This week’s lead story is the bust of major cyber crime gangs on both sides of the pond. One Russian and six Estonians were charged with wire fraud and conspiracy in a 27-count indictment unsealed Thursday by Manhattan U.S. Attorney Preet Bharara. The cyber-hijacking victims included at least a half million individuals, businesses in the U.S. and government agencies, including the National Aeronautics and Space Administration. Meanwhile British police have jailed 13 people for their participation in a sophisticated banking fraud gang that used malware to help steal at least 2.9 million British pounds ($4.6 million) from hundreds of people. Police said the gang was led by two Ukrainian nationals, Yevhen Kulibaba, 33, and Yuriy Konovalenko (aka Pavel Klikov), 29. Both plead guilty to “conspiracy to defraud,” were sentenced to serve four years and eight months in prison, and began serving those terms on Monday.
The story serve as a reminder of the dangers of cyber crime and the importance of strong defensive measures:
For more about the arrest of these cyber crime gangs, see our “Ray of Sunshine” section.
What’s it like to share your SSN with 50 people? Follow a victim’s struggle: Jonathan Barnett is also Jose Cruz. And Jesus Ramirez. And Pilar Terrones, Pilar Sanchez, Esmeralda Gonzalez and dozens of other people, at least according to the nation’s identity system. MSNBC, November 7, 2011
How Much Is Your Identity Worth?: How much does it cost for thieves to discover the data that unlocks identity for creditors, such as your Social Security number, birthday, or mother’s maiden name? Would it surprise you to learn that crooks are selling this data to any and all comers for pennies on the dollar? KrebsOnSecurity, November 8, 2011
Lesson about Passwords after Theft of 16,000+ UCLA Patient Records: The personal information of 16,288 patients at UCLA’s network of hospitals and clinics are in the wrong hands following a burglary of a doctor. The information was on the computer hard drive stolen from a doctor’s home, according to an article in the The New York Times (U.C.L.A. Health System Warns About Stolen Records).
Dr. Stahl is quoted in this story. The Biz Coach, November 6, 2011
Encryption And Other Database Security Lags At Healthcare Organizations: Healthcare and IT experts convened on Capitol Hill this week to warn Congress that as healthcare organizations are increasing the use of electronic medical records in light of federal mandates, they are not protecting these records within the database and elsewhere. Security professionals agree that in order for the public to trust these records, healthcare organizations need to start working on database security best practices — the same first-order practices that any organization with minimal security should start with to shore up sensitive data stores. Dark Reading, November 11 2011
Internet Risk: Online Ads That Carry Computer Viruses and Other Malware: The online advertising industry is scrambling to quell a long-standing problem that has taken a turn for the worse: the spread of malicious ads on the Internet’s top commercial websites. ABC News, November 6, 2011
Hackers may have spent years crafting Duqu: The hacker group behind Duqu may have been working on its attack code for more than four years, new analysis of the Trojan revealed Friday. Computerworld, November 11, 2011
Apple banishes expert who exposed software flaw: Boston: Apple Inc expelled a highly regarded cybersecurity expert from one of its developers’ programs, stripping him of rights to build software for iPads and iPhones after he publicly demonstrated a flaw in its iOS operating system. FirstPost, November 9, 2011
DroidDream Light a malware nightmare, booted from Android Market: A number of malware-encumbered applications were found in the Android Market back in March, but the infestation was brought to a swift end when Google deployed its kill switch. A new variant of the same malware recently resurfaced and was identified by security researchers over the weekend. Google has responded by booting the new round of infected applications out of the Android Market. ars technica, July 2011
