Kansas City ISSA Newsletter Volume 28, Issue 1 December 10, 2015

ISSA/ISACA Chapter meeting Ritz Charles

December 2015

The President’s Corner Hello ISSA Kansas City Members and Happy Fall! Hope all of you had a great Thanksgiving and I wish you safe and joyful holidays! I am excited about the upcoming December luncheon presentation of “The Verizon Data Breach Incident Report: Beyond the Hype”, presented by Jack Daniel and Gabriel Bassett. Looking forward to seeing you all there.

Inside this issue:

President’s Corner Security/Privacy Certification Corner New Chapter Members, Renewals Upcoming Chapter Event Sponsors

Please look into the Cyber Security Career Lifecycle (CSCL) initiative. If you are interest in participating in this program, please let us know. Following is the link for more information (Web Link CSCL). Thank you for participating in elections for ISSA KC board officers! We will be reaching out to the new candidates later this month. The results will be announced in the January, 2016 Newsletter. If you are interested in any roles and did not participate in the voting survey, please let me know. We will be sending out of the ISSA KC satisfaction survey soon! Please do give us your feedback. Sincerely,

Naeem Babri President, ISSA Kansas City

Upcoming ISSA-KC Monthly Chapter Meeting Schedule December 10, 2015

Jan 28th, 2016

ISSA Combined Meeting with ISACA Ritz Charles

McCormick & Schmicks More Details to Come

February, 2016

More Details to Come

1

ISSA KC November, 2015 Happy Hour On November 5, 2015 the ISSA KC Chapter held its semi-annual Happy Hour at La Bodega in Overland Park, KS. We had a great turn out. It was a night of cocktails and endless appetizers. It was an opportunity get together with our fellow chapter members, and their family and friends to network and get acquainted.

2

Security/Privacy Corner How do Virtual Networks Work? This article explains why a virtual server would or would not be more secure than a physical server. Virtualization is not a new concept. Generally a virtual server is located somewhere offsite, or it could be located within the organization’s network, and is shared by multiple users. With virtual servers a physical sever is converted to multiple virtual machines running different operating systems or applications (StoneFly, 2014). They process traffic the same way as a physical server however, using a hypervisor. By using the technology of Server Virtualization, a virtual server is configured by partitioning a physical server into multiple servers. For example, with a virtual server, you can have Microsoft, Linux/Unix, and Oracle all running on the same server. Most users that interface with virtual machines have no idea that they are connecting to a server that runs multiple operating systems and applications. The advantage of using virtualization is it allows you to take advantage of the full computing power of the server. Most severs only use a portion of their computing power, therefore with virtual servers it allows an organization to save money by reducing the number of servers needed through server consolidation. In regards to if a virtual server is more secure than a physical server. It depends. I initially I thought when answering this question the virtual server would be more secure, because if there was a security vulnerability or patch needed you wouldn’t have to patch multiple servers but one. However, in a Gartner report in 2010 the report noted that the majority of virtual servers being deployed are less secure, than when they were physical servers. Gartner’s report predicted that 60 percent of virtualized servers deployed from 2010 and 2012 would be less secure than the physical servers that were being replaced, primarily due to poor IT practices and a lack of tools for IT professionals to do their job (Patrizio, 2010). Additionally, what causes the virtual servers to be insecure is often the security teams are not involved until after the virtual machine has been implemented. Virtual Machines (VM) can be just as vulnerable as physical servers because often the IT teams do not secure the VM’s. What causes the virtual servers to be insecure is often the security teams are not involved until after the virtual machine has been implemented. An advantage to VM’s is that it is simpler to apply security fixes to one single server, versus deploying a security patch to hundreds of servers in a network. Virtual machines use a hypervisor to manage the machine, if the hypervisor isn’t secure it becomes vulnerable to attacks. The hypervisor is one of the most critical levels in the system because of the privilege access required however, according to Gartner many IT professionals don’t pay it any mind (Patrizio, 2010). At this point in the advent of clouding computing services, one would think that service providers have proven to be able to implement efficient back recovery, up-to-date security patches, and effective protection of data. Companies that move their services to cloud eliminate the need to provide security for their data, as this responsibility moves to the cloud provider. However, in an article published in 2014 the author stated that virtual machine hosting is no more secure than physical servers (Vaughan-Nichols, 2014). Virtual servers are just as vulnerable to attacks and malicious software as their physical hardware counterpart. Specifically, VM’s are vulnerable to hypervisor attacks since the hypervisor manages the quest operating systems that reside on the server. Additionally, an infected VM can attack other VM’s that reside on the same server. With that said, if you want to keep a virtual or a physical server secure you have to follow best security practices. More recently, in 2014 Tony Bradley published in PC World magazine a study performed by Kaspersky Labs. Kaspersky Labs surveyed about 4,000 IT professionals and cited that 41 percent of the participants stated that managing security for virtual servers is a struggle. Additionally, Kaspersky Labs asked the IT respondents about security threat awareness in virtual environments, and how their organization would counter these threats. Over half of the participants stated that their company had partially applied security solutions in the virtual environment (Bradley, 2014). With that said, it depends on the knowledge and awareness of the IT and security professionals when implementing the virtual environment to determine if virtual servers or physical servers are more secure. Author,

