This message contains images. If you don't see images, click here to view.
Advertise in this news brief.

Text Version   RSS   Subscribe   Unsubscribe   Archive   Media Kit July 28, 2015

Home   About   Join   Members   Events & News   Press   Contact     



IAPSC's 'Cybersecurity' Interest Group holds first meeting
'Forensics and Security Management' to meet on Aug. 21

The first on-line meeting of the IAPSC Cybersecurity Interest Group was held on Friday, July 17 and led by Co-Chair Jim Kelton, CISA, CRISC, CGEIT. Members participated from CA, NV, TX, VA, NJ, NY and the U.K.

The call began with a review of some background information: In 2014, President Obama signed the Executive Order to enhance the security and resilience of nation's critical infrastructure. At the time, systems and assets, whether virtual or physical, addressed two factors: (1) Information Technology and (2) Industrial Control Systems. The Executive Order called for a voluntary risk-based cybersecurity framework. The NIST Cybersecurity Framework was the result. NIST created the roadmap to indicate which areas needed improvement. Due to poor authentication schemes, 76 percent of network intrusions exploited weak or stolen credentials. In January 2015, there was an RSA study, with 1500 respondents. When asked "How likely do you think it is that your organization will experience a cyber-attack?" 82 percent responded either "Very Likely," or "Likely."

During the meeting, IAPSC members discussed potential ideas regarding poor authentication mechanisms, noting that proposed solutions for clients would need to be efficient and they don't typically want to spend money in this area. Additionally, the solutions must be put in context of the environment. It was agreed that there is opportunity here and data analytics could be effective and should not be cost-prohibitive.

Mark your calendar for these upcoming Interest Group meetings:
  • The Forensics and Security Management Interest Group (Ken Wheatley and Norman Bates, co-chairs) will have its first meeting on Friday, Aug. 21 at 9 a.m. Pacific/12 p.m. Eastern, where there will be a discussion to determine areas of interest that the Group can address for professional development and consulting/forensic needs.
  • The "Security Design and Engineering" Interest Group (Rene Rieder and Chad Parris co-chairs) will have its first meeting Friday, Sept. 18 at 9 a.m. Pacific/12 p.m. Eastern. Discussion topics are forthcoming.
  • The Cybersecurity Interest Group will meet again on Friday, Oct. 16 at 9 a.m. Pacific/12 p.m. Eastern.
To attend, IAPSC members may RSVP to
   Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

3 steps to preventing data breaches in your practice
IAPSC Member Jim Kelton, CISA, CRISC, CGEIT was a knowledge area resource for the following article by Aine Cryts in Physicians Practice entitled "Three Steps to Preventing Data Breaches in Your Practice." "Every few weeks, there's a headline about a healthcare organization that’s been victimized by a hacker or a disgruntled employee. What is your practice doing to protect its data against theft? It can be a balancing act for physician practices that want to provide access to patient information in the EHR and elsewhere, while preventing data breaches. Here are a few steps that can help practices avoid those unfortunate headlines: Know where your data is — First, you have to know where your data is, said Jim Kelton, managing principal at Costa Mesa, California-based Altius Information Technologies. If you don't know where your data is transmitted or where it’s stored, you can't provide the layers of protection that are needed ..."
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

Welcome to IAPSC's newest member!
Gregory Brandon is co-founder and principal for Triad Consulting. He has over 25 years of experience in consulting, design, project management and executive leadership. Starting his career working for leading telecommunication companies, then transitioning to the security industry including security and alarm system integrators and manufacturers such as Pinkerton, API, and Simplex-Grinnell, Greg's career includes 15 years of consulting with 8 years leading the nation's largest security management consulting and system design practice for a national engineering firm. He has exceptional knowledge of the security consulting profession from strategic planning through operational consulting, physical and electronic systems design and implementation to managed services. Greg’s experience runs from government, healthcare, education, transportation, utility, air/seaport and energy critical infrastructure sectors to industrial, commercial and hospitality clients large and small. Greg has a bachelor's degree in communications (BAC) from California State University Fullerton.
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

IAPSC will be at ASIS 2015 in September — Come and see us!
Join IAPSC for two opportunities to connect with association members and colleagues in the security industry during ASIS 2015 in Anaheim, California. The IAPSC networking reception for members and their guests will be the evening of Sunday, Sept. 27 from 5-7 p.m. Also, be sure to visit our information and membership booth on Monday, Sept. 28 or Tuesday, Sept. 29. Members will be available to answer questions about IAPSC and the benefits of membership. To get details, RSVP for the reception, or to volunteer for a time slot at the booth, contact:
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

IAPSC Successful Security Consulting Seminar at ASIS 2015
Sunday, Sept. 27, 8 a.m.-5 p.m.

