward to seeing you at our October 22nd meeting.

Leave it to folks in Minnesota to decide to hibernate during the summer but, over the years, our chapter's activities have traditionally stopped during the summer months as people want to enjoy the outdoors. Yet the battle to contain risks and defend against malware haven't stopped, and some might say, have gotten more challenging. With tight budgets and layoffs, IT & Security functions are having to do more with less. Yet, it is important to remember the focus on the human factor. Security awareness/training/education can usually be done without much additional resources and is likely to pay off.

There's still time to attend today's meeting on the ramifications of the HITECH act and the impact on HIPAA covered entities.

Event details and location at: http://www.eventbrite.com/event/351663836
Note: RSVP is closed but you're welcome to attend.

Title: HITECH Act: The “Stimulus” Bill and Challenges and Opportunities for HIPAA Covered Entities and Business Associates

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is intended to encourage healthcare providers and payors (and their back-end support systems) to move paper-based records to a ubiquitous and secure electronic health information network by 2014. The HITECH Act sets ambitious information security and privacy compliance goals for a myriad of players in and around the healthcare sector.

In this session, participants will receive an overview of HITECH provisions and important changes to HIPAA's Security and Privacy Rules. Participants will also understand the increased downstream liability for "business associates." Specific learning objectives include the following:
- Knowledge of the key changes to HIPAA's Privacy and Security Rule
- Understanding of the emerging standards regime and its impact to business associates
-  Reconciliation between competing compliance obligations and the new health information privacy and security obligations

BIO:
Adam Stone leads the Data Privacy, Security and Risk practice for Enterprise Knowledge Partners, LLC. Mr. Stone has been an active leader in the data privacy and security discipline for nearly a decade. He has lead privacy and security efforts for a large insurance company, and was proud to serve as Corporate Privacy Officer for Hazelden Foundation – the highly-regarded drug and alcohol rehabilitation clinic in Center City, Minnesota.

Mr. Stone has over 19 years experience in privacy, data security, financial and operational management, professional and academic teaching, software design and programming, tier 2/3 systems support management, and corporate communications. He currently holds CIPP, CISSP, ISSMP certifications.

The May meeting has been changed to June 4th and will be held at 1 PM at the Alltel center.  To make sure enough food is ordered, please RSVP: http://www.eventbrite.com/event/351663836.  Lunch will be provided at no cost.  Please join us for the following topic (see below) presented by “Adam Stone” followed by an open forum of questions and answers.

Title: HITECH Act: The “Stimulus” Bill and Challenges and Opportunities for HIPAA Covered Entities and Business Associates

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is intended to encourage healthcare providers and payors (and their back-end support systems) to move paper-based records to a ubiquitous and secure electronic health information network by 2014. The HITECH Act sets ambitious information security and privacy compliance goals for a myriad of players in and around the healthcare sector.

In this session, participants will receive an overview of HITECH provisions and important changes to HIPAA's Security and Privacy Rules. Participants will also understand the increased downstream liability for "business associates." Specific learning objectives include the following:
- Knowledge of the key changes to HIPAA's Privacy and Security Rule
- Understanding of the emerging standards regime and its impact to business associates
-  Reconciliation between competing compliance obligations and the new health information privacy and security obligations

BIO:
Adam Stone leads the Data Privacy, Security and Risk practice for Enterprise Knowledge Partners, LLC. Mr. Stone has been an active leader in the data privacy and security discipline for nearly a decade. He has lead privacy and security efforts for a large insurance company, and was proud to serve as Corporate Privacy Officer for Hazelden Foundation – the highly-regarded drug and alcohol rehabilitation clinic in Center City, Minnesota.

Mr. Stone has over 19 years experience in privacy, data security, financial and operational management, professional and academic teaching, software design and programming, tier 2/3 systems support management, and corporate communications. He currently holds CIPP, CISSP, ISSMP certifications.

Enterprise

Information Security Foundation - What is that? Do I need it?

This topic’s focus is on what is an effective security foundation.  How do I create such a thing, what comprises this, and what might be some of benefits and challenges to doing so?   

 

Learning Nuggets

·          What is an Information Security Written Security Program Statement

·          What are information security policies and how do I create them?

·          What are information security standards and how do I create them?

·          Benefits

·          Challenges

 

Type of Content

Conceptual (e.g. models, framework, architecture)

 

Affiliation(s)

ISACA, ISSA

 

How did you hear about Call for Proposals?

Rob Ramer

 

Presenter Information and Bio

Bill Young, Sr. Information Security Consultant, Aeritae Consulting

10415 Kilbirnie Rd, Woodbury, MN 55129

651-503-9503                      byoung@aeritae.com

 

Bill Young has 18 years of military service holding a TS-SCI clearance serving in critical classified assignments at the Pentagon, Western Europe, and was the Heraklion Air Base, Crete Greece, NCOIC of the Base Communication Center in support of Desert Storm.

Bill also has many years working in a variety of information security positions.  While Bill’s information security experience started in the military, it has led him into the public sector organizations such as finance, insurance, and retail markets.  There, he has enjoyed the successes of creating and managing new information security  teams through which he has successfully built new information security programs grounded in an effective information security foundation  helping companies mature their information security program, processes, and achieving regulatory compliance.   

Some individuals in the Minnesota area are studying for their CISSP and plan on holding some study group sessions via Dial-In.

 

Meetings are scheduled for Wednesday afternoons 1:00-3:00 cst. Dial-In information follows:

 

877-384-0533

P: 12135597

Topic: Becoming a CISSP

Security Trends

 

Many of the participants plan on using the Shon Harris, CISSP Exam Guide, Fourth Edition.

 

Please let me know if you plan on participating. I will provide a handout for the first meeting.

 

Thanks, Diane

diane.carter@thomsonreuters.com