Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Dear Chapter Members, Below is the agenda for January’s ISSA New England Chapter Meeting. Please R.S.V.P. at the ISSA-NE website: DATE: Thursday, January 18, 2007. LOCATION: RSA Headquarters, 174 Middlesex Turnpike, Bedford, MA 01730 (directions below). AGENDA: 12:30 p.m. – 1:00 p.m. Registration 1:00 p.m. – 1:15 p.m. Welcome and Chapter Business Donna Chase, ISSA NE President 1:15 p.m. – 2:15 p.m. Management Presentation: EMC’s Value Chain Risk Assessment Roland Cloutier, Senior Director, EMC Global Security Organization 2:15 p.m. – 2:30 p.m. Cool Tool: Portable Applications John Manning, Network Intelligence 2:30 p.m. – 2:45 p.m. Break: Refreshments 2:45 p.m. – 3:45 p.m. Technical Presentation: Expanding Business Relationships through Federated Identity Management Pavan Pant, RSA Product Manager 3:45 p.m. – 4:30 p.m. Vendor Presentation: Access Management and Monitoring: Cost-Effective Alternative for Meeting the Audit Challenge Mark Jaffe, Head Access & Compliance Solutions, Securify 4:30 p.m. – 4:45 p.m. Wrap-Up Donna Chase, ISSA NE President SESSION ABSTRACTS AND SPEAKER BIOGRAPHIES: MANAGEMENT PRESENTATION: EMC’S VALUE CHAIN RISK ASSESSMENT BIOGRAPHY: Roland Cloutier, Senior Director, EMC Global Security Organization Roland P. Cloutier leads EMC’s efforts in protecting business operations worldwide as the Senior Director of the Global Security Organization (GSO). Cloutier has functional and operational responsibility for all of EMC’s information, risk, crisis management, and investigative security operations. He is an industry expert in the development and
  2. 2. delivery of Corporate Protection in both the commercial and government sectors and brings 14 years of experience in security program development services and leadership in this field. Prior to EMC, Cloutier was the Vice President of Cyber Security at AimNet Solutions, a national critical infrastructure consulting and managed services firm. He served as the VP of Technology and the National Director for Information Protection at Paradigm Technology Partners which was acquired by AimNet in November of 2003. Cloutier’s education includes studies in Criminal Justice and IT at Boston University, Holyoke College, and Community College of The Air Force. He is a CISSP, Microsoft Certified Systems Engineer and Internet Specialist, a Checkpoint Firewall Engineer, a member of the High Tech Crime Investigations Association, the U.S. State Department Partnership for Critical Infrastructure Security, and a member of the InfraGard Program of the FBI. ABSTRACT: EMC’s Value Chain Risk Assessment is an innovative business alignment risk identification and program alignment tool. It is designed to identify information security risks within key EMC business units and provide recommendations to close gaps in the information security project portfolio. The key concept of this successful business operations security strategy is the integration of business process owners into the work stream to drive meaningful, quantifiable, and quantitative data that truly informs, educates, and involves the business owners in addressing their risks. The context of a risk assessment, targeting the Value Chain allows EMC to understand which business processes and business assets are most critical to which business units, the threats to those assets and processes, and proposed risk mitigation that will give the largest return to the company in the way of its security investments. TECHNICAL PRESENTATION: EXPANDING BUSINESS RELATIONSHIPS THROUGH FEDERATED IDENTITY MANAGEMENT BIOGRAPHY: Pavan Pant, RSA Product Manager Mr. Pavan Pant is currently the Product Manager for RSA’s Federated Identity Manager (FIM) and RSA Access Manager. Before taking on this current challenge, Mr. Pant spent three years as part of the RSA FIM design and development team, along with promulgation of the OASIS SAML standards. Prior to RSA, he worked for Ernst and Young doing network risk analysis. Mr. Pant has a Master of Science with a concentration in Communication Systems and Computer Networks from Boston University. ABSTRACT: Enabling enterprises to easily access the electronic resources of remote offices, autonomous business units, and business partners can be a complex and time- consuming effort. When businesses begin to merge in more consumer-facing online ventures, the complexity will grow exponentially. Yet that is the model numerous industries are moving towards. Just as the Internet made it easier to share information, today’s collaborative and interconnected e-business landscape requires a secure and effective way to share trusted user identities. This is the concept behind federated identity, which the Burton Group defines as “The agreements, standards, and technologies that make identity and entitlements portable
