Surf, Sand, Security!

Get together with your peers and discuss security on the shores of Santa Monica, California.

January 27 — 28, 2014

Come join OWASP Chapters from Los Angeles, Orange County, San Diego, Santa Barbara, and the Bay Area as we gather at the Annenberg Community Beach House to network and share information with the country's leaders in information security. 

https://appseccalifornia.org/

Quick Tips for Handling and Securing your Laptop

Treat your laptop like cash!     

 

If you had a wad of money sitting out in a public place, would you turn your back on it – even just for a minute?  Would you put it in checked luggage?  Leave it on the backseat of your car?  Keep a careful eye on your laptop just as you would a pile of cash. When outside the office, never leave it unattended.

Do not leave your laptop in your car.

Don’t allow your laptop or anything of value to be visible from outside of your car. If you have to leave a laptop in a vehicle, put it in the trunk before you depart, not when you arrive at your destination, thus avoiding anyone seeing a laptop in an unattended vehicle. Never store a laptop in the trunk over night or over the weekend.

Do not allow anyone else to use your laptop

Don’t allow your laptop or anything of value to be visible from outside of your car. If you have to leave a laptop in a vehicle, put it in the trunk before you depart, not when you arrive at your destination, thus avoiding anyone seeing a laptop in an unattended vehicle. Never store a laptop in the trunk over night or over the weekend.

Ensure that your laptop has been encrypted

All laptops should be encrypted, as they are too easy to loose or be stolen, and it is too easy to forget what you may have stored on them. Something could be confidential.

 Record identifying information and mark your equipment

Record the make, model and serial number of your laptop and keep it in a separate location. Have a luggage tag on your laptop case, labeled with your contact information.

Secure your laptop when in the office

Secure your laptop by locking it in a docking station, if available. You can also use a security cable, a locked office or locked cabinet.  Do not set the laptop on the desk and then walk away with it unsecured.

Keep it off the floor                                

No matter where you are in public – at a conference, a coffee shop, or a registration desk – avoid putting your laptop on the floor. If you must put it down, place it between your feet or at least up against your leg, so that you’re aware of it. Laptops on the floor can easily get stepped on, kicked, and stolen

Do not store your password with your laptop

 You should secure your laptop with a strong password, but don’t keep the password in the laptop case or on a piece of paper stuck to the laptop.

Be very careful while travelling with a laptop

You should secure your laptop with a strong password, but don’t keep the password in the laptop case or on a piece of paper stuck to the laptop.

Studies have shown approximately 12,000 laptops per week are lost or misplaced in US Airports!

Consider non-traditional bags for carrying your laptop

When you take your laptop on the road, carrying it in a computer case may advertise what’s inside. Consider using a suitcase, a padded briefcase or a backpack instead.

Do not store your laptop in checked luggage.

 Never store your laptop in checked luggage. Always carry it with you.

Be vigilant in hotels

If you stay in hotels, a security cable may not be enough. Try not to leave your laptop out in your room. Rather, use the safe in your room if there is one. If you’re using a security cable to lock down your laptop, consider hanging the “do not disturb” sign on your door.

Keep track of your laptop when you go through airport screening

Hold onto your laptop until the person in front of you has gone through the metal detector. Watch for your laptop to emerge from the TSA scanners.

Backup your files

 Don't forget to always ensure that the files on your laptop are copies of the originals that you  have on a server somewhere.

Very mixed day: Obama Notifies of Intent to Veto CISPA, but Gun Control Dies

The suspense is over as Obama actually stands tall again, in defense of Americans' privacy. No get out of jail free card for the corporations who want to share private data. Back to the drawing board for Congress. Can they ever get it right? We all know what is needed, but Congress is just too busy trying to manage all that lobbyist money. It's a lot to keep track of! I applaud the efforts of the ACLU in keeping the pressure on Obama; he actually used some of their language in his statements.

