SDISSA

Holistic Information Security Practitioner (HISP) Certification Course to be held at SAIC-San Diego March 15-19, 2010

Sat, 06 Mar 2010 00:01:18 -0800

The public Holistic Information Security Practitioner (HISP) Certification

course will be held at SAIC in San Diego, CA:

DATE: March 15-19, 2010

TIME: 8:30 AM - 5:30 PM (Mon - Thurs)

and 8:30 AM - 3:00 PM (Friday)

LOCATION: SAIC - Campus Point Facility

Building E - Room 2200

10260 Campus Point Drive

San Diego, CA 92121-1578

"....The Holistic Information Security Practitioner (HISP) Certification course is one of the fastest growing information security certifications for Information Security Practitioners, Managers and Officers. In the current global economic recession, a recent CareerBuilder.com report indicates that the Information Security Manager job is one of the 5 recession proof jobs....

This is the only integration course that provides practical education on the integration of best practices for Information Security Management, Information Systems Auditing and multiple Regulatory Compliance requirements and how to map multiple regulatory requirements to the internationally accepted best practices framework of ISO/IEC 27002:2005 and the ISO/IEC 27001:2005 standard – a globally accepted standard that can help implement a holistic, comprehensive and effective information security management system.

The course covers the mapping of ISO/IEC 27002:2005 with COBIT, COSO and ITIL then explains a methodology to map regulations such as PCI Data Security (Visa CISP), Canadian Bill C-198, OSFI, PIPEDA, PIPA, PHIPA, UK Data Protection Act, EU Directive on Privacy, California SB-1386, HIPAA Security, FFIEC, GLB Act, FISMA (NIST 800-53/FIPS 200), Sarbanes-Oxley Act (Security), FACT Act to the ISO 27002:2005 framework.

This course addresses the most pressing issues Information Security Practitioners face worldwide, which is safeguarding sensitive information with a balanced focus on People, Process and Technology whilst meeting legal, contractual and regulatory compliance requirements.

A number of Fortune 500 and Global 2000 companies such as Microsoft Corporation, Cisco Systems, Sempra Energy, United Airlines and Verizon Business have each trained from between 10 to 60 of their Information Security & Compliance specialists through the HISP public and private onsite classes.

COST: HISP Certification course with Examination - $2995 (before ISSA/ISACA/ASIS 15% discount)

(NOTE:There is a 15% discount for ISSA, ISACA and ASIS members in good standing for these classes, this discount is approximately $450 which almost covers the examination fee of $499)

REGISTRATION URL: https://www.compliancehealthcheck.com/secure/classregister.htm

When registering online using the above URL, please enter “Sean Lewis” in the Registration Form field “Referral Source”, to enable eFortresses to grant you the 15% discounted price and to track your registration.

REGISTRATION EMAIL: training@eFortresses.com

When registering online using the above email address, please enter “REFERENCE: Sean Lewis” in the email "Subject" area, to enable eFortresses to grant you the 15% discount and to track your registration.

Additional San Diego HISP course dates are:

June 7-11, 2010
September 13-17, 2010
December 13-17, 2010

For more general information regarding the HISP Certification Course, please visit http://www.hispcertification.org

For more genereral information regarding the HISP Institute & Certification, please visit http://www.hispi.org

FBI Computer Scientist Position

Mon, 04 Aug 2008 09:05:03 -0700

Company: FBI, San Diego, CA

Contact: CS Jennifer Kolde - FBI San Diego Division

Status: Position Open

Type: Full Time

The FBI, San Diego Field Office, National Security Cyber Squad, will post a position for a Computer Scientist in the near future. The Computer Scientist (CS) is responsible for providing technical support and subject matter expertise to FBI Special Agents and Intelligence Analysts related to sensitive computer network intrusions and intelligence matters. While the CS will perform a variety of duties, his/her primary responsibility is identifying computer network attacks and data compromise using techniques such as malware analysis, forensic analysis, log file analysis, large-scale data analysis (correlation / trending), network traffic analysis, and the development of tools and / or programs to assist with or automate the same.

