Wednesday 22Nd June 2005At Old Jordans Hotel & Conference Centre (Buckinghamshire)

Wednesday 22nd June 2005at Old Jordans Hotel & Conference Centre (Buckinghamshire)

The Information Security Special Interest Group (ISSIG) provides a forum for internal auditors and security professionals to discuss topics related to information security, ISSIG is affiliated to the IIA UK & Ireland. We have organised a one-day event that will be of interest to all internal auditors and security professionals. The event will offer an ideal opportunity to network with fellow professionals from both public and private sectors.

Key speakers will cover the topics of Penetration Testing and Identity Theft. Penetration testing and vulnerability scanning are widely used techniques for evaluating the effectiveness of network security but remain "black arts" to many. The objective of two of the sessions is to demystify penetration testing and give a practical demonstration of some of the techniques employed. Government research estimates that an identity theft happens every four minutes in the UK, costing approximately £1.3bn a year. The objective of two of the sessions is to provide greater insight into Identity Theft and to provide practical measures that can be taken to contain the risks.

Delegate Fee: £70

Which includes a two-course lunch, refreshments and session notes.

Venue: Old Jordans Hotel & Conference Centre, Near Beaconsfield, Buckinghamshire, HP9 2SW.

[Conveniently located for M40, M25 and Heathrow Airport.] (

See pages below for more details. For enquiries and booking instructions see attached booking form.

Wednesday 22nd June 2005 at Old Jordans Hotel & Conference Centre (Buckinghamshire)

09.30 - 10.00 / Registration and Coffee
10.00 - 10.15 / Introduction from the Chair / Stella Ollier
10.15 - 11.15 / Session 1: Penetration Testing (Theory & Practice)

• What is meant by penetration testing and what does it involve?

• What is the value of penetration testing?

• What is the difference between infrastructure and application testing?

• What are the key techniques used by penetration testers (and hackers)?

• How do testers prove that systems are vulnerable and what safeguards are there?

/ James McKeogh (KPMG)
James McKeogh is a Principal Advisor within KPMG’s Information Risk Management practice. James has been involved with a wide range of penetration tests and security assurance assignments. He is involved with KPMG’s work in the e-commerce arena and has led many encryption and PKI based engagements. He has also been involved with several security management and infrastructure projects including policy and procedure development, risk analysis and project management in the areas of host, network and physical security. Prior to joining KPMG, James studied for his MSc in Information Technology and since joining has also completed the Information Security MSc course at Royal Holloway and Bedford College, University of London.
11.15 – 11.30 / Break for Refreshments
11.30 – 12.30 / Session 2: Penetration Testing (Practical Demonstration)

• Basic infrastructure vulnerability scanning

• Exploitation of a infrastructure vulnerabilities

• Application vulnerability testing

• Brief demonstration of key application testing techniques

• Exploitation of application vulnerabilities

/ Peter Wood (First Base Technologies)
Peter founded First Base Technologies in 1989 as a vendor-independent consultancy. Peter has hands-on technical involvement in the firm on a daily basis, working in areas as diverse as network security reviews, firewall penetration testing and policy and procedures. He also leads regular technical seminars on firewalls, ethical hacking techniques, Microsoft NT and Internet security. He is the lead consultant for testing web services, web applications and databases, and for on-site penetration testing.
Peter is a popular speaker at many conferences, including COSAC, EuroCACS (ISACA), BCS-IRMA and BCS-ISSG. His topics include Casebook of an Ethical Hacker, Intrusion Detection and Implementing BS7799.
12.30 – 13.45 / Two-course Lunch
13.45 – 14.45 / Session 3: Identity Theft

• What is Identity Theft?

• Brief History / Evolution.

• Nature of the Problem:

• Who are the targets?
• How is it perpetrated?

• What countermeasures can organisations and individuals take to reduce their exposure?

/ Andrew Beard (PricewaterhouseCoopers)
Andrew Beard is a director in PricewaterhouseCoopers UK Advisory Performance Improvement Consulting business. Andrew has specific responsibilities for IT Effectiveness including Information Security, for the financial services industry. An IT professional for 20 years, Andrew was involved in both the 2002 and 2004 DTI Information Security Breaches Surveys and has worked extensively in the areas of security penetration testing and helping organisations recovering from the impact of security breaches. Andrew has also lectured on the subject of Cybercrime on many occasions including on the Royal Holloway College's Information Security MSc course.
14.45 – 15.00 / Break for Refreshments
15.00 – 16.00 / Session 4: Identity Theft & Role of NHTCU