Vulnerabilities give hackers ability to open prison cells from afar: Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems. Tiffany Rad, Teague Newman, and John Strauchs, who presented their research on October 26 at the Hacker Halted information security conference in Miami, worked in Newman’s basement to develop the attacks that could take control of prisons’ industrial control systems and programmable logic controllers. They spent less than $2,500 and had no previous experience in dealing with those technologies. ars technica, November 8, 2011
Cyber weaknesses should deter US from waging war: WASHINGTON (AP) — America’s critical computer networks are so vulnerable to attack that it should deter U.S. leaders from going to war with other nations, a former top U.S. cybersecurity official said Monday. Associated Press, November 8, 2011
Ex-Marine Corps General: We’ve Got to Step Up Our Cyber Security Game: James Cartwright, a recently retired four-star Marine Corps general, is urging the U.S. government to be more open about its use of offensive cyber weapons so that they may act as a deterrent. Daily Tech, November 7, 2011
Darpa Begs Hackers: Secure Our Networks, End ‘Season of Darkness’: The Pentagon’s far-out research agency and its brand new military command for cyberspace have a confession to make. They don’t really know how to keep U.S. military networks secure. And they want to know: Could you help them out? Wired, November 7, 2011
London Conference reveals ‘fault lines’ in global cyberspace and cybersecurity governance: BLOOMINGTON, Ind. — The recently completed London Conference on Cyberspace — a major event attended by participants from more than 60 countries and hosted by the U.K. government — sought to advance an agenda to guide creation of a global, secure, resilient, and open cyberspace. But according to an Indiana University Maurer School of Law cybersecurity expert, the meeting revealed deep differences that make effective international cooperation on cyberspace and cybersecurity increasingly difficult. Indiana University News Room, November 7, 2011
Senators Push for Changes in Cybercrime Law: The main U.S. law targeting cybercrime may need to be changed because it has allowed law enforcement agencies to target people who simply violate websites’ terms of service or their employers’ computer use policies, two senators said Wednesday. PC World, September 7, 2011
FBI Helps Bust $4.6 Million Cybercrime Gang: British police announced Monday they have jailed 13 people for their participation in a sophisticated banking fraud gang that used malware to help steal at least 2.9 million British pounds ($4.6 million) from hundreds of people. InformationWeek, November 2, 2011
Hackers Hijack Millions of Computers in ‘Massive’ Fraud Case: Nov. 9 (Bloomberg) — The U.S. charged seven people with a “massive” computer intrusion scheme that used malicious software to manipulate online advertising, diverted users to rogue servers and infected more than 4 million computers in more than 100 countries. Bloomberg, November 10, 2011
Biggest Cybercriminal Takedown in History: The proprietors of shadowy online businesses that have become synonymous with cybercrime in recent years were arrested in their native Estonia on Tuesday and charged with running a sophisticated click fraud scheme that infected with malware more than four million computers in over 100 countries — including an estimated 500,000 PCs in the United States. The law enforcement action, dubbed “Operation Ghost Click,” was the result of a multi-year investigation, and is being called the “biggest cybercriminal takedown in history.” KrebsOnSecurity, November 9, 2011
Our lead story of the week is the breach disclosure from UCLA Health System: U.C.L.A. Health System Warns About Stolen Records. 16,288 medical records were on a computer stolen from a Doctor’s home as part of a robbery. The good news was that the hard drive was encrypted. The bad news was that the password was on a piece of paper near the computer and it too went missing.
Rule 1 is never write down passwords. Rule 2 is — if you’re going to break rule 1 — do it securely. If you must write a password down, write it on a piece of paper the size of a credit card and keep it in your wallet with your credit cards and your driver’s license. And just write the password: write “15Blah-blah-blah” not “my laptop password is 15Blah-blah-blah.”
