History Project For the South Carolina Chapter
Information is needed to be able to put together our past! Since we are celebrating an important anniversary, we need to research our roots. Please help us collect old newsletters, membership data, and other information for our anniversary celebration.

CanAudit Seminar
The 21st century has arrived and with it a new electronic world that poses significant business risks. Global terrorists know that winning a physical conflict with the major world powers is virtually impossible. They have now discovered that critical commercial infrastructure is highly exposed to a logical attack, therein jeopardizing our society and way of life. The list of potential targets includes power girds, banks, airlines, air traffic controls systems, trucking and transportation companies, chemical and petrochemical facilities, food manufacturers, retailers, hospitals, and local governments. Many of these organizations do not have the necessary controls to detect and repel a serious penetration attempt as the Canaudit Penetration Team has repeatedly proven in client after client. The controls are just not in place to protect most organizations from electronic warfare or terrorism. Electronic espionage also poses a significant threat as cyber criminals are creating new ways to earn a living. Penetrating networks, harvesting files, deleting or altering critical databases, and taking control of critical network components are just a few of the risks.

This highly intensive seminar will provide participants with an understanding of the specific risks related to Cyber Terrorism and Electronic Espionage. They will also receive an audit guide containing a series of checklists and risk control tables to help them perform a threat assessment of their own organization.

This session is intended for auditors, security, and law enforcement professionals interested in identifying the specific electronic threats to their organization¡¦s information technology.

SEMINAR OUTLINE
I WHAT IS CYBER TERRORISM?
„h Objective of Cyber terrorism
„h Who are likely perpetrators?
„h Is it as easy as they say?
„h How would they do it?
„h Live demonstration
„h Preliminary targeting
„h Planning the attack
„h Could it really succeed?

II WHAT IS ELECTRONIC ESPIONAGE?
„h Definition & explanation
„h The impact of open systems
„h Understanding the risk
„h Types of Electronic Espionage
„h Electronic storage facilitates theft
„h Internal penetration by trusted employees
„h External penetration
„h Examples of poorly secured machines
„h Live demo of hacker tools
„h Identification of valuable data by application

III WHAT CAN WE DO?
„h Basic housekeeping
„h Hardening the network
„h Preemptive security
„h Penetration audits
„h Protecting data
„h Gathering knowledge

IV IS YOUR COMPANY TRULY AT RISK?
„h Common misconceptions
„h The obvious, secondary and forgotten targets
„h The forgotten targets
„h Getting management¡¦s attention and funding
„h Risk Control Tables
„h Control checklists

VII POINTS OF PENETRATION
„h Identifying Points of Penetration
„h Identifying connectivity
„h Scanning the network
„h Identifying unauthorized connections to other networks
„h Using exploits to prove risk
„h Performing a modem hunt or demon dial
„h Exploiting the Internet connection
„h Beating the firewall
„h Trading partner issues
„h Third party & general attacks
„h Remote control programs: the terrorist¡¦s friend
„h The internal attack
„h Employees & contractors
„h Temporary staff can be plants

VI PREVENTIVE AND PREEMPTIVE CONTROLS
„h Prevention & readiness
„h Installing preventive controls
„h The network: first line of defense
„h Securing NT and UNIX
„h Watch out for sniffers
„h Protect your email

VII CONCLUSION

Email Me!
Clay Sprouse

ISACA.Org
ISACA Headquarters