• Roles of NHTCU

• Effective Information Security

• Steps to mitigate risks

/ Stephen Edwards M.B.E.
(Crime Reduction & Industry Liaison Section National Hi-Tech Crime Unit)
Stephen Edwards has nearly 30 years experience in law enforcement and has spent the last 10 years working with the Internet. His main background is in Criminal Intelligence and has worked in the Intelligence Directorate at New Scotland Yard and also on the Commissioner's private staff. In 1998 he was awarded the Golden Candle Award for innovation in intelligence gathering techniques and in 2004 was made a Member of the Order of the British Empire by Her Majesty the Queen, for services to police. He has been with the National Hi-Tech Crime Unit for two years and before moving to the Industry Liaison worked as a Tactical and Technical Consultant in the unit.
16.00 – 16.30 / Closing Remarks from the Chair & any further questions

ISSIG Booking Form

Event on Wednesday 22nd June 2004 at Old Jordans Hotel & Conference Centre, Near Beaconsfield, Buckinghamshire, HP9 2SW ()

All bookings for this ISSIG event must be made by completing and submitting this form. Preliminary bookings can be made by email or post using the contact details provided on the second page below.

Booking forms for this event must be returned at the latest by Friday 17 June 2005.

Event Title & Fee / Information Security: Identity Theft & Penetration Testing. £70 per delegate.
Day & Date / Wednesday 22 June 2005
Venue / Old Jordans Hotel & Conference Centre, Near Beaconsfield, Buckinghamshire, HP9 2SW.
Further Venue Information:
Details relating to the venue, including directions, can be found at ( The event will be held in the Mayflower Barn; a historic monument and listed building believed to have been built with timbers from the ship ‘Mayflower’ which took the Pilgrim Fathers to the USA in 1620.
Conveniently located close to M40, M25 and Heathrow Airport.
Overnight accommodation available at £85 per night, this is to be booked and paid directly with Old Jordans Hotel.
Old Jordans Hotel can arrange transport from Heathrow Airport and the local Rail Station, please contact the Hotel if this is required.

Person making booking:

Name
Job title
Organisation
Address
Postcode
Telephone / Extension
E mail
Special Requirements (dietary, access, etc)

Please reserve places for:

Surname / Preferred first name
1
2
3

Payment due:

@ £70 Each =
Total amount = £

Payment Instructions:

Cheque(s) made payable to ISSIG for £70 per delegate.

Direct payment into the ISSIG bank account can also be made, account information for this is:

HSBC Bank [Account Number: 61424432. Sort code: 40-04-12]

International Bank Account Number [GB93MIDL40041261424432. Branch Identifier Code: MIDLGB2110F]

DATA PROTECTION

By returning this form you consent to our processing your sensitive personal data (such as dietary requirements or health data) for the above purposes. If you have given us information about another/other person/s you confirm that they have appointed you to act for them, to consent to the processing of their personal data, including sensitive personal data, to the transfer of their information abroad (if necessary) and to receive on their behalf any fair collection notices. You (and they) have a right to ask for a copy of your information and to correct any inaccuracies.

TERMS AND CONDITIONS OF BOOKING

Application

1. These Terms and Conditions apply to the ISSIG Event to be held on 22nd June 2005. All bookings should be made on ISSIG’s booking form and sent with a cheque (or direct payment into the bank account provided) in full payment of the event fee. Companies that require an invoice in order to raise a cheque should forward the completed booking form with a statement of intent to pay the fee on receipt of the invoice.

Fees

1. The cost includes lunch, refreshments and all conference documentation.

3.Please make cheques payable to “ISSIG” or make a direct payment into the ISSIG bank account (details provided). An email confirmation will be sent to you prior to the event.

Changes

1. No refund for event fees will be available after 8th June 2005. However, a substitute delegate will be very welcome at any time, at no additional cost.
2. The Committee reserves the right to change the venue subject to reasonable notice and substitute topics or speakers. The ISSIG Committee also reserves the right to cancel the event at their discretion, in which case attendees will be notified and all monies received will be refunded in full.

Liability

1. The Members of the ISSIG Committee accept no liability for any loss or damage suffered to delegates or their property...
2. Although the programme has been compiled in good faith, the content of each Speaker’s presentation has been created independently and, as such, the ISSIG Committee cannot accept any responsibility for the content and any consequences ensuing from the application of such content. Delegates should take specific advice when dealing with specific situations. Opinions expressed are those of individual speakers and not of the ISSIG Committee.

Please send your completed booking form with payment to:

Stella Ollier,

Information Risk and Security,

Cheshire Building Society,

Castle St,

Macclesfield,

Cheshire, SK11 6AF

Preliminary bookings may be made by e-mailing reservations to:

For any enquiries relating to the event please contact Kal Taheem at:

Email: Telephone: 0207 426 7108