The CS will work in a team environment in the production of relevant written reporting and briefings within the FBI and other U.S. Government entities. As such, strong written and oral communications skills are essential. In addition, as a subject matter expert, the CS is expected to monitor and provide insight into trends in the security community (vulnerabilities, threats, exploits, changing techniques, risks, etc.).

The position will be at the GS13 or GS14 level with an adjustment for San Diego locality pay. The salary grade and step are determined from the selected candidate’s experience and prior employment.

Interested candidates must meet the following minimum requirements to apply:

US Citizen
Ability to obtain a Top Secret-SCI clearance
Completion of a four-year course of study at an accredited college or university (e.g., Bachelor's degree or higher)
Minimum of 30 semester hours of mathematics, statistics, and computer science

Once posted, the position will be open to applicants for only a short window of time (usually 10 days). As such, we encourage you to forward this information to anyone who may be interested in applying so that interested candidates can become familiar with the hiring process, especially the need to apply immediately and completely when the position is posted. The application process requires submission of a current resume, official college / university transcripts, and completion of an online application (to include a set of multiple choice / essay questions describing the candidate's relevant experience). Interested candidates are strongly encouraged to visit the FBI Jobs web site (http://www.fbijobs.gov) to register and review the application process.

Additional information about employment with the Federal Bureau of Investigation can be found on the following web sites:

1. FBIJobs: www.fbijobs.gov

- Job posting and application web site.

2. Office of Personnel Management: www.opm.gov

- Salary, benefits, and other information related to Government employment

3. FBI: www.fbi.gov

- FBI web site

Candidates who are interested in applying for the position should register on the FBIJobs web site, and sign up for email notification to receive an alert when the position is posted.

The Admiral Baker Clubhouse

Wed, 04 Jun 2008 06:15:50 -0700

MEETING LOCATION
Located just East of Friar's Road and Highway 15

The Admiral Baker Clubhouse
At 2400 Admiral Baker Rd, San Diego, CA 92120
(619) 487-0090

Take Friars road east until Santo Road, take a left and very soon veer right onto the Admiral Baker Clubhouse. Then stay left and follow the road around to the clubhouse. No base sticker or government badge is needed.

You’re going to love the setting, ambiance, and history of the place!

Driving Directions from Highway 15:

1) Take Friars Road exit East. Pass through the first stoplight (Rancho Mission).
2) Turn left at the second light (Santo Road).
3) Make an immediate right turn onto Admiral Baker Road.
4) Follow the road to its end at the golf course clubhouse.

IA/Security resources, references, guides

Mon, 17 Dec 2007 12:12:12 -0800

Useful web sites (Main ones)

https://infosec.navy.mil/docs/index.jsp

http://iase.disa.mil/techguid/index.html

And these others

http://www.sse-cmm.org/lib/lib.asp

https://www.fleetforces.navy.mil/netwarcom/navycanda

https://www.us.army.mil/suite/portal/index.jsp

http://csrc.nist.gov/

http://www.nsa.gov/ia/index.cfm

http://www.iatf.net/

http://www.cert.org/

http://www.commoncriteriaportal.org/

http://www.amc.army.mil/amc/ci/matrix/policy/policy_new.htm

https://www.sans.org/about/sans.php

http://iac.dtic.mil/iatac/

http://www.cerias.purdue.edu/

http://security.sdsc.edu/

Main Statues / Directives / Guidance

Clinger-Cohen Act (CCA), 1996
Government Information Security Reform Act (GISRA), 2000
Federal Information Security Management Act (FISMA), 2002
OMB Circular A-130, 2000
DoDD 8500.01E - Information Assurance (IA), April 2007 (changed from 8500.1)
DoDI 8500.2 - IA Implementation, Feb 03
DoDI 8580.1 - IA in the Defense Acquisition System, July 04
Information Assurance Technical Framework (IATF), Sep 2000 (www.iatf.net)
GIG IA Architecture, ICD (6 Mar 06) and Strategy (and related GIAP artifacts, plans, priorities)
NSTISSP 11 - National Security Telecommunications and Information Systems Security
DoDI 8510.bb - DoD Information Assurance Certification and Accreditation Process (DIACAP)

