Please join us for our February 2018 Meeting. 2 technical talks followed by networking. This month we will be at Palm Beach State College at their Lake Worth Campus. Our meeting will be in room CBP 103, which is in the Center for the Bachelor Program bldg. You may find a campus map here: http://www.palmbeachstate.edu/locations/documents/LakeWorth.pdf Afterwards, we will be going off campus for networking at a nearby sports bar/grill.
First Speaker: Dr. George Antiniou of St. Thomas University
Title: A framework for the governance of information security: Can it be used in an organization?
Subject: With reported information security breaches, compromises and incidents in organizations on the increase, effective Information Security Governance is expected to become a major issue in organizations. Thus, information security should be a priority of executive management, including the Board of Directors and Chief Executive Officer and therefore commence as a corporate governance responsibility. Within many organizations an important barrier to effective information security is the lack of framework for action, inclusion and integration into governance. In addition, information security can no longer be viewed as just a technical issue and to be left to the Information Technology department to handle. Rather, it is a Corporate Governance issue that must be addressed by CEOs and Boards of Directors, then implemented and enforced across all levels of the organization. The global revolution in governance regulation, brought about by high-profile corporate scandals and failures of the past decade, is impacting most companies. As a result of these scandals and failures complex laws and regulations have been implemented to force improvement in governance, information security and organizational transparency. These corporate scandals and failures, coupled with legislation such as Sarbanes-Oxley, California SB 1386, Gramm-Leach-Bliley (GLBA), and Health Insurance Portability and Accountability Act (HIPAA), have prompted shareholders to demand better accountability from public firms. Accordingly, the information security governance has become a legitimate high-level concern and responsibility of the board of directors, executive management and senior IT management. Ensuring proper Information Security Management is one of the critical functions of good corporate governance in organizations. Properly governed, information security takes the larger view that the organization’s information - and the knowledge based on it - must be adequately protected regardless of how it is handled, processed, transported or stored. It addresses the business risks, benefits and processes involved with all information resources. Information security, as with other critical organizational resources, must be addressed at the enterprise governance level.
Second Speaker: Moses Hernandez, Cisco Systems Engineer
Topic: "Thinking in Reds" (Red Teams & Pen Testing)
Abstract: This a lightning talk to highlight and go over red team exercises, why having a red team makes a lot of sense, and how red helps blue.