News from 2015

About ASIS International

ASIS International is the leading organization for security professionals worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests, such as the ASIS International Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the public.

About Interhack

Interhack is a computer expert firm based in Columbus, Ohio, providing unassailable opinion in matters of cybersecurity and electronic evidence for courtrooms and boardrooms throughout the United States. Whether protecting clients in direct operations or discussing the meaning of data in trial, Interhack's work is used to find the best answers that science can provide. The firm is online at web.interhack.com.

Interhack has supported the event since its inception, showing career paths in cryptography, cybersecurity, and forensic data analysis. The program has been held annually at community colleges throughout the State of Ohio, showing career options for thousands of participants.

About Interhack

Interhack is a cybersecurity firm based in Columbus, Ohio, providing expert guidance on the development and use of cybersecurity technology and its integration into business and legal processes since its founding in 2000. The firm is online at web.interhack.com.

The presentation will cover proper acquisition of electronic evidence to avoid side-effects and spoliation of evidence, reconciliation of filesystem timestamps, and interpretation of forensic artifacts identified by forensic data examiners. Showing how attorneys can—intentionally or not—misinterpret such artifacts and argue to the Court or a jury not only the best interpretation for their client but one that actually goes beyond the scientific evidence. Curtin concludes the presentation with a discussion of how to approach electronic evidence and making the best use of scientific experts.

About Interhack

Interhack is a cybersecurity firm founded in 2000. With engagements throughout North America the firm addresses the acquisition, interpretation, and presentation of electronic evidence in federal and state courts. Interhack is on the web at web.interhack.com.

Presenting from different perspectives inside and outside of law firms, the panel will help participants to understand not only how to get started but how to make effective plans that are defensible.

About Interhack

Founded in 2000, Interhack is a cybersecurity firm based in Columbus, Ohio. The firm's work in incident response includes training client organizations, direct-action response to client breaches, and analysis of breaches in civil litigation. The firm's work has been used in setting legal precedent in privacy and security litigation. Interhack can be found online at web.interhack.com.

Not only are law firms advising their clients on handling cybersecurity incidents, but law firms are themselves becoming targets for attackers. In addition to the concerns that affect every individual and organization targeted by malicious actors, law firms need to ensure that they are acting ethically to protect their clients' sensitive and privileged information.

About Interhack

Interhack is a cybersecurity firm based in Columbus, Ohio. Engaged in cybersecurity since its founding in 2000, the firm has protected clients throughout North America through active defense of attacks, neutralization of vulnerabilities, and assessment of electronic evidence. Interhack can be found on the web at web.interhack.com.

Abstract

Consumers of forensic and technical evidence often fail to understand the limitations of the evidence, weaknesses in the methodology and alternate explanations of data. This engaging session will draw from the speaker’s practice as a forensic computer scientist to show how he has successfully rebutted evidence taken to court.

About Interhack

Interhack is a national cybersecurity firm based in Columbus, Ohio. In addition to the conduct of cybersecurity and incident response operations, the firm acquires, analyzes, and presents forensic evidence in civil, criminal, administrative, and military matters. Founded in 2000, Interhack's work has been used in federal and state courts throughout the United States. The firm can be found on the web at web.interhack.com.

During the 1990s, private security professionals and government agencies waged a battle over the control of cryptographic technology known generally as the Crypto Wars. Recent statements by the Director of the FBI James Comey, President Obama, and UK Prime Minister David Cameron indicate that we are headed into another Crypto War, where governments want to be able to compel private citizens and organizations to allow access to their information on the power of a warrant. With private organizations suffering expensive and embarrassing data breach incidents and government agencies working to undermine security in Internet standards and US companies' products, a path forward to protecting US critical infrastructure must be charted. This presentation highlights critical aspects of the 1990s Crypto Wars, and presents the proper role of government and private security professionals for securing the United States against its enemies.

Register for the event online at http://www.centralohioissa.org/?page_id=1650&ee=47.

About Central Ohio ISSA

Columbus chapter of this not-for-profit organization, and since 1989 we have been the voice of security in the metro area. Our 230+ members know that our forums will provide a venue for knowledge-share, networking, and career growth. When you attend one of our events you may find at your table a CISO of a Fortune 1000 firm, a security architect, a security analyst, a privacy officer, an attorney, and/or a security consultant. Diverse backgrounds, different points of view, a wide range of infosec experience and talent spanning every market vertical—all oriented towards addressing security issues faced by practitioners and leaders.

About Interhack

Interhack is a computer expert firm focused in cybersecurity and analysis of computer data. The firm uses teams of experts to conduct data breach analysis, incident response, penetration testing, application security assessment, vulnerability assessment, and other operations throughout North America. The firm's experts are often called to testify in matters ranging from computer crime to privacy and intellectual property theft to technology patent cases. Our experience includes civil, criminal, administrative, and legal adjudication, having been engaged by plaintiffs, defendants, and the courts directly. Interhack is on the web at http://web.interhack.com/.