Also see:

- DoDD 5000.1 - The Defense Acquisition System, May 03

- DoDI 5000.2 - Operation of the Defense Acquisition System, May 03

- Section 2224 of title 10, US Code “Defense Information Assurance Program”

http://iase.disa.mil/policy-guidance/index.html#DoD

Preferred Product Lists (PPL) - Generally programs should still to using PPL devices / processes in building their systems. Other than the type-1 COMSEC devices, which require individual certification letters held by the companies, the list below is probably the 90% solution without getting industry groups such as ICSA labs.

NIST FIPS 140 certifications: http://csrc.nist.gov/groups/STM/cmvp/index.html

NIST algorithm certifications: http://csrc.nist.gov/groups/STM/cavp/index.html

NIAP/Common Criteria: http://niap.bahialab.com/cc-scheme/

DISA IASE: http://iase.disa.mil/index2.html

NSA IAD: http://www.nsa.gov/ia/index.cfm

NOTE - A PPL list can range from algorithms to specific equipment configurations. For example, one radio might have FIPS approval when ordered using model number 123 and an NSA type-1 certification when ordered using model number 456. Same is true for a router, IPS,... Yet even if a device has a CC EAL-4 certification, you still need to ensure that the protection profile used and the security target meets your specific application.

DoDD 8500.01E, October 24, 2002 ( ENCLOSURE 1, REFERENCES (Continued))

(e) DoD CIO Memorandum 6-8510, "Guidance and Policy for Department of Defense Global Information Grid Information Assurance," June 16, 2000 (hereby canceled)

(f) DoD 5025.1-M, "DoD Directives System Procedures," March 5, 2003

(g) Executive Order 12333, "United States Intelligence Activities," December 4, 1981

(h) DoD Directive 5144.1, “Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer (ASD(NII)/DoD CIO),” May 2, 2005

(i) National Security Telecommunications and Information Systems Security Instruction (NSTISSI) No. 4009, "National Information Systems Security Glossary," September 20002

(j) OMB Circular A-130, "Management of Federal Information Resources, Transmittal 4," November 30, 2000

(k) DoD Directive 5000.1, "The Defense Acquisition System," May 12, 2003

(l) Sections 1423 and 1451 of title 40, United States Code, "Division E of the Clinger-Cohen Act of 1996"

(m) DoD Directive O-8530.1, "Computer Network Defense," January 8, 2001

(n) DoD 5200.2-R, "DoD Personnel Security Program," December 16, 1986

(o) DoD 5200.1-R, "DoD Information Security Program Regulation," January 14, 1997

(p) DoD Directive 5230.11, "Disclosure of Classified Military Information to Foreign Governments and International Organizations," June 16, 1992

(q) DoD Directive 5230.20E, "Visits and Assignments of Foreign Nationals," June 22, 2005

(r) DoD Instruction 5230.27, "Presentation of DoD-Related Scientific and Technical Papers at Meetings," October 6, 1987

(s) DoD Directive 5230.9, "Clearance of DoD Information for Public Release," April 9, 1996

(t) DoD Instruction 5230.29, "Security and Policy Review of DoD Information for Public Release," August 6, 1999

(u) DoD Instruction 5200.40, "DoD Information Technology Security Certification and Accreditation (C&A) Process (DITSCAP)," December 30, 1997

(v) DoD Directive C-5200.5, "Communications Security (COMSEC)," (U) April 21, 1990

