ISSA NE January 17th Meeting Announcement
The next New England ISSA Chapter meeting will take place Tuesday, January 17 at 12:45pm, with
registration starting at 12:00. The meeting will be at Building 500 of the Cisco Facility in Boxborough, MA.
Please check below for directions.
Note: Please register at the ISSA NE web site today if you will be attending: http://www.issa-ne.org
Directions to Cisco, Boxborough, MA
Can be found at
BOXBOROUGH, MASSACHUSETTS, SITE II
200, 300 & 500 Beaver Brook Road
Boxborough, MA 01719
From Logan Airport (Boston, MA) Option 1:
1. Exit left out of the airport, following the signs to I-93/Mass Pike via the Sumner Tunnel.
2. Pay toll at Sumner Tunnel. (Please note that you may be detoured from the tunnel due to a traffic
surge and/or construction. If this happens, please follow the detour signs closely to the tunnel.)
3. Get in your left lane and at the end of the tunnel veer right to get onto I-93 North.
4. Stay on I-93 North approximately 20-25 miles to I-495 South.
5. Take I-495 South to Exit 28 (Route 111) Boxborough.
6. Take a left at the end of the off ramp and merge onto Route 111.
7. Take a right onto Swanson Road at the first set of lights.
8. Take a left onto Beaver Brook Road (look for Cisco sign).
9. Building 200 and 300 are on the left, Building 500 is on the right.
10. The main lobby is in Building 500.
From Logan Airport (Boston, MA) Option 2:
1. From Logan Airport, follow flow of traffic through the Ted Williams Tunnel to the Massachusetts
Turnpike West (I-90, referred to as Mass Pike and toll is required).
2. Stay on Mass Pike to I-495 North.
3. Take I-495 North to Exit 28 (Route 111) Boxborough.
4. Upon exiting, turn right at the light.
5. At the second set of lights take a right onto Swanson Road.
6. Take a left onto Beaver Brook Road (look for Cisco sign).
7. Building 200 and 300 are on the left, Building 500 is on the right.
8. The main lobby is in Building 500.
Please note that our typical sequence of presenters has changed just for this meeting in order to
accommodate our speakers' schedules.
12:45-1:00 Chapter Open and Business
Recognition of Gerry Issacson – Founding member of the chapter on his retirement
1:00-2:00 ISO 17799 Security Code of Practice and How it Will Fit with Other ISO Standards and
Technical Reports - Don Holden, Concordant
2:00-2:45 Sponsor Industry presentation, Cisco - Ken Kaminski
3:15-4:15 VoIP Security - Stu Jacobs, Verizon
4:15-4:30 Meeting concludes
Member Cost is free. Non-member or guest cost is $40.
Become a member at http://www.issa.org/
We will recognize the contribution of one of the chapter’s founding members, Gerry Issacson, on the
occasion of his retirement from the Information Systems Security industry.
Donald Holden, CISSP-ISSMP, Concordant, Inc.
Don Holden is a technology executive with Concordant who specializes in information security. He has
more than 20 years of management experience in information systems, security, encryption, business
continuity and disaster recovery planning in both industry and government. Previously he was a
technology leader for RedSiren Technologies (formerly SRI Consulting) and Digital Equipment. Holden
has participated in security standards since 1981 when he represented Digital on the ASC X9 Financial
Industry Standards which developed the first standard for message authentication and key management.
Currently he is a representative on the InterNational Committee for Information Technology Standards
(INCITS) and a member of the IEEE Standards Association. Additionally Holden is an adjunct professor
at Norwich University in the Masters of Science in Information Assurance department.
ISO 17799 Security Code of Practice and How it Will Fit with Other ISO Standards and Technical
ISO 17799 began as the Information Security 'Code of Practice' from the UK's Department of Trade and
Industry (DTI 7799) in the early nineties. Despite opposition from the US and several other large
countries who argued that this was a guideline and not a standard, it became an ISO Standard in 2000.
