Dear Chapter Members,
Below is the agenda for January’s ISSA New England Chapter Meeting.
Please R.S.V.P. at the ISSA-NE website: www.issa-ne.org.
DATE: Thursday, January 18, 2007.
LOCATION: RSA Headquarters, 174 Middlesex Turnpike, Bedford, MA 01730
12:30 p.m. – 1:00 p.m. Registration
1:00 p.m. – 1:15 p.m. Welcome and Chapter Business
Donna Chase, ISSA NE President
1:15 p.m. – 2:15 p.m. Management Presentation: EMC’s Value Chain Risk
Roland Cloutier, Senior Director, EMC Global Security
2:15 p.m. – 2:30 p.m. Cool Tool: Portable Applications
John Manning, Network Intelligence
2:30 p.m. – 2:45 p.m. Break: Refreshments
2:45 p.m. – 3:45 p.m. Technical Presentation: Expanding Business
Relationships through Federated Identity Management
Pavan Pant, RSA Product Manager
3:45 p.m. – 4:30 p.m. Vendor Presentation: Access Management and
Monitoring: Cost-Effective Alternative for Meeting the
Mark Jaffe, Head Access & Compliance Solutions, Securify
4:30 p.m. – 4:45 p.m. Wrap-Up
Donna Chase, ISSA NE President
SESSION ABSTRACTS AND SPEAKER BIOGRAPHIES:
MANAGEMENT PRESENTATION: EMC’S VALUE CHAIN RISK ASSESSMENT
BIOGRAPHY: Roland Cloutier, Senior Director, EMC Global Security Organization
Roland P. Cloutier leads EMC’s efforts in protecting business operations worldwide as
the Senior Director of the Global Security Organization (GSO). Cloutier has functional
and operational responsibility for all of EMC’s information, risk, crisis management, and
investigative security operations. He is an industry expert in the development and
delivery of Corporate Protection in both the commercial and government sectors and
brings 14 years of experience in security program development services and leadership
in this field. Prior to EMC, Cloutier was the Vice President of Cyber Security at AimNet
Solutions, a national critical infrastructure consulting and managed services firm. He
served as the VP of Technology and the National Director for Information Protection at
Paradigm Technology Partners which was acquired by AimNet in November of 2003.
Cloutier’s education includes studies in Criminal Justice and IT at Boston University,
Holyoke College, and Community College of The Air Force. He is a CISSP, Microsoft
Certified Systems Engineer and Internet Specialist, a Checkpoint Firewall Engineer, a
member of the High Tech Crime Investigations Association, the U.S. State Department
Partnership for Critical Infrastructure Security, and a member of the InfraGard Program
of the FBI.
EMC’s Value Chain Risk Assessment is an innovative business alignment risk
identification and program alignment tool. It is designed to identify information security
risks within key EMC business units and provide recommendations to close gaps in the
information security project portfolio. The key concept of this successful business
operations security strategy is the integration of business process owners into the work
stream to drive meaningful, quantifiable, and quantitative data that truly informs,
educates, and involves the business owners in addressing their risks. The context of a
risk assessment, targeting the Value Chain allows EMC to understand which business
processes and business assets are most critical to which business units, the threats to
those assets and processes, and proposed risk mitigation that will give the largest
return to the company in the way of its security investments.
TECHNICAL PRESENTATION: EXPANDING BUSINESS RELATIONSHIPS
THROUGH FEDERATED IDENTITY MANAGEMENT
BIOGRAPHY: Pavan Pant, RSA Product Manager
Mr. Pavan Pant is currently the Product Manager for RSA’s Federated Identity Manager
(FIM) and RSA Access Manager. Before taking on this current challenge, Mr. Pant
spent three years as part of the RSA FIM design and development team, along with
promulgation of the OASIS SAML standards. Prior to RSA, he worked for Ernst and
Young doing network risk analysis. Mr. Pant has a Master of Science with a
concentration in Communication Systems and Computer Networks from Boston
Enabling enterprises to easily access the electronic resources of remote offices,
autonomous business units, and business partners can be a complex and time-
consuming effort. When businesses begin to merge in more consumer-facing online
ventures, the complexity will grow exponentially. Yet that is the model numerous
industries are moving towards. Just as the Internet made it easier to share information,
today’s collaborative and interconnected e-business landscape requires a secure and
effective way to share trusted user identities.