(w) National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11, "National Policy Governing the Acquisition of Information Assurance (IA) and IA-enabled Information Technology Products," January 2000

(x) DoD Directive 3020.40, “Defense Critical Infrastructure Program (DCIP),” August 19, 2005

(y) DoD 5220.22-M, "National Industrial Security Program Operating Manual," January 1995 and "National Industrial Security Program Operating Manual Supplement," February 1995

**** CJSCSI 6510.1E, Information Assurance And Computer Network Defense.

a. Joint Pub 1-02 Series, “Department of Defense Dictionary of Military and Associated Terms”

b. CNSS Instruction No. 4009 Series, “National Information Assurance (IA) Glossary”

c. DOD Directive 8500.1 Series, “Information Assurance (IA)”

d. DOD Directive O-8530.1 Series, “Computer Network Defense (CND)”

e. DOD Instruction 8500.2 Series, “Information Assurance (IA) Implementation”

f. DOD Instruction O-8530.2, 9 March 2001, “Support to Computer Network Defense (CND)”

g. CJCSM 6510.01 Series, “Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND)”

h. DOD Directive 8100.1 Series, “Global Information Grid (GIG) Overarching Policy”

i. DOD CIO Memorandum, 6 July 2006, ”Department of Defense (DoD) Information Assurance (IA) and Certification and Accreditation (C&A) Process Guidance”

j. DOD Instruction 8551.1 Series, “Ports, Protocols and Services Management (PPSM)”

k. CJCSI 6211.02 Series, “Defense Information System Network (DISN): Policy, Responsibilities and Processes”

l. CNSSP-1 Series, “National Policy for Safeguarding and Control of Communications Security Materials”

m. DOD Regulation 5200.1-R Series, “Information Security Program”

n. National Security Agency, 2003/2004, “Information Assurance Manual”

o. Title 10, United States Code, Section 2315

p. NSTISSP No. 11 Revised, June 2003, “National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology Products”

q. Title 15, United States Code, Section 278g-3

r. ASD(NII) memorandum, 28 May 2003, "Open Source Software in the Department of Defense"

s. NIST Special Publication 800-59, August 2003, “Guidelines for Identifying an Information System as a National Security System”

t. DOD Instruction 8552.01 Series, "Use of Mobile Code Technologies in DoD Information Systems"

u. NTISSP No. 200, 15 July 1987, “National Policy on Controlled Access Protection”

v. DOD Regulation 5200.2-R Series, “Personnel Security Program”

w. ASD(C3I) memorandum with amendment, 11 January 2002, “Web Site Administration, Policies and Procedures”

x. DOD Directive 5230.9 Series, “Clearance of DOD Information for Public Release”

y. DOD Instruction 5230.29 Series, “Security and Policy Review of DOD Information for Public Release”

z. DOD CIO Memorandum, 25 April 2006, "Guidance to Facilitate Information Sharing on DoD Information Technology Systems (U)"

aa. DOD Directive 1035.1 Series, “Telework Policy for Department of Defense”

bb. DOD Directive 5200.1 Series, “DOD Information Security Program”

cc. DOD Directive 5200.2, 9 April 1999, “DOD Personnel Security Program”

dd. CJCSI 3213.01 Series, “Joint Operations Security”

ee. NTISSD No. 600, 10 April 1990, “Communications Security (COMSEC) Monitoring”

ff. DOD Directive 4640.6, 26 June 1981, “Communications Security Telephone Monitoring and Recording”

gg. Title 18, United States Code, Section 2510, et seq.

hh. Title 50, United States Code, Section 1801, et seq.

