headers
organiser@syscan.org | 13 Feb 2008 06:30
Favicon

SyScan'08 Call for Paper/Training

CALL FOR PAPERS/TRAINING

SyScan'08 Hong Kong will be held on May 29th and 30th at Langham Place.
SyScan'08 Singapore will be held on July 3rd and 4th at Novotel Clarke Quay.

CFP COMMITTEE
The Call for Papers committee for SyScan’08 comprises of the following 
personnel:

1. Thomas Lim – Organiser of SyScan and CEO of COSEINC
2. Dave Aitel – Founder and CTO of Immunitysec
3. Marc Maiffret – Ex-Founder and Chief Hacking Officer of eEye
4. Matthew “Shok” Conover – Symantec

The CFP committee will review all submissions and determine the final 
list of speakers for SyScan’08.

CONFERENCE TOPICS
The focus for SyScan’08 will include the following:

Operating Systems
• Vista
• Linux
Mobile Devices/Embedded systems
• SmartPhones
• PDAs
• Game Consoles
Web 2.0
• Web services
• PHP
(Continue reading)

Permalink | Reply | 0 comments |
headers
organiser@syscan.org | 18 Dec 2007 08:12
Favicon

SyScan'08 Call For Paper/Training

*About SyScan'08*
The Symposium on Security for Asia Network aims to be a very different 
security conference from the rest of the security conferences that the 
information security community in Asia has come to be so familiar and 
frustrated with.
SyScan is a non-product, non-vendor biased security conference. It is 
the aspiration of SyScan to congregate in Asia the best security experts 
in their various fields, to share their research, discovery and 
experience with all security enthusiasts in Asia.

Speakers who have presented in previous SyScan conferences are among the 
best and brightest in the respective field.
Many of theses previous presentations were outstanding and awesome, with 
the industry still in active discussion today.
This will continue to be case as the highly regarded members of the Call 
for Paper (CFP) committee will ensure only the top speakers with the 
best content will speak at SyScan. Your participation in SyScan will 
help you to maintain your technological leadership and stay abreast of 
the latest developments in this rapidly moving technological field.

This two-day symposium would be held in a relaxed and informal 
atmosphere, allowing all participants to enjoy themselves whilst 
expanding their knowledge on information security. This is a 
single-track conference.

*SyScan’08 HONG KONG*
To address the increasing importance of information security in Hong 
Kong, SyScan will be going to Hong Kong in 2008.
SyScan’08 Hong Kong will provide an opportunity for foreign security 
specialists to be exposed to the Hong Kong security community and
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mark Curphey | 5 Dec 2006 19:02
Gravatar

Administrivia

A couple of small things

1. A few people pointed out that I approved a post about what appears to be
commercial software. Having moderated the webappsec list for a number of
years where this issue was somewhat emotive, I am well aware of the
potential for unscrupulous vendors to start product placement on seemingly
independent mailing lists and for a slippery slope to start. What we did on
webappsec was to instigate a rule where only OSI compliant software or that
with no license (totally free) was allowed through. This worked well for
webappsec, however I would argue that there is a lot less mature info sec
security management software and I suspect many readers actually want to
hear about experiences of tools like Archer, Xacta etc. Therefore I will
monitor it and if it starts to become an issue (I'll use some lexical
analysis software as an experiment) well instigate the OSI rule.  

For the record Fred was obviously not doing this and has done nothing wrong,
just evoked some passion among some.

2. I have moved back from the States to the South of France. This means two
things. The first is that I currently am waiting on DSL and so have
temperamental internet access to approve posts at present. The second is
time zones for approving messages are different. 

3. I have been working on a project with some talented folks from this list.
It will be called the ISM Community. While we have a lot of work to do
before we release our first project just after Christmas (as well as a good
community web site with blogs, forum, articles etc) we are looking for a
broad range of beta testers to implement a Practical Risk Assessment
Methodology in the real world and provide feedback. If anyone is interested
in applying a fast, practical quantitative methodology along with worksheets
(Continue reading)

Permalink | Reply | 0 comments |
headers
Charles R. Morrow-Jones | 5 Dec 2006 13:51
Picon
Favicon

Re: Some new software I think might be of interest to group members

The major difference that I see is that Fred is willing to make his software available at no cost for
evaluation and personal use. I don't see any similar options oh the Archer website.

