Welcome to ISSA KC

The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA -Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession.

INTERFACE Kansas City 2018

Posted by NB Thursday, June 28, 2018

Join us at INTERFACE Kansas City 2018

July 12th, 2018
Time: 8:30am – 4:45pm

Overland Park Convention Center
Ballrooms A-C
6000 College Boulevard
Overland Park, KS 66211

*** Register Free ***

June 2018 Chapter Meeting

Posted by Administrator Saturday, June 9, 2018

On June 28, 2018 the ISSA-KC Chapter members, and other security professionals will hold a meeting at Brio’s Restaurant on the Country Club Plaza in Kansas City, MO, to network and attend the monthly chapter meeting, with presentation topic.

Speaker:   Mike Wallick

Bio:  Mike Wallick with Okta is a technologist with a desire to continue using his technical knowledge in a sales-focused role. He has a Bachelor’s degree in computer science and 20 years of experience working in the Information Technology and software fields, with the five most recent years working as a sales engineer for two different SaaS companies. Mike is a confident public speaker and presenter, as well as a relationship builder, earning trusted advisor status with customers and colleagues alike. Core Competencies; Technical & Solution Sales, Sales Operations & Support, Software as a Service, Enterprise Software, Application Development & Integration, IT Operations (ITIL v3 Foundation certified)

Mike is an avid semi-professional musician and he also volunteers some of his time to a local charity, helping to handle things like web hosting and electronic donation collections.

Topic:  Enabling Business Transformation with a Strong Identity Foundation

At the turn of the century, our users were forced to live in two worlds.  Corporations had heavily invested in on premise applications, with a network security architecture designed to heavily defend the perimeter, and trust everything within.  Mobile users were limited to what few applications security would punch a hole in the firewall for, typically email.  Device and user identity were merged – a user would log into their Active Directory domain from their machine, and they are granted access based on group membership and access control list. Mobile was a second-class citizen, and then hosted applications began to take hold.  Enterprise applications like Salesforce and Box paved the way by demonstrating the value that large-scale hosting providers can bring. Now, every company is global.  Employees are always on the move, whether for work or personal travel, and they need access to their data from wherever they are, on whatever device they are using.

Location:  BRIO Tuscan Grille, Country Club Plaza, 502 Nichols Rd, Kansas City, MO 64112

11:30 AM - 12:00 PM Greeting and registration
12:00 PM - 1:00 PM - Meeting & Presentation
1:00 PM - 1:30 PM - Questions, Answers & Networking

Salad Choice of Chicken, Salmon or Pasta
Soft drinks, Iced Tea, Coffee

*Vegetarian option available, please note at registration at Brio
* *Menu subject to change. **


$25.00 for ISSA Members,
$35.00 for Guests/Non-Members

Maximum Reservation: 35
Credit(s): 1 CPE credit

Register Now!

We look forward to seeing you at the event. If you have any questions about the event or how to register, please email our RSVP email, or contact the venue for directions.

Attributing the Problem with Attribution in Cyberspace

Posted by VP ISSA Thursday, May 24, 2018

Author: Elliott Lillard, ISSA Member
Date: May, 2018

This article provides an opinion on the Attribution problem, especially concerning the conflict between the United States and foreign adversaries like China or Russia. Acting within cyberspace especially during hostile times and dealing with rival nation states adds a lot of complexity in terms of determining risk and appropriate action. Attribution deals with the ability to thoroughly understand who is behind an attack. Attribution can be deciphered based on evidence provided from the action, previous facts of various actors at play in terms of victim and perpetrator, as well as the reward of  understanding the who and why behind a cyber-attack.

Derek S. Reveron, the author of Cyberspace and National Security provides insights behind the problem of attribution, especially so in terms of cyberspace and cyberwar. “The increasing Internet accessibility of secrets, money, and industry creates significant incentives for individuals, groups, and states to find ways to use offensive cyber capabilities. This motivation is heightened by the fact that attributing attacks from cyberspace is often impossible and the laws and social norms relating to cyber espionage, crime, and warfare are often weak or nonexistent...As a result, those who profit from cyber-attacks are unlikely to be apprehended and if caught seldom face punishment,” (Reveron, 91).

The underlying fact behind why various nation states, hacktivists, internal actors and rogue individuals pursue hostile acts that conducted anywhere else besides the cyberspace domain would be considered an act of aggression comes down to the fact that malicious actors feel that they can get away with the crime without any sort of negative consequence. It is also very difficult to understand the full extent of the damage behind a cyber-attack. “The opaque nature of actions in cyberspace makes it difficult for the defender to know how far the attacker has penetrated and, therefore, exactly where they are on the policy slope,” (Hare, 132). Cyberwar is a far different battleground than traditional boots on the ground combat. It is much easier to understand who is behind missile strikes when the trajectory of artillery can be traced back to a hostile regime and thus be responded with equal or elevated kinetic action as well as to fully understand the damage done by such an attack.