ii. DISA, 4 October 2002, “Application Security Developer’s Guide, Version 1.0”

jj. ASD(C3I) memorandum, 16 January 1997, “Policy on Department of Defense Electronic Notice and Consent Banner”

kk. DOD General Counsel memorandum, 27 March 1997, “Communications Security (COMSEC) and Information Systems Monitoring”

ll. DOD Directive 8520.2, 1 April 2004, “Public Key Infrastructure (PKI) and Public Key (PK) Enabling”

mm. DOD Directive 8570.1 Series, "Information Assurance Training, Certification, and Workforce Management"

nn. DOD 8570.01-M Series, "Information Assurance Workforce Improvement Program"

oo. NSTISSP No. 101, 14 September 1999, “National Policy on Securing Voice Communications”

pp. FIPS 140-2, 25 May 2001, “Security Requirements for Cryptographic Modules”

qq. DOD CIO memorandum, 3 July 2007, "Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media"

rr. USSTRATCOM, 11 August 2006, "Joint Concept of Operations for Global Information Grid NetOps"

ss. DOD Directive 3020.40, 19 August 2006, "Defense Critical Infrastructure Program"

tt. DCID 6/3, 5 June 1999, “Protecting Sensitive Compartmented Information Within Information Systems”

uu. CJCSI 3213.01 Series, "Joint Operations Security"

vv. CJCSI 3121.01 Series, “Standing Rules of Engagement/Standing Rules for the Use of Force”

ww. CJCSI 6510.06 Series, “Communications Security Releases to Foreign Nations”

xx. CJCSI 6212.01 Series, “Interoperability and Supportability of Information Technology and National Security Systems”

yy. CJCSI 3137.01 Series, “The Joint Warfighting Capabilities Assessment Process”

zz. CJCSI 3170.01 Series, “The Functional Capabilities Board Process”

aaa. ASD(C3I) memorandum, 26 February 2003, “Guidance for Computer Network Defense Response Actions”

bbb. DOD Directive 8581.1E Series, "Information Assurance (IA) Policy for Space Systems Used by the Department of Defense "

ccc. Strategic Command Instruction (SI) 1009-01, 1 August 2006, "Information Assurance (IA) Implementation for Space Systems Used by the Department of Defense"

ddd. CJCSI 2300.01 Series, ”International Agreements”

eee. CJCSI 5130.01 Series, “Relationships Between Commanders of Combatant Commands and International Commands and Organizations”

fff. CJCSI 5221.01 Series, “Delegation of Authority to Commanders of Combatant Commands to Disclose Classified Military Information to Foreign Governments and International Organizations”

ggg. DOD Directive 4630.5, 5 May 2004, “Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)”

hhh. DOD 000-151-94, 24 May 1994, “Department of Defense Intelligence Production Program (DoDIPP)”

iii. DIA message 021727Z JUN 98, “Indications and Warning for Information Warfare/Information Operations (CNA-WATCHCON)”

jjj. NSD-42, 5 July 1990, “National Policy for the Security of National Security Telecommunications and Information Systems”

kkk. Initial Capabilities Document (ICD), 6 March 2006, "Initial Capabilities Document (ICD) for Global Information Grid (GIG) Information Assurance (IA)"

lll. NSTISSD No. 503, 30 August 1993, “Incident Response and Vulnerability Reporting for National Security Systems”

mmm. Strategic Command Directive (SD) 527-1, 27 January 2006, "Department of Defense (DOD) Information Operations Condition (INFOCON) System Procedures"

nnn. CJCSM 3402.01 Series, “Alert System of the Chairman of the Joint Chiefs of Staff”

ooo. Military Extraterritorial Jurisdiction Act of 2000, 18 U.S.C. 3261, et seq.

ppp. DOD Instruction 3020.41 Series, “Contractor Personnel Authorized to Accompany the U.S. Armed Forces.”