However, what is the deal with this lack of responsible gun control? We're not talking about taking guns away from anyone, except possibly those who are so screwed up as to fail a reasonable background check. Now, wouldn't we want this to occur? This one has the major support of the majority of Americans, but the NRA is way out of bounds here. It's almost too absurd and blatant to believe. I don't need to hear another person screaming "guns don't kill people, people do"! Some people should not have the guns that kill people.

Healthcare HITECH Privacy and Security Summit, May 21 at the Universal City Hilton

HIMSS (Healthcare Information and Management Systems Society) Southern California has partnered with ISSA-LA (Information Systems Security Association Los Angeles) to present the Healthcare HITECH Privacy and Security Summit, May 21 at the Universal City Hilton.

This event will bring together leaders in Privacy and Security within government and private industry for a day of collaboration, networking and presentations by leading Privacy and Security professionals. You will learn from experts what you need to know to comply with new HITECH rules and OCR investigations.

Keynote Speaker

Howard Schmidt

White House Cybersecurity Coordinator, Retired

Special Advisor to President Obama

“The Summit is packed with an All-Star cast of speakers, who will share their knowledge and experience to help prepare covered entities and business associates to meet the September 23, 2013 Compliance Deadline of the final omnibus rule”, according to Richard Greenberg, ISSA Fellow, Los Angeles Board member, and Information Security Officer for Los Angeles County Public Health. The U.S. Department of Health and Human Services (HHS) published  the rule, which modifies the privacy and security, breach notification, and enforcement regulations now a part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

“You’ll hear directly from a wide variety of professionals, including  Yun-kyung (Peggy) Lee of the U.S. Department of Health and Human Services, Office of Civil Rights, who will prepare attendees in case of an OCR investigation”, continued Mr. Greenberg. “We have attorneys, CISOs, a Privacy Officer, and other experts who will engage with attendees as part of panels on BYOD and Business Associates, and during the Roundtable Luncheon.”

According to the Open Security Foundation's DataLossDB, which tracks the loss, theft, or exposure of personally identifiable information, out of the 1,520 total incidents reported last year, 327 occurred in the medical industry, making it the most widely breached industry in the United States. Healthcare has been one of China’s priorities in its 15-year science and technology development strategy for 2006 to 2020, and has resulted in a surge in campaigns against Healthcare firms.

The Summit provides an excellent opportunity to learn how your peers are handling important privacy and security issues arising from HITECH, such as data breaches, compliance, and mobile device security. The Summit provides a collaborative environment where attendees and speakers can network, share experiences, and learn from one another.

The Summit will be held on Tuesday, May 21, 2013 from 7:30 am to 6:30 pm at the Universal City Hilton.

ISSA-LA is the premier catalyst and information source in Los Angeles for improving the practice of information security. The Chapter provides educational programs for information security and IT professionals. The Chapter conducts outreach programs to businesses, financial institutions, nonprofits, governmental agencies, and consumers.  ISSA-LA is the founding Chapter of the Information Systems Security Association, an international not-for-profit association of information security professionals and practitioners.

For more information or to register for the Healthcare HITECH Privacy and Security Summit, please visit: http://www.issala.org/summit/healthcare-hitech-privacy-and-security-summit/

The agenda can be viewed here:

http://www.issala.org/wp-content/uploads/2013/04/Healthcare-Summit-Schedule-7.2.pdf