The presentation provides a brief background and tips to help attorneys understand what forensic analysis of computers may yield, and how to engage with computer experts. From there we turn our attention to the matter of H&H Industries v. Erik S. Miller, a federal case heard in the Southern District of Ohio where a forensic computer expert was instrumental in bringing key facts to light.

The Ohio and Kentucky CLE presentation will be held at the Montgomery Inn Boathouse Bob Hope Room Overlooking the Ohio River. Lunch will also be served. Cost for Lawyers' Club Members: $20 for One CLE Session and $30 for two CLE sessions; non-members $25 for one CLE session.

About The Lawyers' Club of Cincinnati

The Lawyers' Club of Cincinnati was founded in 1920 as an alter ego to the Cincinnati Bar Association.  It's a small, friendly group of lawyers with a wide range of practices. The Lawyers Club can be found online at www.duiguy.us/Home.php.

About Interhack

Interhack is a computer expert firm. Our work is used nationwide to address questions in cybersecurity and forensic computer and data analysis. We can be found online at web.interhack.com.

About Lindhorst & Dreidame Co., L.P.A.

Lindhorst & Dreidame is a Cincinnati law firm known throughout Ohio for our strengths in medical malpractice defense, insurance defense, transportation and railroad law, and business litigation. The firm is online at www.lindhorstlaw.com.

Haphazard efforts and knee-jerk reactions are not the path to security. Neither is the purchase of yet another product. Security is like safety: take advantage of tools, be guided by policy, and act in recognition of your goal and what you want to avoid.

Protecting Your Organization

When going about your job, remember not only what you are there to do, but be aware of what you should not do. Should you not give away proprietary information to competitors? If so, what information is proprietary? Where is it maintained? How do you access it? How do you handle it?

You might not print out sensitive information, put it in an envelope, and hand it over to a competitor. But would you reveal the same information in an informal conversation with a friend in a public place, where someone can over hear it? Would you keep that document on the same computer where you aren't using a malware scanner? On the same computer that you use for file sharing?

Remember two things and act accordingly: computer systems fail and people make mistakes. If your behavior protects your organization even when those things happen, you might still be a target but you're not an easy target.

Protecting Yourself

Remember that an organization can lose control over only what information you provide it. Many ask for personal information but that does not mean that you necessarily need to supply it. Name and social security number are common targets for attackers to use for identity theft and fraud. You can reduce the number of possible databases in which that information about you appears through your own behavior.

For example, if you buy a car do you arrange your financing through a bank where you already are doing business? The dealer will want to offer you financing, but in order to do so you need to give your name and social security number. If you provide it, there is now one more database in the world where breach means exposure of your information.

Other tips to protect yourself include keeping your passwords private, not using the same password for different sites, and watching for suspicious activity in your statements and credit reports.

About Interhack

Interhack is a cybersecurity and computer expert firm with operations throughout North America. We perform cybersecurity and incident response services, and act as experts in legal proceedings. Interhack is on the web at web.interhack.com.

Abstract

Security is fundamentally a product of two variables: the frequency of attack and the impact of attack. Federal government policy both in the original Crypto Wars of the 1990s and again twenty years later has been to reduce the frequency of attack. The strategy has been to improve the ability to monitor potential attackers, to predict attacks, and to prevent them from taking place. Promulgation of this strategy has resulted in DOJ officials making true-but-misleading statements to Congress, sabotage of Internet standards for cryptography, and ultimately systems that are vulnerable to snooping by attackers including foreign intelligence services. The President of the United States and the Prime Minister of the United Kingdom are now advocating that governments should have access to encrypted data.

Curtin believes that this approach will weaken the infrastructure of the United States, making our institutions and our citizens more vulnerable to enemies foreign and domestic.

In this talk Curtin proposes a superior approach that puts American resources, public and private, on the same team in reducing the impact of attack. He advocates the hardening of targets, recognizing that attacks will come, but will not succeed when good defenses are in place. Such defenses include the encryption of data in the Cloud and the use of tools and techniques that harden targets against monitoring, even by government agents.

The talk will be delivered by security and cryptography expert C. Matthew Curtin, a coordinator of the DESCHALL project that in 1997 cracked a message encrypted with the government standard DES for the first time in open research. The project's success immediately changed the debate in Congress, a change in executive policy regarding the export of strong cryptography, and the adoption of a replacement for the now-defunct DES.

About Interhack

Interhack is a computer expert firm based in Columbus, Ohio, with a national practice that covers cybersecurity, data breach response, incident management, and security assessment. The firm's experts are often engaged in litigation to help attorneys, judges, and juries make sense of complex technology. Founded in 2000, Interhack is on the web at web.interhack.com.