qqq. JTF-GNO Technical Bulletin 06-005, 191500Z May 2006, "Coordinating Authorized Scanning Activity Across DOD Networks"

rrr. CJCSI 3401.01 Series, “Chairman’s Readiness System”

sss. CJCSI 3401.03 Series, “Information Assurance (IA) and Computer Network Defense (CND) Joint Quarterly Readiness Review (JQRR) Metrics”

ttt. CJCSI 6731.01 Series, “Global Command and Control System Security Policy”

uuu. Deputy Secretary of Defense memorandum, July 2000, “Use and Protection of Portable Computing Devices”

vvv. DOD Directive 8100.2 Series, "Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DOD) Global Information Grid (GIG)"

www. DOD Directive, C-5200.19, 16 May 1995, “Control of Compromising Emanations”

xxx. ASD(NII) memorandum, 2 June 2006, "Use of Commercial Wireless Local-Area Network (LAN) Devices, Systems and Technologies in Department of Defense (DoD) Global Information Grid (GIG)"

yyy. PL 104-191, 21 August 1996, Health Insurance Portability and Accountability Act of 1996"

zzz. Title 5, U.S.C., Section 552a, et seq.

aaaa. DOD Directive C-5200.5 Series, “Communications Security (COMSEC)”

bbbb. CJCSI 6510.02 Series, "Cryptographic Modernization Planning"

cccc. CJCSN 6510 Series, "Information Assurance Cryptographic Equipment Modernization Requirements"

dddd. Special Publication 800-34 Series, “Contingency Planning Guide for Information Technology Systems”

eeee. DOD Directive 5200.8, 25 April 1991, “Security of DoD Installations and Resources”

ffff. Title 44, U.S.C. Section 3542, Federal Information Security Management Act of 2002

gggg. American National Standard for Telecommunications, 28 February 2001, “Telecom Glossary”

hhhh. National Military Strategy for Cyberspace Operations, November 2006

Information Systems Auditor Sr.

Mon, 29 Oct 2007 08:56:00 -0700

Company: Scripps Health, San Diego, CA

Contact: Human Resources - esparza.veronica@scrippshealth.org

Status: Position Open

Type: Full Time

Join a dynamic organization where you will be challenged and grow with a fast-paced, technology driven, leading healthcare organization with over 11,000 employees. This position is a key member of a nationally prominent Audit & Compliance Services Department and Information Security Team. Responsibilities will include, but are not limited to: reviews of implemented clinical and business application system controls, IT general controls for key infrastructure components, and new implementation projects.

The position will lead team reviews and oversee activities or other auditors, conduct audits and review processes and safeguards to protect the organization’s information system resources and their data confidentiality, integrity, and availability, as well as assess related security system vulnerabilities for: application software systems, operating systems, telecommunication networks, disaster recovery, as well as Scripps policies, Information Technology procedures, and standards. Also, the position will provide support for compliance and investigative audit projects that are part of the annual audit plan or initiated based on new implementation projects, develop plans for remediation of internal control gaps and deficiencies, reducing costs, and or improving operational efficiency and effectiveness.

Basic Qualifications: Bachelor’s degree required in Accounting, Management Information Systems, Computer Engineering, Computer Science, or a related discipline. At least two of the certifications of CISA, CIA, and CPA designations in good standing at the time of hire are required or successful active pursuit of these designations within 12 months of hire. Required experience/Specialized Skills: Ability to evaluate and audit complex information systems and related information security safeguards. Technical knowledge of information security concepts, information technology internal controls and safeguards, technologies, system vulnerabilities, and applicable rules and regulations. Understanding of key clinical information systems and processes in an integrated healthcare delivery environment. Knowledge of the IIA professional auditing standards, as well as internal and information security control frameworks and principles. Demonstrated effective interpersonal, written, and verbal communication skills. High level of personal accountability for accuracy, attention to detail, task prioritization, and timely completion. Ability to work independently under conditions of changing priorities due to investigations and special requests; important deadlines; and rapid response to security incidents. Strong technical skills and ability to learn and deploy computer assisted audit techniques (CAAT) through ACL audit software and other tools.

Preferred Qualifications: Master's preferred.

