Welcome to ISSA KC

The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA -Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession.

July 2017 Chapter Newsletter

Posted by Administrator Monday, July 17, 2017

The July edition of the ISSA newsletter is now available.


July 2017 Chapter Meeting

Posted by Administrator

On July 27, 2017 the ISSA-KC Chapter members, and other security professionals will hold a meeting at Brio's on the Country Club Plaza to network and attend the monthly chapter meeting, with presentation topic.

Speaker:  Bryan Bailey
Bio:  Cyber security sales executive with extensive experience in network security, demand generation, partnering with the customer at all levels, learning new technology, top down selling and closing business in complex selling environments.

Specialties: utilities, telecom service providers, wireless (3G / 4G LTE, WiMax, Small Cells, 802.11, Micro Networks) broadband, networking, cold calling, direct marketing, sales strategy, IP, multimedia, networks, outside sales, finding the decision maker, program management, sales development, teaching, negotiation, and Ethernet.

Topic: Bypassing your network security – how likely is it?
How likely is a breach to your network security?  What’s the global view of network security today?  Show the latest NSS Labs report on which vendors are doing the best with Zero Day threats and Malware.  Evasions defined!  What is Evador? 

Location: BRIO Tuscan Grille, Country Club Plaza, 502 Nichols Rd, Kansas City, MO 64112

Menu:
Salad
Choice of Chicken, Salmon and Pasta

Soft drinks, Iced Tea, Coffee

*Vegetarian option available, please note at registration at Brio
* *Menu subject to change. **

Price:
$20.00 for ISSA Members,
$30.00 for Guests/Non-Members
Maximum Reservation: 35
Credit(s): 1 CPE credit

We look forward to seeing you at the event. If you have any questions about the event or how to register, please email our RSVP email, or contact the venue for directions.

Register Now!

June 2017 Chapter Meeting

Posted by Administrator Friday, June 9, 2017

On June 22, 2017 the ISSA-KC Chapter members, and other security professionals will hold a meeting at Lidia's in Kansas City to network and attend the monthly chapter meeting, with presentation topic.



Speaker: Caleb Christopher

Bio
Caleb is the Director of Technical Operations at information security and risk management firm, Cino Security Solutions Ltd. and is currently the Director of Information Technology at Challenger Sports.  He has 9+ years’ experience in security, has recently spoken at several Information Security conferences, and will have an article published in BoardRoom magazine next month.

A student-at-heart, whatever time he has after work, family, and more work, he spends learning or teaching others.

Topic:  Email Authentication with DMARC

Summary: This presentation will cover SPF, DKIM, and DMARC records (public DNS) that help domain owners whitelist authorized senders, and allow them to specify what to do with emails that don't authenticate properly, as well as provide reporting on all emails sent on their behalf (including those sent fraudulently, which was previously not possible).
Attendees will come away with a clear understanding of the importance of email authentication to prevent spoofed/fraudulent emails (protecting domain reputation) and reduce/prevent phishing certain phishing attacks.  More resources will be made available so attendees can start taking action immediately.

Location
Lidia's Italy Restaurant
101 W. 22nd St.Kansas City, MO 64108
Menu:Pasta Tasting Trio - A sampling of three daily-made fresh and filled pastas. Biscotti Platters - An assortment of house-made cookies & sweets to pass and share family style.
Soft drinks, Iced Tea, Coffee
* *Vegetarian option available, please note at registration**.
* *Menu subject to change. **

Price:
$20.00 for ISSA Members,
$30.00 for Guests/Non-Members
Maximum Reservation: 35

Credit(s): 1 CPE credit

Register Now

May 2017 Chapter Newsletter

Posted by Administrator Thursday, May 18, 2017

The May edition of the ISSA newsletter is now available.

May 2017 Chapter Meeting

Posted by Administrator Thursday, May 11, 2017

On May 25, 2017 the ISSA-KC Chapter members, and other security professionals will hold a meeting at Hereford House at Town Center Plaza to network and attend the monthly chapter meeting, with presentation topic.

Topic: Making a Jump to Risk Management

Discussion on Risk Management and the components of Security, Business Continuity and Compliance.  We will discuss the definitions of what is included within Risk Management including Emerging Risk Register, how to determine Risk Impact, Probability and Severity.  We will also demonstrate a quick example to show how all the components work together to form a final risk exposure value.    This meeting will be more of a discussion than presentation, so be prepared to jump in with questions and comments.

Speaker:
Jeff Blackmon
Co-Hosts: Cheryl Cooper & Naeem Babri

Speaker Bio: Jeff  Blackmon is owner / operator of Strategic Continuity Solutions, LLC.  He provides consulting services in the areas of Risk management, Business Continuity, Security Planning and Governance/Risk/Compliance (GRC). He has contracted with such companies as Presbyterian Healthcare Services, Bank of America, L-3 Communications, Library of Congress, SRA international, Midland Loan Processing and BDM International.  He has also worked internationally at Saudi Arabia Marketing and Refining (SAMAREC) and at the Royal Saudi Air Force Headquarters located in Riyadh.  He provided information to IT related web news organizations such as Computer World and has been quoted in such. His  latest accomplishment was being chosen as one of the five finalists for BCI’s North American Award for Continuity and Resilience Consultant, 2015.