  3. 3. across autonomous domains.” It is analogous to a driver’s license: One state provides a credential to an individual that is trusted and accepted as proof of identity by other states. This trust requires and is a result of the combination of powerful, reliable technology and the business and legal agreements that enterprises enter into to establish mutual responsibility and commitment. VENDOR PRESENTATION: SECURIFY BIOGRAPHY: Andrew Hoerner, Marketing Manager Mark Jaffe is head of Access and Compliance Solutions at Securify. Mark has over 22 years of experience in the high tech industry, in product marketing, software sales, and executive management. Prior to Securify, he held senior positions at Axentis, Onlink Technologies which was acquired by Siebel Systems for $600M, Prolifics, Interbase, and several startups focused on security and compliance. ABSTRACT: Worldwide, companies are spending over $3b a year on IAM initiatives. Despite this investment, 1 in 3 companies still has access control audit issues. This session will cover the challenges associated with IAM projects and an alternate approach to meet access control audit and compliance goals. Covered will be: • Best way to monitor and verify the effectiveness of access controls for compliance • Within a multi-year IAM project, find gaps & apply compensating controls • Reduce time and effort required for role discovery, testing, and maintenance • The most effective means of monitoring privileged users Important: To ensure you don’t missing any emails from ISSA NE, please update your spam filters to allow emails from I will be using this email address to send ISSA New England-related notifications going forward. DIRECTIONS TO VENUE: Directions to ISSA-NE January 18, 2007, Meeting RSA Headquarters 174 Middlesex Turnpike Bedford, MA 01730 Please note that all visitors should have picture identification to obtain their visitors’ badges. Route 128/Interstate 95 North or Southbound 1. Exit 32-A, Route 3, North. 2. Take the first exit, Exit 26, off Route 3. 3. At end of exit ramp, proceed straight across intersection of Route 62. This is Crosby Drive. 4. Go all the way to the end of Crosby Drive and take a left at the traffic lights onto Middlesex Turnpike. 5. Take a left at the first traffic light: This is RSA Security, 174 Middlesex Turnpike. 6. There is plenty of parking in front of the two buildings and behind both buildings.
  4. 4. 7. Enter the front of the building on the right as you come down the driveway. This is 174. Routes I-495 and Route 3 from NH 1. Exit 35 off I-495, taking Route 3, South towards Burlington. 2. Exit 26 off of Route 3 (the last exit before Route I-95/128). 3. At the end of the exit ramp, turn left on to Route 62, East. 4. Turn left at the next traffic light onto Crosby Drive. 5. Go all the way to the end of Crosby Drive and take a left at the traffic lights onto Middlesex Turnpike. 6. Take a left at the first traffic light: This is RSA Security, 174 Middlesex Turnpike. 7. There is plenty of parking in front of the two buildings and behind both buildings. 8. Enter the front of the building on the right as you come down the driveway. This is 174. OUR 2006 SPONSORS: Application Security, Inc. - Blue Coat Systems, Inc. - Cisco Systems - Core Security Technologies - CounterStorm, Inc - General Dynamics Network Systems - Integralis - LogLogic - Minuteman Security Technologies - Newbury Networks, Inc. - OpenService - Q1 Labs, Inc. - Securify - Symantec, Inc. - TopLayer - Vericept - Verisign - Vontu - Donna Chase, CISA, CISSP Information Systems Security Association President, New England Chapter Work Phone: 617-563-4675 Email: