two top security authorities
very year the two largest security-focused professional organizations in the Denver area — the Information Systems Security Association (ISSA) and the Information Systems Audit and Control Association (ISACA) — join together for a holiday mixer. Instead of the traditional lunch meetings for both organizations, this event takes place at a brewery in Denver, with a focus on networking, and dynamic security speakers.
This year's event, set for Dec. 12 at the Wynkoop Brewing Company in downtown Denver, will feature two speakers. (For details and the agenda, click here.)
Jonathan Trull, the Chief Information Security Officer for Colorado, will discuss “Secure Colorado: Reducing Risk Using the First Five Critical Security Controls,” focusing on how Colorado selected and implemented the first of 20 critical controls to improve security of government data.
Trull served as state auditor in Colorado for 12 years before assuming responsibility for cyber-security for the state government. One of his first actions as CISO was to test of the state's security controls. The results revealed significant weaknesses. An outside “red team” was reportedly able to compromise the system in less than two hours.
As a result, Trull launched a major overhaul of the state's security programs, focusing on the implementation of 20 “critical controls.” The program is being watched closely by states across the nation. Ten other states have already committed to implementing Trull’s critical controls.
In the second presentation, Branden Williams, Executive Vice President of Strategy at Sysnet Global Solutions, will discuss “PCI DSS 3.0: The Good, The Bad, The Confusing.” PCI DSS 3.0 is the third iteration of the Payment Card Industry Data Security Standard, a set of policies and procedures administered by the Payment Card Industry Security Standards Council to ensure the security of electronic payment data and sensitive authentication data.
Williams is a well-known consultant and thought leader in the security industry. He has more than 15 years of experience in technology and information security with a background in the security technologies that drive today's businesses.
He spent a number of years helping companies solve major security and compliance problems, including building PCI DSS compliance programs for some of the largest retailers around the globe. He recently sat on the PCI Board of Advisors and published the third edition of his book, PCI Compliance in August.
In his presentation, Williams will talk about the new PCI-DSS 3.0 standard and the steps that organizations must take to comply. The session will explain how PCI DSS 3.0 will affect your enterprise, as well as recommend tools and information resources.
If you have not been involved with either organization in the past, this meeting is a great opportunity to meet many members of Denver's information security and audit community, receive some timely security training, and enjoy the fare of a Denver cornerstone brewery.
Hope to see you there!