Who Should Attend

•       Privacy Professionals

•       Security Professionals

•       Risk Management Professionals

•       Clinicians

•       Hospitals and other Healthcare Providers

•       Health Plan Professionals

•       Employers and Healthcare Purchasers

•       State, Regional and Community-Based Health Information Organizations

•       Public Health Officials

•       Pharmaceutical, Biotechnology and Medical Device Manufacturers

•       Healthcare IT Consultants, Suppliers and Vendors

•       State and Federal Policy Makers

•       Health Services Researchers

•       Academics

•       Chief Executive Officers

•       Chief Operating Officers

•       Chief Technology Officers

•       Chief Financial Officers

•       Compliance Officers

•       Health Law Attorneys

•       Medical Directors

•       Physicians

•       Managed Care Professionals

•       Medical Group Managers

•       Data Managers

•       Ethics Officers

•       Health Insurance Executives

•       Consultants

•       Government Agency Employees

•       Health Administration Faculty

The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) invites you to partner with us at our Fifth Annual Information Security Summit, “The Growing Cyber Threat: Protect Your Business!”  The Summit is the premier Information Security event in Southern California. Last year we drew 500 people, and our goal for this year is 700.

 

The Summit offers information systems and information security vendors a very high-value marketing opportunity. By taking advantage of Summit and meeting sponsorships, your products and services get associated in the marketplace with ISSA-LA’s leadership; this enhances the market’s perception of you as an industry leader in the 18th largest economy in the world — Los Angeles County. 

 

We have many different sponsorship levels designed for every type of budget, including a set of premier sponsorships that include the full Summit attendee list. The top level sponsorships also bring with them an opportunity to address the full audience.

 

To register to be a Summit V Sponsor, please visit our Registration Page:

http://issa-la-securitysummit-v-sponsorship-es2002.eventbrite.com/

 

For more information about the Summit, including speakers, please visit our Summit website:

http://www.issala.org/summit/

 

For more information about sponsorship, please visit:

http://www.issala.org/summit/sponsor-program/ 

 

OR

 

Contact our Vendor Director, Richard Greenberg, at:

Vendor_Director@issa-la.org

 

We hope to see you there!

Government in bed with Communications Corporations

It is now illegal for wireless customers to purchase and unlock their cell phones! We know that George Orwell's and Aldus Huxley's visions of the future have unfortunately come to pass, but this is getting ridiculous and outrageous. http://tinyurl.com/ahpzo67

Oracle, what the hell are you doing to us with Java? Be merciful, and hire some really good analysts. This cannot continue. And, what is the deal with trying to sneak the Ask Toolbar into our Java updates? You're acting like rogue software companies. Enough is enough!

OWASP Monthly Meeting - January 23, 2013

• 7:00 PM at Symantec Corporation
• 900 Corporate Pointe , Culver City, CA

  owaspla.org
• • Top Ten Web Defenses

  We cannot “firewall” or “patch” our way to secure websites. In the past, security professionals thought firewalls, Secure Sockets Layer (SSL), patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, well-protected websites are occurring every day. Website developers must learn to code in a secure fashion to have any chance of providing organizations with proper defenses in the current threat-scape. The session will provide specific tips and guidelines to make website code both low risk and less vulnerable.

  • Bio: Jim Manico

  Jim is the VP of Security Architecture for WhiteHat Security. Jim is also the host of the OWASP Podcast Series, is the committee chair of the OWASP Connections Committee, is the project manager of the OWASP Cheatsheet series, and is a significant contributor to several additional OWASP projects. Jim provides secure coding and developer awareness training for WhiteHat Security using his 8+ years of experience delivering developer-training courses for SANS, Aspect Security and others. He brings 16 years of database-driven Web software development and analysis experience to WhiteHat and OWASP as well. Jim works on the beautiful island of Kauai, Hawaii where he lives with his wife Tracey.

  
  

  • Sponsor: WhiteHat Security

  Founded in 2001 and headquartered in Santa Clara, California, WhiteHat Security provides end-to-end solutions for Web security. The company's cloud technology platform and leading security engineers turn verified security intelligence into actionable insights for customers. Through a combination of core products and strategic partnerships, WhiteHat Security provides complete Web security at a scale unmatched in the industry. WhiteHat Sentinel, the company's flagship product line, manages thousands of websites -- including sites in the most regulated industries as well as top ecommerce, finance and healthcare companies.

  www.whitehatsec.com