This popular, one-day intensive program presented by leading technical and management security consultants will show you how to develop, market and deliver security consultant services and how to avoid the costly mistakes that can sabotage the success of your clients' or your own security program. The program is filled with practical information on just how to offer and deliver security consulting assignments starting with establishing your practice, finding clients, networking with other consultants, and executing security management and technical aspects of consulting from the initial consulting assignment through security assessments, designs and specifications, procurement, and implementation. A comprehensive workbook of sample proposals and reports will be provided each attendee. Program # 1509-CONSU
Register Now

Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

Mark your calendar — IAPSC Annual Conference is in Charleston!

Share on FacebookTwitterShare on LinkedinE-mail article


Body cameras in schools spark privacy, policy discussions
Emergency Management
While police body cameras have made headlines lately, at least one school district is drafting policies for administrator body cameras. Leaders at Burlington Community School District in Iowa want each principal and assistant principal equipped with body cameras so they can record what happens in student disciplinary situations. For example, video caught on a surveillance camera last school year showed that a middle school principal did not kick a student, though he was accused of doing so.
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

Missed an issue of IAPSC News? Click here to visit the IAPSC News archive page.

United Airlines pays out 'bug bounties' to clean up security gaps
Los Angeles Times
In a first for a U.S. carrier, United Airlines has paid out "bug bounties" to cybersecurity experts who found and exposed weaknesses in the airline's website. Two cybersleuths were each paid 1 million loyalty reward miles for uncovering gaps in the airline's Web security.
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

Robotics in the workplace: How to keep employees safe and limit exposure to OSHA citations
The National Law Review
Today's workplace is rapidly changing and so is its workforce. An increasing number of jobs once performed by humans are now performed by robots, and this has not escaped OSHA's attention. In fact, an OSHA test case is currently underway regarding the protection of employees when working with robots.
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article


Security recommendations on 7,000 military sites coming
Defense Secretary Ash Carter will be offered a variety of ways to improve security at over 7,000 military sites across the United States that are located outside of military bases when the armed services report back to him Friday, according to a Pentagon official.
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

US government guide aims to bolster security of mobile devices used in health care
Health care providers are increasingly using smartphones and tablets for tasks such as accessing and transferring medical records, and submitting prescriptions, but these devices may not be secure enough to protect sensitive medical information from hackers. That's the conclusion of the U.S. National Institute of Standards and Technology, whose cybersecurity center released a draft guide to help health IT professionals shore up the mobile devices.
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

Reexamination of security needed at soft targets in wake of mass shootings
Info Security Watch
Just over three years after James Holmes shot and killed 12 people and injured 70 others during a midnight screening at a movie theater in Aurora, Colorado, authorities say 59-year-old John Russel Houser, who they described as a "drifter," opened fire on a crowd of patrons at a movie theater in Lafayette, Louisiana, killing two people and wounding nine others before taking his own life. This came a week after 24-year-old Muhammad Youssef Abdulazeez attacked a military recruiting center and a Navy operations support center in Chattanooga, Tenn. The shooting rampage resulted in the deaths of four marines and a sailor. Both shootings have not only raised concerns about the dangers posed by lone-wolf attackers, but also what steps need to be taken to improve the security posture of soft targets.
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article


8 most in-demand IT security certifications
As high-profile security breaches continue to dominate headlines, companies are doubling down on pay to hire the best and the brightest IT security professionals. The most recent IT Skills and Certifications Pay Index from research and analysis firm Foote Partners confirms that IT pros holding security certifications can expect premium pay. Market values for 69 information security and cybersecurity certifications in the ITSCPI have been on a slow and steady upward path for two years, up 8 percent in average market value during this time, states co-founder, chief analyst and research officer David Foote in the report.
Share this article:   Share on FacebookTwitterShare on LinkedinE-mail article

Colby Horton, Vice President of Publishing, 469.420.2601
Download media kit

Esther Cho, Content Editor, 469.420.2671  
Contribute news

International Association of Professional Security Consultants
575 Market Street, Suite 2125, San Francisco, CA 94105
Tel: 415-536-0288 | Fax: 415-764-4915 |

Be sure to add us to your address book or safe sender list so our emails get to your inbox. Learn how.

This edition of the IAPSC News was sent to ##Email##. To unsubscribe, click here. Did someone forward this edition to you? Subscribe here — it's free!

Recent issues

July 14, 2015
June 30, 2015
June 17, 2015
June 2, 2015

7701 Las Colinas Ridge, Ste. 800, Irving, TX 75063