Microsoft Issues Stopgap Fix for ‘Duqu’ Flaw: Microsoft has released an advisory and a stopgap fix for the zero-day vulnerability exploited by the “Duqu” Trojan, a highly targeted malware strain that some security experts say could be the most important cyber espionage threat since Stuxnet. KrebsOnSecurity, November 4, 2011
Massive hack hit 760 companies: NEW YORK (CNNMoney) — A massive cyberattack that led to a vulnerability in RSA’s SecurID tags earlier this year also victimized Google, Facebook, Microsoft and many other big-named companies, according to a new analysis released this week. CNN Money, October 28, 2011
U.C.L.A. Health System Warns About Stolen Records: LOS ANGELES (AP) — UCLA’s system of hospitals and clinics warned more than 16,000 patients that their personal information was on a computer hard drive stolen in the burglary of a doctor’s home, officials said Friday. The New York Times, November 4, 2011
Hackers Hit 29 Chemical Makers in ‘Nitro’ Attack, Symantec Says: Computer hackers struck 29 chemical companies in attacks this summer aimed at gathering data on formulas and manufacturing processes, according to security provider Symantec Corp. SF Gate, November 2, 2011
Are You on the Pwnedlist?: 2011 has been called the year of the data breach, with hacker groups publishing huge troves of stolen data online almost daily. Now a new site called pwnedlist.com lets users check to see if their email address or username and associated information may have been compromised. KrebsOnSecurity, November 2, 2011
Should you share breach information?: When companies suffer a security breach today they face that core dilemma: Tell the world and hope the honesty helps others, or keep it under wraps to avoid tarnishing the brand and duck possible lawsuits? One thing is clear from the arguments below: It is time for the government to take the guesswork out of the equation. Network World, November 2, 2011
Ponemon Institute Survey on Cloud Data Security Exposes Gulf between IT Security and Compliance Officers: SAN JOSE, Calif., Nov 01, 2011 (BUSINESS WIRE) — Vormetric, Inc., the leader in enterprise systems encryption and key management, today announced the results from an independent research report conducted by the Ponemon Institute on how organizations manage data security risks in cloud computing environments. The survey of 1,000 IT security practitioners and enterprise compliance officers revealed that less than half of all respondents believe their organizations have adequate technologies to secure their cloud infrastructures. Meanwhile, the two groups sharply disagreed on whether the cloud is as secure as on-premise datacenters, who is responsible for cloud data security, and what security measures should be used. Market Watch, November 1, 2011
Most Execs Don’t Feel They Can Secure Cloud Infrastructures: Enterprises are using cloud infrastructures, but they aren’t very confident in their ability to secure them, according to a study to be published Wednesday. Dark Reading, November 2, 2011
Poll: 67% Security Fear Factor With Cloud Computing: Computing via the Internet cloud — like renting servers in a far-off data center from Amazon or Rackspace — can save companies money and keep them flexible. But it can be a security challenge. Investors.com, November 4, 2011
Lazy Hackers Port Ancient Linux Trojan to Mac OSX: Hackers are testing new Mac malware that they’ve ported from a nine-year-old Trojan horse originally written for Linux, according to security experts. Computer World, October 31, 2011
Community Bank Focus on Consumer Security Contradicts Regs: Community bankers are strengthening security on consumer accounts, but they are not always extending those protections to business accounts, which regulators say are at a higher risk. American Banker, August 16, 2011
Security Expert Warns of Cyber World War: LONDON – A leading Internet security expert warned Tuesday that a cyber terrorist attack with “catastrophic consequences” looked increasingly likely in a world already in a state of near cyber war. Fox News, November 1, 2011
Stuxnet Raises ‘Blowback’ Risk In Cyberwar: The Stuxnet computer worm, arguably the first and only cybersuperweapon ever deployed, continues to rattle security experts around the world, one year after its existence was made public. NPR, November 2, 2011
U.S. report blasts China, Russia for cyberattacks: WASHINGTON (AP) – U.S. intelligence officials accused China and Russia on Thursday of systematically stealing American high-tech data for their own national economic gain. USA Today, November 3, 2011
EU and US cybersecurity experts stress-test defences: EU and US cybersecurity officials have tested how they would co-ordinate their response to a hacking attack. BBC, November 3, 2011
Hague lists cyber ‘rules of the road’: Governments should follow seven cyber ‘rules of the road’ in deciding how to act and regulate behaviour online, UK foreign secretary William Hague has told a UK government cybersecurity conference. ZDNet, November 1, 2011
It’s said that you can’t manage what you can’t measure. This week’s lead story comes from The Economist, questioning the numbers we use to measure the seriousness of cyber crime.