3

Cheryl O. Cooper, CISSP and ISSA KC Chief Editor Reference Bradley, T. (2014). Virtual servers still face real security threats. Retrieved from http://www.pcworld.com/article/2458764/virtual-servers-still-face-real-security-threats.html Patrizio, A. (2010, March). Are virtual servers less secure than physical servers?. Retrieved from http://www.esecurityplanet.com/trends/article.php/3871716/Are-Virtual-Servers-Less-Secure-Than-Physical-Servers.htm Vaughan-Nichols, S.J. (2014, August). Virtual servers: No safer than any other kind. Retrieved from http://www.zdnet.com/virtual-servers-no-safer-than-any-other-kind-7000032594/

Future of Terrorist Attacks and the Role of Law Enforcement The purpose for this article was to discuss what law enforcement should be U.S. citizens from future terrorist attacks, as well as how can law doing to protect enforcement agencies identify terrorists living on U.S. soil. This article further discusses what methods should be used to monitor terrorist activities, as well as how can the United States gain the support of other nations in combating terrorism. Traditionally, local law enforcement has concerned itself primarily with preventing and solving crimes such as burglary, theft, and robbery; crimes that have an immediate and visible affect the local community and affect citizen quality of life. In the face of unknown future terrorist threats, however, local law enforcement organizations are trying to adapt existing policing strategies to fulfill the requirement of homeland security. In the wake of September 11, 2001 and the Attacks on Paris, November 2015, local law enforcement agencies throughout the country find themselves struggling to identify their responsibilities and define their future role in the effort to combat terrorism (Institute for Homeland Security Solutions, 2009). The new policing model for terrorism and homeland security must address the areas of crime prevention, intelligence gathering, and information sharing. While these roles are not new to local policing, homeland security at the local level will require a shift in law enforcement’s role if police are to ensure the safety and welfare of citizens (Institute for Homeland Security Solutions, 2009). Community policing requires an organizational transformation inside the law enforcement agency so that a set of basic values rather than mere procedures guide the overall delivery of services to the community. Organizational transformation involves the integration of the community policing philosophy into the mission statement, policies and procedures, performance evaluations and hiring and promotional practices, training programs, and other systems and activities that define organizational culture and activities (Manhattan Institute for Policy Research, 2006). The investigative approach to a terrorist event is similar to that of a traditional crime incident (Institute for Homeland Security Solutions, 2009). Because of the similarities between traditional crime and terrorism, departments that have already adopted a community policing philosophy should find it a seamless transition to addressing terrorism and terrorismrelated crime. Local agencies will need to expand beyond the rudimentary aspects of law enforcement training such as firearms, driving, unarmed defense, and criminal law into one that emphasizes an analytical preventative approach (Manhattan Institute for Policy Research, 2006). How law enforcement agencies can identify terrorists living on the U.S. soil. Over the last recent years it has been acknowledged by the Department of Defense and Deparrtemnt of Justice that state and local law enforcement play a critical role in homeland security relative to preventing terrorist attacks on U.S. soil. While the need for greater inclusion of state and local law enforcement in counter-terrorism has for the most part been known, there were a number of challenges to implementing this vision, including training officers on how to identify behaviors indicative of terrorism, developing mechanisms to report and share suspicious activity reports (SARs) across