Charles R. Morrow-Jones
Director, Security 
Office of the CIO
The Ohio State University
morrow-jones.2 <at> osu.edu -or- 614.292.1302

----- Original Message -----
From: mrsecmgr <at> hushmail.com
Date: Tuesday, December 5, 2006 5:35 am
Subject: Re: Some new software I think might be of interest to group members

> This is commerical software and I am not sure appropriate for this 
> list (unless you want announcements of every release of Archer, 
> XACTA etc as well) 
> 
> On Mon, 04 Dec 2006 18:44:31 +0100 Fred Cohen <dr.cohen <at> mac.com> 
> wrote:
> >It a java jar file and should execute on just about any computer 
> >out  
> >there. Perhaps, if you are worried about it, you could run it from 
> 
> >a  
> >computer at the local library or elsewhere. Showing a screen shot 
> >is  
> >really not likely to be very informative. I don't think 
> >"Influence"  
> >it is anything like a mind mapping tool and I am certain that
(Continue reading)

Permalink | Reply | 1 comment |
headers
mrsecmgr | 5 Dec 2006 11:33
Favicon

Study Shows IT Security Holds The Key To Compliance

http://www.informationweek.com/news/showArticle.jhtml?articleID=1966

01378

Given Symantec were part of this group recomending not spending 
money on expensive consultants I guess they are disbanding their 
own security consulting team?
By Larry Greenemeier
InformationWeek
Dec 4, 2006

Companies most likely to successfully navigate today's regulatory 
environment need to automate IT security functions rather than blow 

their budgets on pricey consultants or services, and they need to 
do more frequent auditing of the systems and data security. So says 

the IT Policy Compliance Group Monday in its latest report on the 
relationship between regulatory compliance and IT security 
spending.

The group, formed last year by the Computer Security Institute, the 

Institute of Internal Auditors, and Symantec and formerly known as 
the Security Compliance Counsel, began its study assuming that 
larger organizations had more resources to throw at any given 
compliance project. While this is true, they were surprised to 
learn that larger organizations don't necessarily perform better 
than their smaller counterparts when it comes to actually achieving
(Continue reading)

Permalink | Reply | 0 comments |
headers
Fred Cohen | 3 Dec 2006 17:39
Picon

Some new software I think might be of interest to group members

I recently released two new software products that are available for  
free download and testing. They are called Influence and Security  
Decisions. I thought group members might want to download and try them.

Influence is a software program that applies psychological research  
results to the practical challenges of influencing others. It takes  
information from you about your situations, analyzes them, and tells  
you the risks and rewards for different influence strategies you  
might try. It's kind of like an all seeing eye into the future...

Security Decisions 2007 puts sound information security practices  
into a usable form for decision makers in enterprises of all sizes.  
Make better and well documented security decisions more quickly and  
with a sound basis, starting right now...

Both can be accessed by going to http://all.net/ and pressing on the  
proper picture. This takes you to an information page with a download  
capability. I would love to get feedback from group members.

FC

-- This communication is confidential to the parties it is intended  
to serve --
Fred Cohen & Associates                 tel/fax: 925-454-0171
     http://all.net/              572 Leona Drive      Livermore, CA  
94550
Permalink | Reply | 3 comments |
headers
Vivek.Chudgar | 12 Jun 2006 18:59

RE: Convergence

https://www.sans.org/webcasts/show.php?webcastid=90687 

.......

Vivek R Chudgar
Senior Consultant
BS7799 Certified Auditor, CISSP, GSEC, GCFW, SCSA, PCLP

-----Original Message-----
From: tom.psrc <at> hushmail.com [mailto:tom.psrc <at> hushmail.com] 
Sent: Monday, June 12, 2006 9:56 AM
To: mark <at> curphey.com; psrc <at> securityfocus.com; Chudgar, Vivek
Subject: RE: Convergence

Can you send a link to the webcast?

On Mon, 12 Jun 2006 09:43:25 -0400 Vivek.Chudgar <at> foundstone.com
wrote:
>I totally agree with this approach. I think "HR" and "Legal" 
>aspects
>also similarly impact security, and therefore should be included in 
>this convergence.
>
>Having said that, the topic of this webcast sure sounds in line with 
>this discussion:
>
>Tool Talk Webcast:  Tuesday, June 13, 2006 "Hacking the Hallways: 
>The
>Convergence of Physical and Logical Security."
>
(Continue reading)

Permalink | Reply | 6 comments |
headers
Mark Curphey | 4 May 2006 13:58
Gravatar

PSRC Wiki Update

Hi

Just thought we would let you know we are starting to get some good content
on the PSRC Wiki. It's a long way to go before its "really" useful but its
heading in the right direction. 

I added some content about US Breach Laws yesterday
(http://psrc.wikispaces.com/USABreachLaws)

Michael Smith and Vivek Chudgar have also added some great content about
security frameworks and policies. 

Got someone thing add? Something to contribute? 

http://psrc.wikispaces.com
Permalink | Reply | 0 comments |

Gmane