ISDPodcast Episode 321 for February 11, 2011. Tonight’s podcast is hosted by Rick Hayes, Keith Pachulski, Karthik Rangarajan, Geordy Rostad and Varun Sharma.
Announcements:
Appalachian Institute of Digital Evidence (AIDE)
When: February 17 – 18, 2011
Where: Marshall University Forensic Science Center, Huntington, WV
http://aide.marshall.edu/default.htm
SANS Community
Jason Lawrence, Management 414: SANS +S Training Program for the CISSP Certification Exam
When: Wednesday, February 23, 2011 – Wednesday, April 27, 2011
http://www.sans.org/mentor/details.php?nid=23493
Use the Discount Code: isdpod15 for a 15% discount.
OWASP February Chapter Meeting:
When: February 24, 2011 6-8pm
Where: Tilted Kilt http://tinyurl.com/4oh2thj
My Hard Drive Died:
Data Recovery Expert Certification
When: March 7-11,2011
Where: Washington, DC
Data Recovery Expert Certification
When: April 11-15, 2011
Where: Atlanta, GA
http://www.myharddrivedied.com/data-recovery-training
@BSidesAustin:
When: March 11-12, 2011Where: The Walton-Joseph Building, 706-708 6th Streethttp://www.securitybsides.com/w/page/33728032/BSidesAustin2011
#Outerz0ne:When: March 18-19, 2011Where: Atlanta, GACFP open now! http://bit.ly/dJoIM9
Indiana Linux Fest:
When: March 25-27, 2011Where: Wynhdam Indianapolis West Hotel Indianapolis, INhttp://www.indianalinux.org/cms/
#BruCon
When: Sept 19-22, 2011
Where: Brussels, Belgium
http://blog.brucon.org/2011/02/confirmation-of-brucon-dates.html
CFP & CFT open now! http://blog.brucon.org/2011/01/brucon-call-for-papers-2011.html
@DerbyConWhen: September 30th – October 2, 2011
Where: Louisville, KY
http://www.derbycon.com/
Intro/Outro Music provided by JimmyZ (http://soundcloud.com/jimmyz)
Special Guest: Iftach Ian Amit (@iiamit). Ian is the VP Business Development at Security Art. Ian was the founder and CTO of a IDS/IPS security startup that developed new techniques for attack interception. He is general trouble maker and routine speaker at Infosec, Hacker-Halted, FIRST, BruCon, SOURCE, AthCon, BruCON and ExcaliburCon. He is one helluva smart guy, a security bad-ass and all around a really super nice person. In addition, Ian is a contributor to the Penetration Testing Execution Standard. His personal blog is http://www.iamit.org. He will be at SOURCE in Boston if you are in the area.
Ian’s data ex-filtration PoC tool that he has aptly named “data-sound-poc” which is a proof of concept for converting data to sound and vice-versa can be found here.
Security Art as well as Ian are big proponents of Factor Analysis of Information Risk (FAIR). We discussed this in ISD Podcast Episode 125 for May 7, 2010. Unfortunately, the audio is not currently available. However, quickly explain that FAIR is a framework of interconnected models that describe how key elements of the risk landscape work. Unlike other “models” used widely in the industry (e.g., ISO, NIST, CMM, COBIT, etc.) FAIR models describe the underlying dynamics of the complex risk landscape — the why and the how. This underlying description enables meaningful measurement and analysis of the landscape in ways no other models being used today can.
Initially developed in 2001 and under continual evolution since, FAIR was created by Jack Jones, a CISO who was trying to find a practical means of answering the questions executive management was asking of him.
FAIR Links:
Risk Management Insight
FAIR – Basic Risk Assessment Guide (BRAG)
RiskAnalys.is – The FAIR Weblog
RMI Homepage
Security Art:
http://www.security-art.com/download-report
No comments
Trackbacks/Pingbacks