Please send your resume together with your salary requirements. Initial salary will be commensurate with experience and qualifications. The position will remain open until filled. To apply, visit us online at:

Website: www.scripps.org

For further information, please contact:

esparza.veronica@scrippshealth.org – Human Resources

Address: Scripps Health-CP2

4275 Campus Point Court

San Diego, CA 92121

EEO/ AA

Where do I get a copy of the presentation from last month?s meeting?

Fri, 21 Sep 2007 05:25:31 -0700

Did you attend last month’s meeting and wish you had gotten a copy of the PowerPoint presentation?
Are you looking to network with other local security professionals and peers?
Are you looking to improve your own career opportunities or are trying to fill a security position within your department?
Do you want to get a discount at the next annual security conference?
Would you like a forum to discuss with your peers the latest trends in technology, Information Assurance, governance, and risk management?

These are all reasons why you should consider joining the San Diego Chapter of the ISSA. There are of course lots more benefits, so what we’ve listed here only scratches the surface. Once you become a member, you can receive a logon access to the secure portion of our chapter website where you can have full access to all of the resources described in the questions above. Click here to get more information about becoming a member.

Security Engineer

Thu, 20 Sep 2007 13:51:00 -0700

Company: Network Vigilence
Contact: Network Vigilence Human Relations hr@netvig.com
Status: Position OPEN

Title: Security Engineer - Step Up your Career into Network Security

Do you want to step up your career into one of the most challenging and rapidly growing IT professions?

Are you an experienced Network Engineer that understands how to be consultative and personable with clients?

Can work under a time crunch, figure just about anything out, and quickly learn new technologies even if it means doing it on your own time?

Have you been looking for that perfect career growth opportunity that will allow you to go to the next level, building upon your solid network experience with security expertise?

Do you have a deep interest in the world of IT security including hacking/cracking, risk assessments, penetration testing, computer forensics, Network Access Control, Firewalls, intrusion detection, security incident management, encryption, honeypots, and other security technology?

Then, this might be the perfect opportunity for you. Network Vigilance is a nationally known, 17 year-old information security firm based in San Diego, California. We excel in providing security consulting/guidance, IT risk assessments, Firewall/VPN implementations, IDS/IDP NAC, endpoint, remote access and wireless security solutions, forensic analysis, and managed security services.

We are seeking an a Senior Network Engineer, who we can develop into a competent Security Engineer, one who has excellent troubleshooting skills, is motivated to learn the security trade, can give great customer service and can perform implementation of various security products, including Check Point Cisco, Juniper, Symantec, Secure Computing, Websense, SourceFire, and others.

This individual would ideally assist with risk assessments, provide technical product support to existing clients, roll out new security deployments, baseline and tune security devices and systems, implement anti-spam and Web filtering technologies, provide end-user network technical support including occasional weekend and after hours support if necessary.

Ideal certifications would include MCSE, CCNA, CCNP, A+, N+, MCP, Citrix, VMWare, GIAC, or other security certifications, however experience is more important than certs.

An excellent background for this role would include high level network administration/network support on Microsoft Server based products, (Windows 2000/2003 Server, IIS, SQL Server, Exchange, ISA, etc.), high level system troubleshooting, Linux/Unix servers, routing and switching, deployment of enterprise firewalls, IDS/IPS, and past deployment or consulting experience with network/security products or services.

If this seems like appears like the perfect opportunity for you and please send us your resume at hr@netvig.com. Please note that there is no relocation assistance offered for this position. Also, an in-person interview if not multiple interviews in San Diego will also be required, including a technical assessment.

Security Engineer

Thu, 20 Sep 2007 08:50:11 -0700

Company: Cardinal Health

Contact: Cardinal Health Staffing chris.price@cardinalhealth.com

Status: Position OPEN

I. Basic Function:

This candidate will be a member of a cross functional security team that is responsible for the Certification and Accreditation (e.g., DITSCAP/DIACAP) of products deployed in a government setting as well as for implementing and monitoring of the Company’s information security policies and procedures to ensure that electronic protected health information (ePHI) is handled in an appropriate manner and meets all legislative requirements, such as those required by HIPAA.