Co-Hosts Bio:
Cheryl Cooper has over 20 years of privacy, education and information security experience, assists organizations of all sizes with their information privacy, security risk management, and regulatory compliance programs. Cheryl has a Master of Business Administration and a Masters in Criminal Justice with a pecialization in Cybercrime. She is currently a Network/IT Security Risk Manager with Sprint Corporation. Cheryl has experience as an Adjunct Professor teaching Business, Network Principles, and IT Security course curriculum.  Knowledgeable of innovative, creative teaching and learning methodologies for post-secondary students.  Before joining Sprint she was a member of the United States Navy. Over the course of her career she has been awarded many certificates of excellence. 
Naeem Babri has been ISSA-KC Chapter President since 2014 and is currently a Risk Manager with Sprint. His day to day focus is on risk assessments, information security, privacy, and SOX controls. He has been a member of the Corporate Security team for since 2011. He has been in Kansas City for some time and is active in local community.  He has strong background in Security, Project Management, and IT Operations & Support. He holds a Master’s degree in Computer Resource Management and Bachelor in Mathematics and Computer science.

Location:
Hereford House
Town Center Plaza,
5001 Town Center Dr,
Leawood, KS 66211

Menu:
Lunch : Choice of one: Beef, Chicken, or Salmon,
Salad, Potato, Vegetable, Drink

Agenda:
11:30 AM - 12:00 PM Greeting and registration
12:00 PM - 1:00 PM - Meeting & Presentation
1:00 PM - 1:30 PM - Questions, Answers & Networking

Price:
$20.00 for ISSA Members,
$30.00 for Guests/Non-Members

Register Now!





On Friday, the world experienced the wrath of a well-coordinated ransomware attack, known as WannaCrypt. The attack caused Britain's NHS to cancel surgeries, a wide array of Russian and Chinese private and public institutions to be crippled most of the day, and the rest of the world to recoil in shock.  How could a single piece of malware that exploited a vulnerability identified long ago by the NSA, and leaked last month by a group called the Shadow Brokers, wreak so much havoc?

Before the malware could do damage in the United States, a lone British researcher, known as "MalwareTech," serendipitously identified its kill switch -- the registration of a domain name -- while on vacation. The ease with which MalwareTech did this says a great deal about the poor state of the global information security industry, and raises several important questions.

MalwareTech analyzed the malware in a testing environment and immediately noticed the code queried an improbable Internet domain name that did not exist. Domain names often function as malware command and control centers, so MalwareTech simply bought the domain name which triggered the kill switch for WannaCrypt. This was incredibly lucky.
MalwareTech believes that the domain name was not intended as a kill switch, but rather a mechanism by which the malware itself could identify whether it was being analyzed.

If the domain name were active, the malware would assume it was a false positive from a researcher dissembling its code, and WannaCrypt was designed to frustrate such analyses by shutting itself down. The fact that only a single domain name was coded into the malware meant that registering that domain name had the effect of shutting down WannaCrypt worldwide.  In short, WannaCrypt's creators were lazy, and the world lucked out. If WannaCrypt could be shut down so quickly and easily, why did it take so long for someone in this world to flip the kill switch, and what does this say about the state of global cyber preparedness?

First, it shows that the information security industry views cyberattacks more as a business development opportunity than as a chance to put their collective heads together to eliminate threats.  Though there are undoubtedly professionals who share data unconditionally -- as MalwareTech himself did -- yesterday's events make it clear that the efforts of the information security community need greater alignment, and that the world cannot rely on a combination of serendipity and lazy coding to prevent the next attack.

Second, we must ask whether WannaCrypt was merely a test of readiness. Perhaps the kill switch existed not out of laziness but as a deliberate act, one designed to test how long it would take to shut down the attack.  On the other hand, perhaps the creators intended to gather intelligence on the extent and type of systems that could be affected by malware targeting aged operating systems like Windows XP, which developers do not regularly update or support. Alternatively, WannaCrypt could have been intended merely to demonstrate the moral hazard of governments that catalogue software vulnerabilities but do not notify software developers. Thus, WannaCrypt illustrated exactly what could happen if these vulnerabilities fall into the wrong hands.

WannaCrypt has generated much debate about the danger of state-sponsored cyberattacks. As a staunch privacy and security advocate, I believe the inclusion of government-mandated backdoors in applications or operating systems that could allow unfettered access to personal data or activities are not only unwise but entirely misguided. But if the 2016 election has taught us anything, we cannot deny that we live in a time that requires both offensive and defensive cyber capabilities.

Similarly, we cannot deny that we should be expecting more of software behemoths like Microsoft. We live in the era of big data, where all software is tracked. In the face of a software vulnerability that may bring a portion of the world to a halt, we should expect more than the timely release of a patch.

When critical systems rely on at-risk software, it is reasonable to expect that software developers like Microsoft, not governments, become more adept at notifying at-risk parties and ensuring systems become properly patched. Long-winded blog posts, emails, and available updates are unfortunately insufficient because many customers do not receive mainstream support or may not even know they are in possession of a vulnerable system.

On April 8, 2014, Microsoft ended its support of the Windows XP operating system on which WannaCrypt relied to propagate, and yet institutions around the globe continue to use it. The world was quite different three years ago: the Internet of Things was a nascent but growing concept. Today the IoT is a major concern.

If we do not discover greater efficiencies to combat pernicious threats like WannaCrypt, and if we countenance the creation and abandonment of insecure software, we can expect to face a far greater cascade of threats that have the potential to cause significant digital and physical damage. And next time we may not be so lucky.

Upcoming Events


July 2017 Chapter Meeting
Thursday, July 27th, 2017

Join the ISSA Kansas City Chapter


Join our mailing list to stay current on ISSA Kansas City!


For more information on how to join the Kansas City Chapter of ISSA click here.

Join today!


Member Login Page ISSA
Login

Social Media

Chapter meetings are a great way to get to know your peers here in KC. And, if you're currently looking to make a career change, it's an invaluable way to build relationships that can provide you with the "inside information" on open security positions. Check out our new LinkedIn© group that you can join to discuss topics, ask questions, or just meet other members. Look for the group "ISSA Kansas City Chapter" or click here.


Join our FaceBook page

https://www.facebook.com/kcissa/






Sponsors