[Owasp-austin] OWASP Austin Announcements

David Hughes doulos447 at gmail.com
Tue Jan 8 13:31:35 UTC 2013


*Austin OWASPers
*

It is good to be back for 2013! We are in the process of planning an 
exciting year, with a docket of amazing speakers, training, happy hours 
and LASCON! If you want to be more involved with OWASP, please let me 
know. Believe me, we can find a place for you!

We are especially looking for volunteers to begin planning LASCON 2013. 
We are going to arrange a planning meeting soon.

****************************

*January Austin Security Professions Happy Hour*

OWASP and ISSA are still "cooking" this event and we've pushed it back 
to January 17th, next Thursday to finalize the details. If you represent 
a company that would like to sponsor Happy Hours, contact either me or 
Matt Snider (Matthew.Snider at phbvpartners.com).

When: January 17th

Where: Sherlocks at 183 and Burnet

RSVP: Coming soon.

**********************************

*January OWASP Chapter Meeting - "**Data events, or why security is 
cloudier than you think" - Wendy Nather
*

*
*

*When:* January 29th from 11:30a - 1:00p

*Who:* Wendy Nather

Wendy Nather is Research Director of the 451 Research Enterprise 
Security Practice. With over 20 years of IT experience, she built and 
managed the IT security program at the Texas Education Agency, where she 
directed multimillion-dollar initiatives for a statewide external user 
base of over 50,000. She also provided security guidance for the 
datacenter consolidation of 27 Texas state agencies.

Wendy previously worked in various roles in the investment banking 
division of Swiss Bank Corp (now UBS). Based in Chicago, Zurich and 
London, she also served as the first IT Security Director for the EMEA 
region. She has spoken at various industry conferences in the US and 
abroad, and co-authored The Cloud Security Rules. She was also named one 
of Tripwire Inc.'s "Top 25 Influencers in Security."


*Topic:* Data events, or why security is cloudier than you think.

*Abstract:* Data security doesn't involve just securing data at rest or 
in transit. It also needs to be secured in use ­ which means that at any 
point, the characteristics of the data can change. We call this 
situation a "data event," and it can mean that security requirements 
have to change as a result.

This is not the same thing as logging event data; this is taking into 
account changes in the combination, use or business context surrounding 
specific data. For example, a press release is confidential and requires 
a certain set of security policies in the areas of access control, DLP, 
key management (if encryption is involved), and so on. But once the 
business event occurs, the press release suddenly becomes the opposite 
of confidential, and all the policies have to change immediately as a 
result.

Data events can also occur when data elements are combined in particular 
ways so that they become covered by regulations. A query might produce a 
small enough sample size that it needs to be treated as protected 
information, or a doctor becomes a patient so that her name is now 
protected by HIPAA. Data events are often tied closely to the business 
context, and as such can mirror transactions and workflows.

Data events are important because traditional security policies have 
been applied to the current container of the data: this database is 
confidential because some rows are confidential, or this Word document 
requires access control (but its content can be copied and pasted 
somewhere else). Container-centric security is too static for today's 
high-speed, big-data, cloud-based (pick as many buzzwords as you like) 
processing.

This talk will describe the concept of data events, and will invite 
audience discussion on how security controls can be adapted to them.


*Food:* Oh yeah, Taco Deli time! Please RSVP so we'll be sure to have 
enough for all! Only those who RSVP will be eligible for any 
drawings/giveaways that may take place!


*Location:* National Instruments, 11500 N. Mopac.Building C

*RSVP:* http://owaspjanuary.eventbrite.com/

*************************************************
*

*OWASP Study Group*

We meet every Wednesday from 12:00p-1:00p at National Instruments 
Building A on the second floor in one of the large conference rooms. 
Paul Griffiths, our Vice President, has been guiding these meetings. We 
will send out a separate announcement regarding the current topic, but 
we are starting up again tomorrow! It's a great networking opportunity 
and you just might learn something in the process and teach others as well!




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130108/02aa66e4/attachment.html>


More information about the Owasp-austin mailing list