Robert D. Hagen, CISSP
Meeting
Presentation: April 5th, 2006
Title:
InfraGard
InfraGard LI Presentation.ppt
Description:
Overview of InfraGard, and benefits of membership.
Speaker
Name:
John D. Heaney
Speaker
Bio:
Head of Global Crossing’s Worldwide Physical Security
Former Special Investigator with Bausch & Lomb’s Corporate Security, focusing on international trademark infringements, counterfeiting, gray market.
Provided Executive Protection on a contract consulting basis to area businesses and individuals.
Investigative Coordinator, Sex Crimes Coordinator as well as other law enforcement duties during my 20 + years of service with Rochester Police Department, Retired.
Area lecturer related to crime prevention and sex crimes as well as the offenders. Co-authored the “Sexual Assault Victim’s Handbook.”
Director of Security at the Society for the Prevention and Cruelty of Children, Rochester.
Graduated with a BA in Criminal Justice, RIT
Associates in Applied Science Degree; Police Science, MCC.
Presentation Downloads
Meeting
Presentation: March 1st, 2006
Title:
Payment Card Industry compliance.
ISSA_PCI Compliance_2006_Mar_01.pdf
Description:
We have a very interesting presentation planed on Payment Card Industry (PCI)
Standards. The PCI standards are security standards and
an information security compliance process developed jointly by the
major credit card companies (Visa Master Card, American Express,
Discover etc.), which apply to all merchants, and service providers
processing, storing or transmitting payment card information. Payment
cards include credit, debit, and gift cards. The compliance process
differs depending on the volume of transaction process, but the
standards apply regardless of the size of the business. This is
probably the biggest and broadest positive influence to web application
security that we have yet to see. It’s not entirely new, it’s been
evolving since 2001, and continues to be updated. The current standard
in effect was published near the end of 2004. This is not a government
regulation or law, rather it’s a contractual agreement mandated by the
credit card companies, with very serious consequences possible for
non-compliant business.
Come hear about what the PCI compliance process, how it may affect your
business, and hear the lessons learned from our three speakers with
in-the-trenches experience of the PCI compliance process.
Speaker
Names:
Maureen Baran, CISSP, CCP, Eastman Kodak Company
Pat Massey, Xerox Corporation
Ralph Durkee, Durkee Consulting, Inc.
Speaker
Bios:
Maureen is employed at Eastman Kodak Company as a Security Analyst in
Information Security Services, Worldwide Information Systems. She is
currently the project leader for Kodak’s Payment Card Industry (PCI)
compliance activities. Her responsibilities also include security
architecture, securing third party network connections to Kodak and
outsourcing security. During her 35-year career at Kodak, Maureen has
held a variety of information systems positions and has been s Security
Analyst for approximately 10 years.
She has a BS in Mathematics, an MS in Computer Science and an MBA from
Rochester Institute of Technology.
Pat Massey is the Payment Card Industry Compliance Program Manager at
Xerox Corporation. Massey coordinated the global compliance initiative
for Xerox and is a member of the Information Risk Management and
Compliance Office. Prior to working at Xerox, Massey was in the banking
industry and was responsible for managing the credit/debit card
processing for a large local bank.
Ralph has over 25 years of experience in Software Development, and
Systems Administration and Network Security. Ralph provides security
consulting for Web application security and PCI compliance for Rochester
area businesses. He's also a local teacher for SANS GSEC Security,
certified since 2000, a Certified Incident Handler & Hacker (GCIH) since
2001, as well a CISSP certified instructor. He has worked as an
independent consultant and trainer since 1996, and is the Lead Developer
for Center for Internet Security Unix/Linux/FreeBSD security benchmark
score tool, and also developed a major portion of the Web Application
Security for SANS LAMP track 615.
Meeting
Presentation: March 1st, 2006
Title:
RochISSA.org Website Refresh
RochISSA.org-site-refresh.ppt
Description:
Discussion on the current state and future direction of the RochISSA.org website,
including possible use of CMS (Content Management Systems).
Speaker
Name:
Robert Combo
Speaker
Bio:
Robert Combo, CISSP, SCSA is a Network Engineer in EDS@Xerox Network Security Services.
Meeting
Presentation: January 24th, 2006
Title:
Incident Response Teams
Incidence Response Teams.ppt
Description:
Discussion on Incident Response Teams, including dealing with the
latest privacy laws and the impact that they have on the CIRT teams
as well as the other security departments.
Speaker
Name:
Rob Nellis
Speaker
Bio:
Rob Nellis, CISSP is the supervisor of Paychex CIRT/Security Administration.
Meeting
Presentation: Dec 8th, 2005
Title:
Security of Multifunction Printing Devices and How the Common Criteria Has Helped
Protecting Your Documents beyond the PC, 120805.pdf
Description:
Most companies are unaware of a major threat to their document
security - the networked multifunction device. Each time a
document is copied, printed, scanned or faxed, an image is left
behind on the systems’ hard drive that’s as much at risk of
getting hacked as the information on their PCs. In this session,
learn about threats to document security and hear examples of
certification standards and security features that can help IT
managers effectively resist attack from intruders attempting to
gain access to mission critical and highly sensitive information.
Speaker
Name:
Larry Kovnat
Speaker
Bio:
Larry Kovnat is the systems security manager at Xerox Corporation.
He has held program management positions in printer and multifunction
product development throughout his career at Xerox.