Now ISO/IEC JTC 1/SC27 is organizing a series (2700x) of security standards, guidelines, and Technical
Reports. Existing ISO standards such as 17799 and reports are being “harmonized” and renumbered.
New standards will be added to address certification of information security management systems (ISMS)
as well as guidelines for implementing security techniques. An ISO standard for certification of security
management systems should have a major impact on all medium to large companies.
Ken Kaminski is the Senior Consulting Systems Engineer for the Northeast specializing in Security
Products and Technologies. He supports large enterprise accounts in the Northeast and Upstate New
York covering Cisco’s entire security-related product lines and teaches and speaks often on security-
Prior positions include Consulting Systems Engineer for Voice Technologies at Cisco Systems and Senior
Systems Engineer for a start-up company in the carrier ATM switching market. He was also a
Telecommunications Officer in the US Army. Ken has his CISSP along with a BA and MA from Boston
Securing the Intelligent Information Network
The Self-Defending Network is Cisco's long-term strategy to protect an organization's business processes
by identifying, preventing, and adapting to threats from both internal and external sources. This protection
helps organizations take better advantage of the intelligence in their network resources, thus improving
business processes and cutting costs. There are three principal characteristics of the Cisco Self-
Defending Network: The integration of security throughout all aspects of the network; Collaborative
processes between the various security and network elements; the ability of the network to adapt to new
threats as they arise. The Cisco networked-based strategy allows you to use your existing investment to
solve your most pressing security concerns today, while providing an architectural platform that can
evolve to proactive, automated, real-time management of threats.
Mr. Stuart Jacobs received his MS in Applied Statistics and Educational Research from Southern
Connecticut State University, New Haven, Connecticut, in June 1973, and a Bachelor's in Computer
Science from University of Wisconsin Madison, awarded in 1972. His research interests are in network
design and security, in particular, wireless networks, public key infrastructures, network authentication
schemes, and distributed computing security mechanisms, including autonomous agent systems. Since
1996, Mr. Jacobs has been employed at GTE Laboratories Inc., Waltham, MA. His responsibilities
include research on authentication mechanisms for Mobile IP, Mobile Ad-Hoc Networks (MANET), and
Intelligent Agents, as well as security consulting on wireless and wired networks, vulnerability analysis
and intrusion detection. Previously Mr. Jacobs served as a Systems Engineer and Network Architect at
GTE Government Systems Inc. where he was responsible for research and development on numerous
strategic and tactical US military communications systems ranging from submarine-deployed high data
rate satellite base stations to NORAD early warning communication systems. Stuart is the lead security
architect for Verizon's commercial phone, data, and video networks and has been very involved in
Verizon's roll-out of VoIP.
Securing VoIP relies on many of the same security techniques as securing any other IP-based
infrastructure. Providing a security architecture that covers Confidentiality, Integrity, Authentication,
Authorization, and Non-Repudiation are all necessary. Devices are necessary to mitigate the exposures
that IP-based networks have to deal with daily: Application layer firewalls, firewall pin-holing, application
layer gateways, session border controllers, peering with other networks, SIP/H248 protocols for signaling,
RTP/SRTP bearer traffic inspection, IPSec, etc. All of this traffic must be wrapped around Quality of
Service (QoS) so that the filtering can be done efficiently with little latency on the phone call. This talk will
expand on these topics and provide a framework for how to roll out carrier-class VoIP.
President - New England ISSA, http://www.issa-ne.org
Nixon Peabody LLP
889 Elm Street
Manchester, NH 03101
Phone: (603) 628-4006
FAX: (646) 792-3883
The following are New England ISSA Chapter sponsors:
Note: Sponsors may bring materials to the meetings for members to receive at the registration desk.
Application Security Inc - <www.appsecinc.com>
Arbor Networks - <www.arbornetworks.com>
Citadel Security - www.citadel.com
Cisco Systems, Inc. - www.cisco.com <http://www.cisco.com>
Computer Associates - <www.ca.com>