[Owasp-austin] OWASP Austin Chapter Meeting Tuesday & other announcements...

David Hughes david.hughes at owasp.org
Fri Jan 25 16:35:49 UTC 2013


*
January OWASP Chapter Meeting - "**Data events, or why security is
cloudier than you think" - Wendy Nather
*

*
*

*When:* This Tuesday, January 29th from 11:30a - 1:00p

*Who:* Wendy Nather

Wendy Nather is Research Director of the 451 Research Enterprise
Security Practice. With over 20 years of IT experience, she built and
managed the IT security program at the Texas Education Agency, where she
directed multimillion-dollar initiatives for a statewide external user
base of over 50,000. She also provided security guidance for the
datacenter consolidation of 27 Texas state agencies.

Wendy previously worked in various roles in the investment banking
division of Swiss Bank Corp (now UBS). Based in Chicago, Zurich and
London, she also served as the first IT Security Director for the EMEA
region. She has spoken at various industry conferences in the US and
abroad, and co-authored The Cloud Security Rules. She was also named one
of Tripwire Inc.'s "Top 25 Influencers in Security."


*Topic:* Data events, or why security is cloudier than you think.

*Abstract:* Data security doesn't involve just securing data at rest or
in transit. It also needs to be secured in use ­ which means that at any
point, the characteristics of the data can change. We call this
situation a "data event," and it can mean that security requirements
have to change as a result.

This is not the same thing as logging event data; this is taking into
account changes in the combination, use or business context surrounding
specific data. For example, a press release is confidential and requires
a certain set of security policies in the areas of access control, DLP,
key management (if encryption is involved), and so on. But once the
business event occurs, the press release suddenly becomes the opposite
of confidential, and all the policies have to change immediately as a
result.

Data events can also occur when data elements are combined in particular
ways so that they become covered by regulations. A query might produce a
small enough sample size that it needs to be treated as protected
information, or a doctor becomes a patient so that her name is now
protected by HIPAA. Data events are often tied closely to the business
context, and as such can mirror transactions and workflows.

Data events are important because traditional security policies have
been applied to the current container of the data: this database is
confidential because some rows are confidential, or this Word document
requires access control (but its content can be copied and pasted
somewhere else). Container-centric security is too static for today's
high-speed, big-data, cloud-based (pick as many buzzwords as you like)
processing.

This talk will describe the concept of data events, and will invite
audience discussion on how security controls can be adapted to them.


*Food:* Oh yeah, Taco Deli time! Please RSVP so we'll be sure to have
enough for all! Only those who RSVP will be eligible for any
drawings/giveaways that may take place!


*Location:* National Instruments, 11500 N. Mopac.Building C

*RSVP:* http://owaspjanuary.eventbrite.com/

*************************************************
*

*OWASP Study Group*

We meet every Wednesday from 12:00p-1:00p at National Instruments
Building A on the second floor in one of the large conference rooms.
Paul Griffiths, our Vice President, has been guiding these meetings. We
are still finishing up "Metasploit: the Penetration Tester's Guide" by
Dave Kennedy. Next week we're going to continue to play with wireless
and Karmetasploit.

 It's a great networking opportunity and you just might learn something
in the process and teach others as well!


***********************************************

*BSides Austin 2013
*
>From Michael Gough:

It is time for BSides Austin again and attached is a flyer for you to
send out to your members to advertise the festivities !

 

Weds evening -- Code 2600 at the Paramount Stateside theatre

Thurs-Fri -- The Con

Thurs evening -- Fire Marshall Talks

Fri night -- Special after Con Social with a special guest (check out
the riddle)

 

The special premier of Code 2600 is open to anyone who wants to get
tickets, so promote that as well.

 

Thank you for your support !!

 

MG








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130125/9b182ffb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Austin BSides Short Flyer 2013 v1.0.pdf
Type: application/pdf
Size: 766481 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130125/9b182ffb/attachment-0001.pdf>


More information about the Owasp-austin mailing list