At the time of this writing, the United States faces a few rival nations that could benefit from a successful and damaging cyber-attack. Those nation states include but are not limited to Russia, China, North Korea, and Iran. Russia has been under the microscope recently as it came to surface that they had direct impact on the last U.S. presidential election which threatens our democracy and outcome of a fair and just election process. China has gained economic benefits from conducting clandestine operations seeking intellectual property, trade secrets, and classified government documents. Iran and North Korea are increasingly interested in our nation secrets related to nuclear arms production and storage. These rival nations have made actions to infiltrate our nation and extract sensitive materials. However, these actions are not limited to passive actions and could be a more direct and crippling attack if focused on disrupting our critical infrastructure.

“A nation can suffer an existential threat from attacks and infiltrations through cyberspace by either state or organized non-state actors to degrade or disrupt critical infrastructure systems, both privately and publicly owned,” (Hare, 127). The issue of attributing these hostile actions from these attacks back to the original actor is paramount to responding, mitigating and preventing future cyber-attacks.

Rival nation states will continue to ramp up their sophistication and frequency of these cyber-attacks to avoid detection. If not fearful of the consequence of their actions, there would be no reason to hesitate to issue further attacks against our democracy and way of life. “Deterring attacks has depended on convincing opponents that the costs of attacking would be greater than any benefits they might obtain,” (Reveron, 92).  The United States must ramp up the ability to catch cyber-attacks in action before damaging effects can be done and determine who is behind these attacks through attribution. Once an attack has been traced back to an actor there should be standards in place to understand and respond appropriately through direct action or forming a coalition of allies to freeze trade agreements, economic sanctions or bolster together to issue a reciprocating cyber-attack far worse than their original. “Inaction is easy to justify in a deterrence situation, as a would-be adversary can always claim other reasons for not conducting an action for which a victim threatens retaliation,” (Hare, 131). By doing nothing after an attack also does nothing to deter future cyber-attacks.

Preventing future attacks is vital in successful deterrence strategy. “In most cases of cyber conflict confronting developed nations today, the more pressing issue is not deterring an actor from choosing to conduct hostile intrusions in cyberspace but compelling them to stop conducting intrusions that already have been highly successful,” (Hare, 126).

Foreign adversaries such as Russia or China will continue to push boundaries, infiltrate our networks for secrets and potentially wreak havoc on our critical infrastructure and vital systems. Thus, emphasis will need to be made to not only prevent future zero-day attacks but also prevent repetitive intrusion attacks that have already been proven to be successful. “Attribution is central to deterrence [...] [and] retaliation requires knowing with full certainty who the attackers are,” (Hare, 128).  Fixing the attribution problem in cyberspace will prevent future attacks because attackers will be caught in their tracks, responded to with appropriate action, and other nations will view this activity and think twice before conducting hostile actions.

Hare, F. (n.d.). The Signifi cance of Attribution to Cyberspace Coercion: A Political Perspective [Scholarly project]. Retrieved April 22, 2018, from https://ccdcoe.org/sites/default/files/multimedia/pdf/2_5_Hare_TheSignificanceOfAttribution.pdf
Reveron, D. S. (2012). Cyber challenges and national security: Threats, opportunities, and power in a virtual world. Washington, D.C.: Georgetown University Press.

May 2018 Chapter Newsletter

Posted by Administrator Thursday, May 10, 2018

The May edition of the ISSA newsletter is now available.

Upcoming Events

Aug 23rd - Chapter Meeting * Register

Sept 5th - SIG/WIS Meeting at Sprint

Oct 25 th - Chapter Meeting *Register

Nov 8th - Happy Hour *Register

Past events:

July 26th - Chapter meeting @ Hereford House

June 28th, 2018 - Chapter Meeting

May 24th, 2018 - Chapter Meeting

May 17th, 2018 - Happy Hour

Questions about upcoming meetings? email VP

Join the ISSA Kansas City Chapter

ISSA KC Mentorship Program Program Details

Mentor form/Application
Mentee form/Application

Join our mailing list to stay current on ISSA Kansas City!

For more information on how to join the Kansas City Chapter of ISSA click here. ** Join today! **

ISSA Member Login Page ISSA ** Login **

ISSA International’s Special Interest Groups (SIG) and Webinars:SIG On-Demand Conf

SIG groups are:

Security Awareness

Women in Security



Social Media

Chapter meetings are a great way to get to know your peers here in KC. And, if you're currently looking to make a career change, it's an invaluable way to build relationships that can provide you with the "inside information" on open security positions.

Do you have any membership questions? email link



Image result for Synack

Image result for Forcepoint

Image result for Carbon Black

Image result for Zerto

Image result for Tenable

Related image

Image result for CyberArk

Image result for Critical Start

Image result for Securonix

Image result for OKTA

Image result for ProofPoint

Be a sponsor!!! Email us at president@kc.issa.org