II. Specific Duties, Activities, and Responsibilities:	% of time
· Develop and maintain company information security policies and procedures ensuring compliance with HIPAA security rules as well as government specific (e.g., DIACAP) rules and regulations o Perform security scans and audits of various systems in order to ensure all compliance regulations are met	30%
· Reviews updates and provides compliant specifications for operating systems, databases, and third party software as required o Ensures that all CTS products maintain status as DITSCAP/DIACAP accredited and adhere to HIPAA regulatory standards, rules, or regulations with respect to technical security of product and information within the product o Tests systems and ensures that all certified product security related issues are identified, and issues corrective actions as necessary	25%
· Advises appropriate business units on current technical security regulation o Conducts appropriate reviews, audits, and metrics of accredited products o Coordinates completion/updates for product certification and accreditation	25%
· Establishes/maintains appropriate QMS policies and guidelines for product teams o Maintains on-going lifecycle accreditation for certified products o Conducts assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information (ePHI)	15%
§ Performs special projects, assists in problem solving and quality initiatives as required	5%

III. Position Requirements:

Reports to: Sr. Security Engineer

Supervises: Self

Education or Equivalent: BA/BS in related field or equivalent combination of education and experience.

Experience/Knowledge/Skills Requirements:

· Bachelors degree in Information Systems or equivalent experience

· 6 years experience in information systems with at least 2 years focus on network security

· Experience with network/system security scanning tools

· Healthcare experience and CISSP is highly desirable

· At least two years experience administering or directing security risk management and network compliance programs

· Knowledge and expertise in Federal government regulations (DITSCAP/DIACAP, NICAP, OMB 130, DoD 5800.2 NIST 800-37, FIPS 140-1, &2, FIPS 199, HIPAA, etc).

· Being a highly motivated self-starter with the ability to handle multiple tasks

· Possess excellent conflict resolution and negotiation skills

· Demonstrate strong decision-making and problem-solving skills

· Excellent verbal and written communication skills

These are only minimum qualifications for this position at this grade level. Other factors taken into consideration when deciding what position and grade level to place an employee such as performance level, capable contribution and company need.

Work Environment: Works out of and performs primary duties in the San Diego Corporate Office.

Compensation: Competitive compensation based upon experience with an excellent benefits package.

Seeking Subject Matter Experts

Mon, 14 May 2007 14:46:00 -0700

Are you a Subject Matter Expert (SME)? Would you like to assist the chapter answering questions on your subject of expertise? From time-to-time SD ISSA receives calls from local media, schools, and businesses for our opinion, judgment, discernment on various information security topics. If you would like to be included on our SME Listing please contact Peter Bybee. Peter will follow up with you on your SME nomination. We need you're expertise to service our community.

Meeting Location

Tue, 27 Mar 2007 11:15:36 -0700

SDISSA meets on the 2nd Wednesday of each month at the Admiral Baker Clubhouse.

TIME: 11:30am to 1:00pm LUNCH TIME MEETING

COST: $10.00 for ISSA Members (RSVP), $15.00 ISSA Members (at door), $20.00 Non-Members

LOCATION:

The Admiral Baker Clubhouse
At 2400 Admiral Baker Rd, San Diego, CA 92120
(619) 487-0090

Take Friars road east until Santo Road, take a left and very soon veer right onto the Admiral Baker Clubhouse. Then stay left and follow the road around to the clubhouse. No base sticker or government badge is needed.

You’re going to love the setting, ambiance, and history of the place!

Driving Directions from Highway 15:

1) Take Friars Road exit East. Pass through the first stoplight (Rancho Mission).
2) Turn left at the second light (Santo Road).
3) Make an immediate right turn onto Admiral Baker Road.
4) Follow the road to its end at the golf course clubhouse.