February 21, 2018 CPE Luncheon

Topic: Auditor’s Guide to AD Security.

Join us for this presentation by Adam Steed, Associate Director, Protiviti

Time and Location: February 21st, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

Presentation Summary:  Over the last 18 months one of the most consistent findings for Internal Penetration tests involve Credential Theft and Pass the Hash (PtH) attacks in Active Directory. Organizations need to create comprehensive audit programs that can assess these types of threats and assess other top Active Directory security risks.

In this session, we will cover:

  • Fundamentals of Credential Theft and Pass the Hash
  • Demonstrate common Credential Theft and Pass the Hash attack tools
  • Explain the controls an organization must put in place to protect against these types of attacks
  • Discuss the other top 5 security issues common in Active Directory environments
  • Define the elements needed in an Active Directory security audit work program

Speaker:  Adam is an Associate Director in Protiviti’s Salt Lake City office. He brings over 20 years of experience in Healthcare, Banking and Internet E-Commerce. Adam has demonstrated experience in helping organizations move Identity Management  beyond compliance to optimized processes and security by finding a balance between business process optimization, usability and security. His former employers include W.J. Bradley Mortgage (Top 20 Mortgage Company), Zions Bank (15,000 Employees) and Ancestry.com (6,000 Servers).  Adam is also a sought after speaker on at conferences such as Defcon, ISACA events, BSides, and Oktane.

Compunet Red vs Blue Workshop

ISACA Boise has partnered with Compunet to offer a free Red vs. Blue Workshop on Friday, February 9th.  This offer is being offered to Boise ISACA members and seating is limited.  Compunet will compile the registrations. If we exceed the allotted seats, they may offer and additional afternoon session.

Limited Space Available

CompuNet’s Red vs Blue Competition Workshop

Have you ever detected an attack while it was happening? Have you ever been the attacker? Red versus Blue is a hands-on workshop where participants experience security attacks from the perspective of an attacker and a defender.

Join us for our security competition Red vs Blue.This workshop allows participants to experience security attacks from the perspective of an attacker and a defender.
As a Blue Team participant, you’ll be monitoring a live environment looking for anomalous behaviors.  It will be your job to identify the breach and make recommendations for remediation.  Blue team players will get hands-on experience using tools for attack detection.
Red Team participants will receive a playbook with step-by-step instructions for a series of attacks against the Blue Team.  All Red Team tools are included with Kali Linux.
This event is designed for players of all abilities.
What to bring:  A laptop capable of booting Kali Linux is required.

COBIT 5 User Group

The Boise Chapter of ISACA is starting a COBIT 5 User Group.  COBIT 5 is ISACA’s framework to help organizations govern and manage enterprise IT.  What makes COBIT 5 so unique is it is an umbrella framework that leverages other compliance and operational frameworks.  Such framework areas as Sarbanes Oxley (SOX) compliance, PCI, HIPAA, service management, and project management fit very well under the umbrella.  The Boise chapter wants to set up a user group that will meet every other month for an hour or two to share ideas, best practices, and learnings on implementing COBIT 5.  We encourage IT executives, managers and professionals to participate in this user group forum.

Please contact John Stiffler at academic@isacaboise.org if you are interested in attending the user group meetings.  Once we have 7 to 10 interested individuals, we will schedule our first user group session.

January 17, 2018 CPE Luncheon

Topic: Orchestration and Automation in the Real World.

Join us for this presentation by Ken Dunham | MSS Technical Director, Optiv

Time and Location: January 17th, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

Presentation Summary:  TBA

Speaker:  Ken Dunham – CISSP, GCFA Gold (forensics), GCIH Gold (honors, incident handling), GSEC (network security), GREM Gold (reverse engineering), GCIA (intrusion detection), Certified Information Security Manager (CISM-ISACA)

Scholarship Application 2018 – 2019 Academic Year

The ISACA Boise Chapter is proud to offer a $1,000 scholarship for the 2018-2019 academic school year. This scholarship is to promote students studying in the related fields of Computer Science, Information Systems and Accounting.  The application deadline is February 28, 2018.

As a nonprofit, global membership association for IT and information systems professionals, ISACA is committed to providing its diverse constituency of more than 140,000 worldwide with the tools they need to achieve individual and organizational success. The benefits offered through our globally accepted research, certifications and community collaboration result in greater trust in, and value from, information systems. Through more than 200 chapters established in more than 80 countries, ISACA provides its members with education, resource sharing, advocacy, professional networking, and a host of other benefits on a local level.

ISACA’s constituency is characterized by its diversity. The global community of ISACA members and certification holders cover a variety of professional IT-related positions—some of which include IS auditor, consultant, educator, IS security professional, risk professional, chief information officer and internal auditor. Some are new to the field, others are at middle management levels and still others are in the most senior ranks. ISACA constituents work in nearly all industry categories, including financial and banking, public accounting, government and the public sector, utilities and manufacturing.