[Owasp-austin] Owasp-austin Digest, Vol 77, Issue 9

Philip Agcaoili philip.agcaoili at gmail.com
Wed Jan 30 02:19:55 UTC 2013


Can someone FedEx/UPS me some Taco Deli? I miss that joint. Have a good
meeting ya'll.

Come on, Josh? Mike? James?

On Tue, Jan 29, 2013 at 7:00 AM, <owasp-austin-request at lists.owasp.org>wrote:

> Send Owasp-austin mailing list submissions to
>         owasp-austin at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.owasp.org/mailman/listinfo/owasp-austin
> or, via email, send a message with subject or body 'help' to
>         owasp-austin-request at lists.owasp.org
>
> You can reach the person managing the list at
>         owasp-austin-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-austin digest..."
>
>
> Today's Topics:
>
>    1. Tomorrow OWASP Austin Chapter Meeting Tuesday &   other
>       announcements... (David Hughes)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 28 Jan 2013 14:01:11 -0600
> From: David Hughes <david.hughes at owasp.org>
> To: owasp-austin at lists.owasp.org
> Subject: [Owasp-austin] Tomorrow OWASP Austin Chapter Meeting Tuesday
>         &       other announcements...
> Message-ID: <5106D907.1070109 at owasp.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
>
> *
> January OWASP Chapter Meeting - "**Data events, or why security is
> cloudier than you think" - Wendy Nather
> *
>
> *
> *
>
> *When:* This Tuesday, January 29th from 11:30a - 1:00p
>
> *Who:* Wendy Nather
>
> Wendy Nather is Research Director of the 451 Research Enterprise
> Security Practice. With over 20 years of IT experience, she built and
> managed the IT security program at the Texas Education Agency, where she
> directed multimillion-dollar initiatives for a statewide external user
> base of over 50,000. She also provided security guidance for the
> datacenter consolidation of 27 Texas state agencies.
>
> Wendy previously worked in various roles in the investment banking
> division of Swiss Bank Corp (now UBS). Based in Chicago, Zurich and
> London, she also served as the first IT Security Director for the EMEA
> region. She has spoken at various industry conferences in the US and
> abroad, and co-authored The Cloud Security Rules. She was also named one
> of Tripwire Inc.'s "Top 25 Influencers in Security."
>
>
> *Topic:* Data events, or why security is cloudier than you think.
>
> *Abstract:* Data security doesn't involve just securing data at rest or
> in transit. It also needs to be secured in use ? which means that at any
> point, the characteristics of the data can change. We call this
> situation a "data event," and it can mean that security requirements
> have to change as a result.
>
> This is not the same thing as logging event data; this is taking into
> account changes in the combination, use or business context surrounding
> specific data. For example, a press release is confidential and requires
> a certain set of security policies in the areas of access control, DLP,
> key management (if encryption is involved), and so on. But once the
> business event occurs, the press release suddenly becomes the opposite
> of confidential, and all the policies have to change immediately as a
> result.
>
> Data events can also occur when data elements are combined in particular
> ways so that they become covered by regulations. A query might produce a
> small enough sample size that it needs to be treated as protected
> information, or a doctor becomes a patient so that her name is now
> protected by HIPAA. Data events are often tied closely to the business
> context, and as such can mirror transactions and workflows.
>
> Data events are important because traditional security policies have
> been applied to the current container of the data: this database is
> confidential because some rows are confidential, or this Word document
> requires access control (but its content can be copied and pasted
> somewhere else). Container-centric security is too static for today's
> high-speed, big-data, cloud-based (pick as many buzzwords as you like)
> processing.
>
> This talk will describe the concept of data events, and will invite
> audience discussion on how security controls can be adapted to them.
>
>
> *Food:* Oh yeah, Taco Deli time! Please RSVP so we'll be sure to have
> enough for all! Only those who RSVP will be eligible for any
> drawings/giveaways that may take place! (and there will be very cool
> giveaways! )
>
>
> *Location:* National Instruments, 11500 N. Mopac.Building C
>
> *RSVP:* http://owaspjanuary.eventbrite.com/
>
> Register to join the Webinar to listen live:
>
> https://www3.gotomeeting.com/register/846849854
>
>
>
>
> *************************************************
> *
>
>
> *February Austin Security Professionals Happy Hour- Sponsored by SOS
> Security and Palo Alto Networks
> *
>
> *When: *February 21st, from 5-7 pm**(Normally this event is held the
> second Thursday of each month, but due to the fact that this would fall
> on Valentines Day, we decided to bump it ahead a week.)
>
> *Where: *Sherlocks Pub and Grill, 183 & Burnet*
> *
>
> *More information and an RSVP link soon to come!*
>
> ***************************************************
>
> *
>
> *OWASP Study Group*
>
> We meet every Wednesday from 12:00p-1:00p at National Instruments
> Building A on the second floor in one of the large conference rooms.
> Paul Griffiths, our Vice President, has been guiding these meetings. We
> are still finishing up "Metasploit: the Penetration Tester's Guide" by
> Dave Kennedy. Next week we're going to continue to play with wireless
> and Karmetasploit.
>
>  It's a great networking opportunity and you just might learn something
> in the process and teach others as well!
>
>
> ***********************************************
>
> *BSides Austin 2013
> *
> >From Michael Gough:
>
> It is time for BSides Austin again!
>
> Weds evening -- Code 2600 at the Paramount Stateside theatre
>
> Thurs-Fri -- The Con
>
> Thurs evening -- Fire Marshall Talks
>
> Fri night -- Special after Con Social with a special guest (check out
> the riddle)
>
>
>
> The special premier of Code 2600 is open to anyone who wants to get
> tickets, so promote that as well.
>
>
>
> Thank you for your support !!
>
>
>
> MG
>
>
>
>
>
>
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.owasp.org/pipermail/owasp-austin/attachments/20130128/21f48139/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> Owasp-austin mailing list
> Owasp-austin at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-austin
>
>
> End of Owasp-austin Digest, Vol 77, Issue 9
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130129/9cbc1ab3/attachment.html>


More information about the Owasp-austin mailing list