Please join the ISACA Boise chapter in our support of Toys for Tots.

ISACA Boise has given a cash donation of $500 to the Boise Toys for Tots Campaign and we are challenging all ISACA Boise members to donate an amount of your choosing to this worthwhile cause.

If you drop us a line (president@isacaboise.org), we will post the names and businesses who have stepped up to the challenge to provide happiness and hope to less fortunate children by distributing toys, books, and other gifts collected by the Treasure Valley community.  Be sure to include how you would like your giving to be referenced.  (Name – (Business Name (opt))

ISACA Boise Chapter Member Giving Record

1. ISACA Boise Chapter
2. Dennis McLaughlin / Lamb Weston Pay it Forward Campaign
3. Brian Tanner

Due to unforeseeable circumstances, we unfortunately need to cancel the CPE Event scheduled for Wednesday, December 16^th, 2020.  We are on target to hold our CPE event in January.

Topic:  Top 10 Things They Hate about Us:  Avoiding the Security Traps in an IACS Assessment

Join us for this presentation by Bri Rolston, Chief Research & Security Geek, GkJuju Security & Consulting Services

Time and Location: December 16th, via Zoom Meeting 12:00-1:00pm

Please Note:  Zoom information will be sent in the RSVP Confirmation Email.

In keeping with our annual tradition, click below to assist ISACA Boise’s Virtual support of Toys for Tots.

 ISACA Boise Toys for Tots Giving

Presentation Summary:  In 20 years of IACS security work, I have yet to meet an engineering or process control team that doesn’t have a Top 10 Hate List for the security team.  10-20 security controls repeatedly cause more damage than they prevent if not rolled out in a thoughtful, methodical way to IACS networks.  

How can cyber security risk management efforts be considered effective if they CAUSE the impact we were hoping to avoid?  Why is it so hard for engineering and control system teams to fight the obvious and get IT and cyber security groups to pay attention?    

We’ll cover the basics of Industrial and Automation Control Systems (IACS) and why they differ so greatly from corporate IT environments.  Then, we’ll discuss how to secure them appropriately and balance functional vs technical security risk.  We’ll actually walk through a common Life Cycle Management (LCM) problem and do a technical risk analysis of it.

Bri Rolston, Chief Research & Security Geek, GkJuju Security & Consulting Services.  

By day, this mild-mannered <insert sarcastic disbelief here> geek works at Idaho National Laboratory  and specializes in defensive, security engineering research and threat response. She has more than 25 years’ experience in telecommunications, Information Technology (IT), Industrial Automation & Control  Systems (IACS)/Operational Technology (OT) security research as well as a wide range of operational  security experience including incident response, threat management, risk analysis & remediation,  vulnerability management, secure code development, cloud security, and IACS security program  development. She has trained a number of IACS incident response teams including DHS CIRT in 2005,  contributed to IACS and OT security standards development for DHS, DOE, NIST, and ISA/IEC, run a  number of incident response efforts for nation-state attacks (Google Aurora 2010), and has a patent for  efficient attack path selection and risk analysis.  

By night, the geek side REALLY comes out. She spends more time than she should considering deeply geekly ideas as part of the global research community, helps organize conferences such as BSides IF,  volunteers at small community groups, and vacations at different security cons. During this time, she follows the darker path of threat research–fingerprinting attack teams, examining the halo effects in  exploit development, and identifying 2nd-payload in IACS/OT attacks. Sometimes, she even plots world  domination and may plan to take over the world using a IIoT tractor SDRs, cell-towers, drones, and  satellites . <Cue evil laugh>

Please join the Boise IIA & ISACA Chapters, Tuesday, Dec 8, 2020, 11AM – 1PM (MST) in a virtual, 2 CPE, Ethics session.

Fees are for this session are

• $25 for IIA & ISACA members,
• $30 for non-members
• $5 for students

A link to the event will be included in the registration confirmation email. We look forward to seeing you online, Tuesday, December 8. (The session will open 30 minutes prior to the presentation to resolve any technical issues attendees might experience.)

Much attention is paid to a company’s ethical (or unethical) conduct. Companies are led by people and people are making choices that drive the organization. Each individual makes a decision every day to proceed with honesty and integrity, or to choose deceit and subterfuge. These small daily choices, made by real people, comprise an entire company’s ethical identity. 

Ryck Tanner, Director, Leadership Learning & Development, J.R. Simplot Company, has devoted much of his career to building up individuals and organizations. Bringing intention, mindfulness and awareness to decision-making can make the difference between giving in to the temptation of a fraudulent quick win, and playing the long game to legitimate success.

Topic:  Digital Hygiene IS the fundamentals

Join us for this presentation by Scott Lyons, Co-CVO of Red Lion and Joshua Marpet, Co-CVO of Red Lion

Time and Location: November 18th, via Zoom Meeting 12:00-1:00pm

Please Note:  Zoom information will be sent in the RSVP Confirmation Email.

Summary:  Digital Hygiene is an important part of doing the fundamentals. As a matter of fact, it IS the fundamentals! Whether patch management, vulnerability management, configuration management, or change management, you’ll notice that the word management is all over the place in Digital Hygiene! That’s because all of the fundamentals involve management of your organization’s policies, procedures, and technical control implementation. Let’s talk about how digital hygiene should integrate with all of your risk management activities, and discuss how doing the fundamentals of information security puts you ahead of the competition!

Scott Lyons:

• Co-CVO of Red Lion
• Patent-pending author for Blockchain based Digital Forensics System
• Certification holder (won’t say which, CIS-Something or other)
• 25 years in technology with 23 in security
• Co-Host Security and Compliance Weekly
• MISTI Certified Trainer
• Just a guy looking to make an impact…
• Focus: Business and Technology.
• Sandtrooper in the 501^st

Joshua Marpet

• Co-CVO of Red Lion
• Internationally renowned Digital Forensics Expert
• IANS Faculty
• Co-Host of Security and Compliance Weekly, Over 7000 views weekly
• Patent-pending author for Blockchain based Digital Forensics System
• Honored as one of the Top 10 most influential people in BSides
• Former board member Hackers For Charity, BSidesLV, and others.
• Current Board member BSidesDE, BSidesDC, and others
• Proud father, husband, and mentor.
• Cryptography and systems design are Josh’s hobbies