Measuring the black web: Is cybercrime as big as its foes fear?: BIG numbers and online crime go together. One well-worn assertion is that cybercrime revenues exceed those from the global trade in illegal drugs. Another nice round number is the $1 trillion-worth of intellectual property that, one senator claimed earlier this year, cybercriminals snaffle annually. It is hard to know what to make of these numbers… The Economist, October 15, 2011
Widely Used Encryption Standard Is Insecure, Say Experts: A weakness in XML Encryption can be exploited to decrypt sensitive information, researchers say. XML Encryption is used for securing communications between Web services by many companies, including IBM, Microsoft and Red Hat. Researchers Juraj Somorovsky and Tibor Jager from the Ruhr University of Bochum (RUB) in Germany, devised an attack that decrypts data secured with the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC (cipher block chaining) mode. They plan to present their findings in more detail at the ACM Conference on Computer and Communications Security later this year. PC World, October 22, 2011
Social Security agency leaks thousands of SSNs every year, report says: The Social Security Administration (SSA) puts thousands of Americans at risk of identity theft each year by accidentally leaking their Social Security Numbers, names and dates of birth, according to an investigative report by the Scripps Howard New Service. Computerworld, October 14, 2011
Exclusive: Nasdaq hackers spied on company boards: Hackers who infiltrated the Nasdaq’s computer systems last year installed malicious software that allowed them to spy on the directors of publicly held companies, according to two people familiar with an investigation into the matter. Reuters, October 20, 2011
Medical Identity Theft a Growing Problem: WASHINGTON — Nearly four out of 10 doctors and hospitals surveyed have caught a patient trying to use someone else’s identity in order to obtain healthcare services, according to a new survey from accounting firm PricewaterhouseCoopers (PwC). Medpage Today, September 23, 2011
US companies pushed to disclose cyberattacks: Public companies may need to look more closely at their exposure to cyberattacks after new guidelines were released this week by the U.S. Securities and Exchange Commission. Computerworld, October 14, 2011
SpyEye malware continues to plague computers: The SpyEye banking malware continues to plague computers across the world and is proving to be a difficult foe to detect and remove from infected Windows PCs, according to two researchers from EMC’s RSA security division. Computerworld, October 14, 2011
Bing, Yahoo sponsored results lead to hard-to-remove rootlet: Searching for Flash Player on Bing and Yahoo can lead to rogue pages distributing a hard-to-remove rootkit, according to security researchers from antivirus vendor GFI Software. Computerworld, October 14, 2011
Measuring the black web: Is cybercrime as big as its foes fear?: BIG numbers and online crime go together. One well-worn assertion is that cybercrime revenues exceed those from the global trade in illegal drugs. Another nice round number is the $1 trillion-worth of intellectual property that, one senator claimed earlier this year, cybercriminals snaffle annually. It is hard to know what to make of these numbers… The Economist, October 15, 2011
Shady Reshipping Centers Exposed, Part I: Last week, authorities in New York indicted more than 100 people suspected of being part of a crime ring that used forged credit cards to buy and resell an estimated $13 million worth of Apple products and other electronics overseas. In this post, I offer readers a behind-the-scenes look at a somewhat smaller but similar organized crime operation that uses stolen credit card numbers to purchase and launder high-end electronics. KrebsOnSecurity, October 12, 2011
New Malicious Program by Creators of Stuxnet Is Suspected: The designers of Stuxnet, the computer worm that was used to vandalize an Iranian nuclear site, may have struck again, security researchers say. New York Times, October 18, 2011
Defense Dept. hit with $4.9B lawsuit over data breach: The U.S. Department of Defense has been hit with a $4.9 billion lawsuit over a recently disclosed data breach involving TRICARE, a healthcare system for active and retired military personnel and their families. Computerworld, October 14, 2011