This is the concept behind federated identity, which the Burton Group defines as “The
agreements, standards, and technologies that make identity and entitlements portable
across autonomous domains.” It is analogous to a driver’s license: One state provides
a credential to an individual that is trusted and accepted as proof of identity by other
states. This trust requires and is a result of the combination of powerful, reliable
technology and the business and legal agreements that enterprises enter into to
establish mutual responsibility and commitment.
VENDOR PRESENTATION: SECURIFY
BIOGRAPHY: Andrew Hoerner, Marketing Manager
Mark Jaffe is head of Access and Compliance Solutions at Securify. Mark has over 22
years of experience in the high tech industry, in product marketing, software sales, and
executive management. Prior to Securify, he held senior positions at Axentis, Onlink
Technologies which was acquired by Siebel Systems for $600M, Prolifics, Interbase,
and several startups focused on security and compliance.
Worldwide, companies are spending over $3b a year on IAM initiatives. Despite this
investment, 1 in 3 companies still has access control audit issues. This session will
cover the challenges associated with IAM projects and an alternate approach to meet
access control audit and compliance goals. Covered will be:
• Best way to monitor and verify the effectiveness of access controls for compliance
• Within a multi-year IAM project, find gaps & apply compensating controls
• Reduce time and effort required for role discovery, testing, and maintenance
• The most effective means of monitoring privileged users
Important: To ensure you don’t missing any emails from ISSA NE, please update your
spam filters to allow emails from email@example.com. I will be using this email
address to send ISSA New England-related notifications going forward.
DIRECTIONS TO VENUE:
Directions to ISSA-NE January 18, 2007, Meeting
174 Middlesex Turnpike
Bedford, MA 01730
Please note that all visitors should have picture identification to obtain their
Route 128/Interstate 95 North or Southbound
1. Exit 32-A, Route 3, North.
2. Take the first exit, Exit 26, off Route 3.
3. At end of exit ramp, proceed straight across intersection of Route 62. This is Crosby
4. Go all the way to the end of Crosby Drive and take a left at the traffic lights onto
5. Take a left at the first traffic light: This is RSA Security, 174 Middlesex Turnpike.
6. There is plenty of parking in front of the two buildings and behind both buildings.
7. Enter the front of the building on the right as you come down the driveway. This is
Routes I-495 and Route 3 from NH
1. Exit 35 off I-495, taking Route 3, South towards Burlington.
2. Exit 26 off of Route 3 (the last exit before Route I-95/128).
3. At the end of the exit ramp, turn left on to Route 62, East.
4. Turn left at the next traffic light onto Crosby Drive.
5. Go all the way to the end of Crosby Drive and take a left at the traffic lights onto
6. Take a left at the first traffic light: This is RSA Security, 174 Middlesex Turnpike.
7. There is plenty of parking in front of the two buildings and behind both buildings.
8. Enter the front of the building on the right as you come down the driveway. This is
OUR 2006 SPONSORS:
Application Security, Inc. - www.appsecinc.com
Blue Coat Systems, Inc. - www.bluecoat.com
Cisco Systems - www.cisco.com
Core Security Technologies - www.coresecurity.com
CounterStorm, Inc - www.counterstorm.com
General Dynamics Network Systems - www.gd-ns.com
Integralis - www.us.integralis.com
LogLogic - www.loglogic.com
Minuteman Security Technologies - www.minutemanst.com
Newbury Networks, Inc. - www.newburynetworks.com
OpenService - www.openservice.com
Q1 Labs, Inc. - www.q1labs.com
Securify - www.securify.com
Symantec, Inc. - www.symantec.com
TopLayer - www.toplayer.com
Vericept - www.vericept.com
Verisign - www.verisign.com
Vontu - www.vontu.com
Donna Chase, CISA, CISSP
Information Systems Security Association
President, New England Chapter
Work Phone: 617-563-4675