4

jurisdictions, and developing more detailed strategies for analyzing SARs (Institutue for Homeland Security Solutions, 2011). State and local law enforcement agencies are important partners in preventing terrorism, with responsibilities that include identifying and investigating local terrorist threats and protecting potential targets from attack (Ward, Keirnan, & Mabrey, 2006). To meet these responsibilities, law enforcement must develop better ways to find and analyze pieces of information that could spotlight potential terrorist activity. Law enforcement can look for trends and patterns in activity over time, finding multiple instances of individuals videotaping structural elements of the bridge, as well as trespassing on the bridge, heightens suspicion. Similarly, finding multiple instances of questionable shipments on bills of lading by a single company heightens suspicion (Ward, Keirnan, & Mabrey, 2006). Planning needs to involve threat assessments, which means identifying those targets that have varying degrees of vulnerability, and the risk assessment (cost, involved facilities) associated with each one ((Ward, Keirnan, & Mabrey, 2006, p`. 264). Planning should be an ongoing component of every organization and bureaucratic structure, in both the public and private sector. The National Response Plan (NRP) of the federal government is designed to provide a national level response to major crises, including natural disasters, terrorism and health care threats (Ward, Keirnan, & Mabrey, 2006). Statewide efforts have been implanted to include more effective reporting capabilities, the incorporation of statewide plans, and provide a rapid response by governmental and private support agencies (Ward, Keirnan, & Mabrey, 2006). In the wake of the Islamic Attacks on Paris it was identified that one of the terrorist immigrating into Paris desquised as a refugee. Obama has said that the administration is moving forward with its plan to thoroughly vet and admit as many as 10,000 Syrian refugees. All three Democratic presidential candidates in 2015 have said they would admit Syrians but only after thorough background checks. But after the mass killings in Paris, which left at least 129 people dead, suggested that there is evidence that may support what people have been theorizing: People with secret ties to Islamic militants could flow across borders as part of waves of refugees. Police must rededicate themselves to maintaining amicable relationships with immigrant communities, whose cooperation and trust are needed in fighting terrorists. To that end, state and Safe Cities Project local police can receive training from authorities in other countries that have gained the trust of their Arab or Islamic communities. Within these communities are "substantial numbers of people who, if they knew somebody was really intending to blow up a building, would drop a dime pretty quickl”. For that reason, as British prime minister Tony Blair has rightly said of Islamic terrorism, “In the end this can only be taken on and defeated by the community itself” (Manhattan Institute for Policy Research, 2006) First responders should be familiar with their responsibilities in terrorist attacks or other emergency situations. The Department of Homeland Security published the National Response Plan in December 2004 in an attempt to provide an effective resource for the coordination of all first responders. The broad area of first responders make up several sectors of the nation's industry: federal, state, local, tribal, nongovernmental, and the private sector (Institute for Homeland Security Solutions, 2009). Monitoring Terrorist Activities Dr. David Carter, in Law Enforcement Intelligence: A Guide for State, Local and Tribal Law Enforcement Agencies, stresses the importance of new initiatives in the intelligence community. They include (Ward, Keirnan, & Mabrey, 2006): 1. Development of the FBI Intelligence program with a new emphasis on intelligence requirements and products 2. Development of new FBI counterterrorism initiatives and programs 3. New intelligence products from the Department of Homeland Security (DHS), as well as a substantive input role of raw information into the DHS intelligence cycle by state, local and tribal law enforcement agencies. 4. Expansion and articulation of the Intelligence-Led Policing concept 5. Implementation of the National Criminal Intelligence Sharing Plan 6. Creation of a wide variety of initiatives and standards as a result of the Global Intelligence Working Group (GIWG) of the Global Justice Information Sharing Initiative. 7. Renewed vigor toward the adoption 28 CFR Part 23, Guidelines for Criminal Intelligence Records Systems, by law enforcement agencies that are not required to adhere to the regulation