Cybersecurity Proposals Begin to Meld: Prospects for enacting an ambitious and comprehensive national cybersecurity protection program during this year’s congressional session may be fading. That’s the bad news. The good news is that various approaches to a cybersecurity agenda may be melding into a program that is acceptable to politicians of both parties and to e-commerce businesses as well. CRMBuyer, October 18, 2011
Pentagon weighing how to respond to cyberattacks: The Defense Department is finalizing policies that will determine what the military can do in the event of a cyberattack as the government figures out who should have the power to shut down computer networks seized by an enemy nation, terrorist group or criminal hacker. Bloomberg, October 20, 2011
Cyber Warriors: Early in my time in China, I learned a useful lesson for daily life. In the summer of 2006, I saw a contingent of light-green-shirted People’s Liberation Army soldiers marching in formation down a sidewalk on Fuxing Lu in Shanghai, near the U.S. and Iranian consulates. They looked so crisp under the leafy plane trees of the city’s old colonial district that I pulled out a camera to take a picture of them—and, after pushing the button, had to spend the next 60 seconds running at full tilt away from the group’s leader, who pursued me yelling in English “Stop! No photo! Must stop!” Fortunately he gave up after scaring me off. The Atlantic, March 2010
Software Pirate Cracks Cybercriminal Wares: Make enough friends in the Internet security community and it becomes clear that many of the folks involved in defending computers and networks against malicious hackers got started in security by engaging in online illegal activity of one sort or another. These gradual mindset shifts are sometimes motivated by ethical, karmic or personal safety reasons, but just as often grey- and black hat hackers gravitate toward the defensive side simply because it is more intellectually challenging. KrebsOnSecurity, October 17, 2011
This Scientific American article graphically illustrates the growth of cyber crime over the last several years. Short, sweet and very much to the point.
Crooks may seek your identity, but “hacktivists” cause the blockbuster breaches: We are constantly warned to protect our passwords, Social Security numbers and other “personal identifying information” to thwart thieves who may steal laptops or perpetrate online fraud. Although such breaches have soared since 2005 as criminals try to commit identity theft, the truly enormous breaches have increasingly been carried out by “hacktivists”—individuals or groups who are angry about an organization’s actions. Hackers, for example, exposed data about 77 million Sony customers after the company pursued legal action against other hackers. “More than 107 million people were affected by hacking during the first half of 2011,” says Jake Kouns, CEO of the Open Security Foundation in Glen Allen, Va., which runs the DataLossDB project. Scientific American, October, 2011
AnonAustria hackers publish personal police data: An Austrian computer hacking group has published the names and addresses of nearly 25,000 police officials, raising fears for officers’ personal security. BBC, September 26, 2011
Betfair Admits Failure To Reveal Identity Fraud: Online gambling firm Betfair has admitted it failed to inform millions of customers that their personal details had been stolen in a major cyber attack. Sky News, September 30, 2011
Why Many Healthcare Workers Are Responsible for Alarming Trend: Medical ID Theft: Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery, and adversely impacted 1.42 million Americans last year, according to a study by PricewaterhouseCoopers (PwC) in a published report. The Biz Coach, September 26, 2011 (Dr. Stahl is a key source for this story.) (Thanks to my friend, Terry Corbell, for writing this story.)
Tricare patient data lost in car burglary: A data breach affecting 4.9 million Tricare beneficiaries began when a government contractor left backup computer tapes in his car after parking it in downtown San Antonio one day this month. My San Antonio, September 30, 2011 (Dr. Stahl quoted in this story.)
