From the President
Calendar of Events
Job Postings
ISSA Journal
Contact Us

Archived Event Description

June 21, 2007
Our next meeting will be Thursday, June 21, 2007 at 1:00 pm

Event Details:


Date: Thursday, June 21, 2007 - 1:00 pm - 4:00 pm

Venue: Cisco, 499 Thornall St, Edison, NJ - 5th Floor Shea Stadium
Conference Room


Title: "Helping companies understand the attacker's approach to
compromising their information systems"

Name of Presenter: Don Kelloway

Presenter Bio: "Don Kelloway is a Systems Engineer for Core Security
Technologies, where he provides training and technical support for CORE
IMPACT'S user base.

Don has over ten years of extensive experience in the field of technical
support, including acting as a private consultant for a number of years. He
has an extensive knowledge of computer forensics, penetration testing,
network implementation and administration, customer support, technical
sales, and network and systems design.

Don is a member of the National Information Security Group (NISG), the
International Information Systems Forensics Association (IISFA), the
Information System Security Association (ISSA) and the FBI's InfraGard
program (Boston Chapter).


Title: Legal, Regulatory, and Compliance - Upcoming, current and past

Presentation Abstract: One of the most critical goals of Information
Security Governance is Compliance. Legislation exists. Legislation is in
the making and more is coming our way. HIPAA signified the change in pace,
which became a gallop with SOX and now there is no end in sight. Complying
with legislation has now become a determinant of the competitiveness of a
company. Companies that feel compliance is an issue do not seek a listing
on the NYSE. Companies that do, claim the expense of being compliant is a
big drain on their resources. The government is also a huge stakeholder in
compliance and hands out big fines for non-compliance with regulations.

Recognize legal, regulatory, compliance and contractual requirements, as
risks that must be mitigated

Analyze all areas of business impacted by above.

Identify common elements that can be addressed by a common risk
mitigation plan.

Develop a compliance framework that helps sustains the risk
assessment and sustains the risk mitigation plan.

Assign small teams to address areas that are not common to the
above compliance framework.

Consult your lawyers, early and often.

Presenter Bio: Ashish Atri is a senior Compliance, Risk and Information
Security Mitigation Consultant.

His experience includes work on several assignments, nationally and
globally, advising clients with needs for risk mitigation in the areas of
Compliance, ISO 27001/17799, Business Continuity and Disaster Recovery,
Information Security and Privacy. He has over 20 years experience as a
management consultant with experience in Banking, Healthcare,
Pharmaceuticals, Consulting and Business Process Re-engineering, at a
global level. Ashish has worked on several global risk assessments and has
consulted with clients in, both the private and public sector, for their
Compliance and Information Risk related needs and concerns. In the recent
past, Ashish has consulted with the largest central bank in the world, the
number one financial services company in the world, the number one news
gathering and dissemination company in the world and one of the top five
pharmaceutical companies in the world. Ashish has a BS in Electronics and
an MBA. He is a certified Lead Auditor for ISO 27001 and ISO 9001.

Back to Calendar Archives

Home | Membership | Calendar | Presentations | Journal | Sponsors | Contact Us

© 2004 ISSA, NJ Chapter