5

8. Secure connections for email exchange, access to advisories, reports, reports, and information exchange, as well as integration and streamlining the use of Law Enforcement Online (LEO), Regional Information Sharing Systems’ RISS.net, and creation of the Anti-Terrorism Information Exchange (ATIX). United With Other Countries to Combat Terrorist One of the most know methods for the United States to gain the support of other nations in combating terrorism is through it’s military forces. The need to deploy or to station U.S. military forces abroad in peacetime is an important factor in determining its overall force structure. U.S. forces permanently stationed and rotationally or periodically deployed overseas serve a broad range of U.S. interests. Specifically, these forces (U.S. Department of Defense): • “Help to deter aggression, adventurism, and coercion against U.S. allies and friends and interests in critical regions”. • “Improve the U.S. ability to respond quickly and effectively in crises”. • “Increase the likelihood that U.S. forces will have access to the facilities they need in theater and enroute”. • “Improve the ability of U.S. forces to operate effectively with the forces of other nations”. U.S. military forces and assets are frequently called upon to provide assistance to victims of floods, storms, droughts, and other disasters. Both at home and abroad, U.S. forces provide emergency food, shelter, medical care, security, and demining assistance to those in need. During year1994, 60 countries benefited from DOD humanitarian assistance, which included four major humanitarian operations (U.S. Department of Defense). State sponsors are a critical resource for terrorist enemies, often providing funds, weapons, training, safe passage, and sanctuary. Some of these countries have developed or have the capability to develop Weapons of Mass Destruction (WMD) and other destabilizing technologies that could fall into the hands of terrorists. The United States monitors five countries that have been identified as sponsors of terrorism: Iran, Syria, Sudan, North Korea, and Cuba (U.S. Department of Defense). The Internet provides an inexpensive, anonymous, geographically unbounded, and largely unregulated virtual haven for terrorists. Terrorist use the Internet to develop and disseminate propaganda, recruit new members, raise and transfer funds, train members on weapons use and tactics, and plan operations. The United States intelligence agencies monitor Internet activity that suggest that terrorist activity might be occurring (National Strategy for Combating Terrorism, 2006), It is “unprecedented" to try foreign terror suspects through the United States' judicial system, stating, “It's unprecedented to afford constitutional rights to, basically, prisoners of war” (Scarborough, 2009). During the Bush and Clinton administrations, numerous foreign terrorists were tried and imprisoned by the U.S. federal system, including 9-11 conspirators Zacarious Moussaoui and 1993, and the World Trade Center bomber Ramzi Ahmed Yousef. However, they should not be afforded the same constitutional rights as U.S. citizens. The Constitution, which is a Law, protects the Citizens of the United States of America. That Constitution was written by and for the Citizens of the United States of America. It does not apply to Citizens or Subjects of another Country. Under the Geneva Conventions of 1949, there are standards in international law for humanitarian treatment of victims of war. They specifically protect people who are not taking part in the hostilities. However, the Geneva Convention is contradictory because if further states, “Common Article 3 applies to the global conflict with terrorists anywhere on earth involving the territory of a party to the Geneva Conventions” (Center for Defense Information, 2006. Therefore, according to the law they have the same Bill of Rights as a U.S. citizen. The Geneva Convention states, “requires that punitive sentences and executions (i.e., criminal punishments) be pronounced only by a “regularly constituted court” that “affords all the judicial guarantees, recognized as indispensable by civilized peoples” (Center for Defense Information, 2006). Terrorist are hostile groups and should have a different process for foreign suspects, under the U.S. Constitution, the government interrogates and prosecutes criminal suspects in its custody under a justice system that presumes innocence until guilt is proven. That provides for due process. Perhaps to their own dismay, terrorists are criminals, not warriors, and should be treated accordingly. Author, Cheryl O. Cooper, CISSP and ISSA KC Chief Editor

6

References Center for Defense Information. (2006, September 12). Terrorism detainees: Geneva Convention common article 3. Retrieved from, http://www.cdi.org/program/document.cfm?DocumentID=3661 Institute for Homeland Security Solutions (2011, April). Building on clues: Methods to help state and local law enforcement detect and characterize terrorist activity. Retrieved from http://sites.duke.edu/ihss/files/2011/12/IHSS_Building_on_Clue_Final_Report_FINAL_April-2011.pdf Manhattan Institute for Policy Research (2006). Hard won lessons, the new paradigm: Merging law enforcement and counterterrorism strategies. Retrieved from http://www.manhattan-institute.org/pdf/scr_04.pdf Scarborough, J. (2009, November 16). Quick fact: Scarborough falsely claimed trials of foreign terror suspects through U.S. judiciary are “unprecedented”. Media Matters for America. Retrieved from http://mediamatters.org/research/200911160002 U.S. Department of Defense (n.d.) Roles of military power U.S. defense strategy. Retrieved from, http://www.dod.mil/execsec/adr95/roles.html Ward, R.H., Keirnan, K.L., Mabrey, D. (2006). Homeland security an introduction. Cincinnati, OH: Anderson Publishing a Member of the LexisNexis Group.

Certification Corner The Official (ISC) 2 Guide to the CISSP CBK, 7th Edition is now available. This edition reflects the changes to the CBK that are effective April 15th, 2015. The digital download is available via the official (ISC) 2 website at https://www.isc2.org/official-isc2-textbooks.aspx. These books can also be purchased through Amazon. Thanks, Shane M. Talbot Director of Education [email protected]

ISSA Kansas City Chapter New Members and Membership Renewals Please send Jen Baxter an email if you have any questions about the ISSA membership and benefits. Thanks, Jen Baxter Membership Director, [email protected]

Save the Date —January 28, 2016 Jan 28th, 2016 McCormick & Schmicks

Events, Training and CPE Opportunity 7

ISSA December 2015 Journal Members - Please click on the following Journal issue links for access: COMPUTER-Desktop/Laptop: Bluetoad | PDF; MOBILE-phone/tablet: iOS, Android ePub | Kindle Mobi

Webinars & Conferences Webinars are an easy way to stay informed on trending industry developments from the convenience of your own office. In everything from mobile technology to compliance. Webinars and conferences provide insight into topics affecting our industry and your business.