Businesses Backsliding On PCI Compliance: It’s been six years since the Payment Card Industry Data Security Standard (PCI DSS) was born, but most organizations worldwide still aren’t remaining PCI-compliant year-round. Dark Reading, September 29, 2011
MySQL.com Hacked to Serve Malware: The website for the open-source MySQL database was hacked and used to serve malware to visitors Monday. PC World, September 26. 2011
Web hosting intrusion results in thousands of damaged web sites: A BANGLADESHI HACKER has managed to break into the computer infrastructure of a company called Inmotion Hosting and defaced hundreds of thousands of web sites hosted on its servers. The Inquirer, September 26, 2011
Authenticity of Web pages comes under attack: Hackers cracked three companies that work with the most popular Web browsers to ensure the authenticity of Web pages where consumers type in sensitive information, such as account log-ons, credit card numbers and personal data. USA Today, September 27, 2011
MySQL.com Sold for $3k, Serves Malware: A security firm revealed today that mysql.com, the central repository for widely-used Web database software, was hacked and booby-trapped to serve visitors with malicious software. The disclosure caught my eye because just a few days ago I saw evidence that administrative access to mysql.com was being sold in the hacker underground for just $3,000. KrebsOnSecurity, September 26, 2011
Hackers break SSL encryption used by millions of sites: Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that’s passing between a webserver and an end-user browser. The Register, September 19, 2011
Taking Down a Digital Den of Sin: Until very recently books about cybercrime came in two forms. Some authors—the majority of whom had a national-security background—thought it their moral obligation to warn civilization of the impending arrival of an “electronic 9/11,” a “Digital Pearl Harbor” or a “cyber-Katrina”—a catastrophe that no stock exchange or central bank would survive unscathed. Others—predominantly computer experts and academics—opted for a more humdrum approach, producing dry tomes full of impenetrable jargon. Now a third form has arisen, written by journalists and brimming with richly reported details and quirky characters.The Wall Street Journal, October 1, 2011
Microsoft anti-virus program evicts Chrome browser: SAN FRANCISCO — Microsoft raced to fix an anti-virus program that targeted Google’s Chrome browsing software as a malicious threat and kicked it off computers. AFP, September 30, 2011
Facebook’s Frictionless Sharing: A Privacy Guide: Should you be concerned about your privacy on Facebook’s recently announced “frictionless sharing” plan that lets online sites and services automatically share your activity with your Facebook friends? PC World, September 26, 2011
Diebold voting machines vulnerable to remote tampering via man-in-the-middle attack: Researchers at the Department of Energy’s Argonne National Laboratory have demonstrated an electronic “man in the middle” attack that allows remote tampering with the Diebold AccuVote voting system. Argonne’s Vulnerability Assessment Team has previously exposed the same sort of vulnerability in Sequoia AVC machines in 2009, and believe the attack could be used against a wide range of voting machines. ars technica, September 28, 2011
Utilities and Industries Face Rising Number of Cyber Break-Ins, DHS Says: U.S. utilities and industries face a rising number of cyber break-ins by attackers using more sophisticated methods, a senior Homeland Security Department official said during the government’s first media tour of secretive defense labs intended to protect the U.S. power grid, water systems and other vulnerable infrastructure. Fox News, September 29, 2011
Top Cybersecurity Official Cites Hacker Threat to Infrastructure: Damage inflicted by corporate data breaches this year pales in comparison to what might happen if a power grid or chemical plant were targeted by hackers or malicious software, a top U.S. cybersecurity official said. BusinessWeek, September 29, 2011
CACI Announces Release of Cybersecurity Report from Fifth Asymmetric Threat Symposium
Focus on Keeping the Nation’s Industrial Base Safe From Cyber Threats: ARLINGTON, Va., Sep 29, 2011 (BUSINESS WIRE) — CACI International Inc CACI -0.81% , the U.S. Naval Institute (USNI) and the Center for Security Policy (CSP) today announced the release of Cyber Threats to National Security: Keeping the Nation’s Industrial Base Safe From Cyber Threats. This report publishes recommendations from the fifth symposium in the Asymmetric Threat series on cybersecurity, co-sponsored by CACI, USNI, and CSP. Copies of the report may be downloaded from CACI’s website at www.caci.com or from the dedicated Asymmetric Threat website at asymmetricthreat.net. MarketWatch, September 29, 2011
(ISC)2 at a crossroads: CISSP value vs. security industry growth: (ISC)2 wants to dramatically swell its CISSP ranks in the next few years. That plan does not sit well with some CISSPs, who say their numbers are already growing too fast and putting CISSP value in question, even though the organization itself believes it’s not growing nearly fast enough. SearchSecurity.com, September 2011
FOR IMMEDIATE RELEASE
Jim Goyjer: (310) 207-3361
Email: jim.goyjer@carlterzianpr.com
Information and Registration: www.issa-la.org .
