[Owasp-austin] Austin Security Professionals Happy Hour and other announcements

David Hughes david.hughes at owasp.org
Mon Jan 14 20:45:05 UTC 2013


*
January Austin Security Professionals Happy Hour, Sponsored by Trusteer
*


Please RSVP so we will have an idea of how many to expect!

 

*When: *Thursday, January 17th, from 5-7pm

*Where:* Sherlocks Baker Street Pub and Grill at the corner of 183 and
Burnett

*What is it? *The Austin Security Professionals Happy Hour is a monthly
gathering of information security professionals from the Austin area,
jointly organized by OWASP and ISSA. It is a time to enjoy some drinks
and food provided by our sponsors, and a good opportunity to get to know
other InfoSec professionals. Come on down and hang out with a bunch of
hackers and geeks!

*RSVP: *http://jan2013infosechappyhour.eventbrite.com

*
Our Sponsor: Trusteer*

Boston-based Trusteer is the leading provider of endpoint cybercrime
prevention solutions that protect businesses against advanced threats
and prevent data breaches. Hundreds of organizations and millions of end
users rely on Trusteer to protect critical endpoint applications on
computers and mobile devices from advanced malware and spear-phishing
attacks. Trusteer's Cybercrime Prevention Architecture combines
multi-layer security software with real-time threat intelligence to stop
emerging threats that are invisible to legacy security solutions. To
learn more about Trusteer solutions and customer success visit 
http://www.trusteer.com.

Trusteer

*
*

*RSVP: *http://jan2013infosechappyhour.eventbrite.com*
*

*
*

*********************************
*

*
*

*
January OWASP Chapter Meeting - "**Data events, or why security is
cloudier than you think" - Wendy Nather
*

*
*

*When:* January 29th from 11:30a - 1:00p

*Who:* Wendy Nather

Wendy Nather is Research Director of the 451 Research Enterprise
Security Practice. With over 20 years of IT experience, she built and
managed the IT security program at the Texas Education Agency, where she
directed multimillion-dollar initiatives for a statewide external user
base of over 50,000. She also provided security guidance for the
datacenter consolidation of 27 Texas state agencies.

Wendy previously worked in various roles in the investment banking
division of Swiss Bank Corp (now UBS). Based in Chicago, Zurich and
London, she also served as the first IT Security Director for the EMEA
region. She has spoken at various industry conferences in the US and
abroad, and co-authored The Cloud Security Rules. She was also named one
of Tripwire Inc.'s "Top 25 Influencers in Security."


*Topic:* Data events, or why security is cloudier than you think.

*Abstract:* Data security doesn't involve just securing data at rest or
in transit. It also needs to be secured in use ­ which means that at any
point, the characteristics of the data can change. We call this
situation a "data event," and it can mean that security requirements
have to change as a result.

This is not the same thing as logging event data; this is taking into
account changes in the combination, use or business context surrounding
specific data. For example, a press release is confidential and requires
a certain set of security policies in the areas of access control, DLP,
key management (if encryption is involved), and so on. But once the
business event occurs, the press release suddenly becomes the opposite
of confidential, and all the policies have to change immediately as a
result.

Data events can also occur when data elements are combined in particular
ways so that they become covered by regulations. A query might produce a
small enough sample size that it needs to be treated as protected
information, or a doctor becomes a patient so that her name is now
protected by HIPAA. Data events are often tied closely to the business
context, and as such can mirror transactions and workflows.

Data events are important because traditional security policies have
been applied to the current container of the data: this database is
confidential because some rows are confidential, or this Word document
requires access control (but its content can be copied and pasted
somewhere else). Container-centric security is too static for today's
high-speed, big-data, cloud-based (pick as many buzzwords as you like)
processing.

This talk will describe the concept of data events, and will invite
audience discussion on how security controls can be adapted to them.


*Food:* Oh yeah, Taco Deli time! Please RSVP so we'll be sure to have
enough for all! Only those who RSVP will be eligible for any
drawings/giveaways that may take place!


*Location:* National Instruments, 11500 N. Mopac.Building C

*RSVP:* http://owaspjanuary.eventbrite.com/

*************************************************
*

*OWASP Study Group*

We meet every Wednesday from 12:00p-1:00p at National Instruments
Building A on the second floor in one of the large conference rooms.
Paul Griffiths, our Vice President, has been guiding these meetings. We
are still finishing up "Metasploit: the Penetration Tester's Guide" by
Dave Kennedy.

 It's a great networking opportunity and you just might learn something
in the process and teach others as well!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130114/5cac3c53/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 2567 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130114/5cac3c53/attachment.png>


More information about the Owasp-austin mailing list