The Nightmare after Christmas: Plugging the Mobile Security Gap Hosted by: Outlook Security and InfoSecurity Date/Time: 10 Dec 2015, 15:00 GMT, 10:00 EST “Personal devices are now very capable and every bit as powerful as PCs were a few years ago. And people expect to be able to use their devices at work: Mobile is the new normal. This holiday season, mobile devices - especially tablets or cell phones are likely to be once again set to be a very popular gift. Yet while unwrapping a shiny new gadget might well bring joy to employees, for security teams the problems really start in January when people try to connect such devices to the office network”. “Moreover a lot of security teams don't see mobile as a high-risk threat, even though attackers increasingly see it as a sweet spot. Mobile devices are the backdoor to the corporate network and sophisticated attacks can exploit it, unless enterprises act now to close the door”.

Register December 2015 Chapter Meeting

ISSA-Kansas City December 10, 2015 Chapter Event On December 10, 2015 the ISSA-KC Chapter members, ISACA, and other security professionals will hold a meeting at Ritz Charles of Overland Park to network and attend the monthly chapter meeting, with presentation topic. Summary: December 10, 2015 ISSA Meeting Info Speakers: Gabriel Bassett bio: Gabriel is a senior information security data scientist specializing in data science, machine learning, and graph theory applications to cyber security on the Verizon Security Research team at Verizon Enterprise Solutions and a contributing author of the 2015 Verizon Data Breach Investigations Report and Protected Health Information Data Breach Report. He has previously held cyber security risk manager, testing, intelligence, architect, and program management positions at the Missile Defense Agency and Hospital Corporation of America. Jack Daniel bio: Jack Daniel works for Tenable Network Security, has over 20 years' experience in network and system administration and security, and has worked in a variety of practitioner and management positions. A technology community activist, he supports several information security and technology organizations. Jack is a co-founder of Security BSides, serves on the boards of three Security BSides non-profit corporations, and helps organize Security B-Sides events. Jack is a frequent speaker at technology and security events. An early member of the information security community on Twitter, @jack_daniel is an active and vocal Twitter user. Jack is a CISSP, holds CCSK, and is a Microsoft MVP for Enterprise Security. Topic: Verizon DBIR: Beyond the Hype

8

Abstract: The Verizon Data Breach Incident Report is one of the most read reports in InfoSec, but most people don't really dig into the report and its underlying wealth of information. In this presentation, Jack Daniel of Tenable Network Security and Gabriel Bassett of Verizon will focus on three keys areas: 1. 2. 3.

Analysis beyond the bullet points in the DBIR, and follow-up analysis beyond the initial report. The value of the Vocabulary for Event Recording and Incident Sharing (VERIS) framework for providing describing security incidents in a structured and repeatable manner. Making the DBIR Actionable: how to apply the lessons and data from the DBIR and other reports to make your environment more secure.

Location: Ritz Charles of Overland Park 9000 W 137th St, Overland Park, KS 66221 Phone :( 913) 685-2600 Agenda: 11:30 AM - 12:00 PM - Registration 12:00 PM - 1:00 PM - Lunch 1:00 PM - 3:00 PM – Presentation Lunch Menu:  Mixed Tossed Green Salad  Chicken Basil Cream  Green Beans with Red Peppers  Smoked Gouda Au Gratin Potato  Lemon Cake with Raspberry Sauce Price: Members: $20.00 Meeting Non-Members: $30.00 Maximum Reservation: 40 Credit(s): 2 CPE credit To Register, please use one of the following links:

*** Register ***

9

The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications and peer interaction opportunities that enhance the knowledge, skills and professionalism. The primary goal of ISSA is to promote management practices that will ensure availability, integrity and confidentiality of organizational resources. President Naeem Babri [email protected] Vice President/Program Director Dan Boeth [email protected] Director of Social Media Melissa Salazar Secretary of Board Cheryl Cooper Newsletter Chief Editor Cheryl Cooper [email protected] Treasurer Jo Ann Fisher [email protected] Director of Membership Jen Baxter [email protected]

Director of Education Shane Talbot [email protected]

Director of Programs Carmen Banks [email protected] Webmaster Thomas Badgett [email protected]

Past Presidents Bob Reese Tom Stripling Jeff Blackwood

10