ISSA of Los Angeles Holding Third Annual Information Security Summit on Protecting Businesses from Cyber Attacks
Los Angeles – March 25, 2011 — The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) is holding its third annual Information Security Summit. The theme of this year’s Summit is The Growing Cyber Threat: Protect Your Business. The Summit will be held Wednesday, June 15, 2011 at 7:30 AM on the UCLA Campus and will be hosted by UCLA Extension.
“There has been an explosive growth in cybercrime in the two years since our first Summit, including the brazen theft of millions from corporate bank accounts,” says ISSA-LA President Stan Stahl, Ph.D. “Yesterday’s defenses don’t work against the worst of today’s cyber-attacks. The Summit is the perfect place for our community to come together and learn what they must do to stay ahead of the cybercriminals. Those attending will learn how to meet the latest cyber challenges from industry leaders and get to talk to more than 25 information security vendors.”
“We’re excited by the quality of speakers participating in this year’s Summit,” Dr. Stahl announced. “They include some of our most popular speakers, information security thought leaders like Steve Lipner of Microsoft, Gene Schultz of Emagined Security, Marc Maiffret of eEye Digital Security and Jeremiah Grossman of White Hat. We’re particularly excited to have Carl Terzian as a special keynote speaker.”
The Summit is the only educational forum in Los Angeles specifically designed to encourage participation and interaction among all three vital information security constituencies: (1) business executives, senior business managers, and their trusted advisors; (2) technical IT personnel with responsibility for information systems and the data they contain; and (3) information security practitioners with responsibility for ensuring the security of sensitive information.
Registration is open to anyone interested in learning more about information security but is particularly recommended for business executives and senior managers; business professionals in law, accounting, insurance and banking; technical IT personnel; and information security practitioners.
The Information Security Summit is part of ISSA-LA’s important community outreach program. The goal of the program is to help our community stay safe from cybercrime by enabling the necessary collaboration between business and community leaders, technical IT professionals and the information security community.
- ###-
About Information Systems Security Association (ISSA)
The Information Systems Security Association is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. The primary goal of ISSA is to promote management practices that will ensure availability, integrity and confidentiality of information resources. For more information or to register, please visit: www.issa-la.org .
About Stan Stahl, Ph.D.
Dr. Stahl is the founder and president of Citadel Information Group, Inc., an information security management firm. He is a pioneer in the field of information security, entering the field in 1980. He began his career securing teleconferencing at the White House, databases inside Cheyenne Mountain and the communications network controlling our nuclear weapons arsenal. Dr. Stahl earned his Ph.D. in mathematics from The University of Michigan and spent nearly 15 years teaching university mathematics. Once an active researcher, Dr. Stahl has published more than a dozen papers in advanced mathematics and computer science. He has taught courses in information security, software engineering, project management and computer programming at several universities and colleges. He recently served on the faculty at the University of Southern California in the School of Engineering’s Information Technology Program. For More information, visit www.citadel-information.com .