MINUTES
General Membership Meeting
August 15, 2002 3:00 p.m.
State Farm Insurance Agency
Attendees:
|
|
The regular General Membership Meeting of the MidAmerica Contingency Planning Forum was held on Thursday, August 15, 2002, at State Farm Insurance Agency, beginning at 3:00 p.m.
President Angela Swartz welcomed everyone to the meeting and introductions around the room were made by all. She thanked John Crosswhite and State Farm for the hospitality in hosting and providing the refreshments for the meeting.
The minutes of the July meeting were not available for review.
President Emeritus Tom Roeseler discussed the 2003 board elections to be held during the November meeting. He is currently gathering names for the slate of nominees. Anyone interested in running for a board position or having someone to recommend as a potential nominees should contact Mr. Roeseler at 314-466-6662 or Thomas.Roeseler@BankofAmerica.com.
There was no new business presented for review by the membership. The meeting then moved to the featured presentation - Cyber Crime: How to Protect Yourself and How to Recover. The featured presenter was Joe Martin, CISSP, Consulting Specialist at IBM Corporation.
Mr. Martin began his presentation by commenting that a combination of a physical and cyber crime would be truly devastating. He used the example of bombing a building and disrupting the 911 service for the area. The human factor is a huge risk factor in today's society. Points highlighted in his discussion included:
¨ New opportunities bring new challenges.
¨ Many companies do not recognize the risk or the potential due to inadequate
security
¨ A common perception is that "My IT infrastructure is secure."
This perception does not match reality.
¨ The threat is increasing due to increased connectivity sources, increased
complexity and the pace of change in your environment, constant discovery
of new vulnerabilities, easier to use GUI-based attack tools (point &
hack), more sophisticated users (or at the least, less intimidated), near
instantaneous dissemination of information, and wireless access.
¨ These threats result in significant business losses due to increasing
costs, decreasing revenues from lost sales, and loss of assets, and in possible
loss of life.
¨ It's no longer a question of "Will I have a security problem?"
Seven questions for today's businesses to ask are:
¨ When will the "bad guys" show up?
¨ How vigorous will the "bad guys" be?
¨ How often will it happen?
¨ How successful will they be?
¨ How will I detect their activity?
¨ How will I respond to them?
¨ How will my customers react?
¨ A strong defense (both physical and cyber) must be constructed by building
alliances and ensuring that your own house is in order.
¨ Good security risk management is finding the right balance between the
risk of security breaches versus the costs of avoidance.
¨ Sound security management is a process - a continuous cycle for managing
risk over time. This may be identifying the risk, developing a policy to minimizing
the risk, implementing the policy, administering the policy and having Audit
review the process.
¨ Ten steps to minimizing IT security risks include:
¨ Conduct a risk assessment of your Internet business.
¨ Develop security standards.
¨ Test your defenses.
¨ Develop procedures for prevention and use independent parties for testing.
¨ Limit the individuals with access to your e-commerce business.
¨ Use firewalls.
¨ Use surveillance tools.
¨ Monitor your networks for unusual activity.
¨ Contact your Internet Service Provider.
¨ Report computer violations to the proper law enforcement authorities.
¨ A balanced approach to information protection is prevention, detection,
and response along with constant evaluation and assessment.
¨ In defending your site, evaluate your security posture, detect security
violations, and respond to security incidents.
Mr. Martin concluded his presentation with the following thoughts:
¨ Security and privacy are really business issues with real business impacts.
¨ Effective security and privacy is a process that is built on documented,
solid, understandable, and well-communicated policies.
¨ Security and privacy cannot be obtained solely through tools or technology
because they are moving targets and there are no "silver bullets".
¨ Your customers' trust is based on effective security, privacy, and communication.
A handout of the presentation slides was distributed to the group. The presentation
slides are available in softcopy through our website at http://mcpf.0catch.com/.
Gary Hoelzer of Town and Country Police Department dropped off some flyers with information about the Regional Computer Crime Education & Enforcement Group of Greater St. Louis. Information and requests for callout can be obtained by calling 314-838-5000. Also, you may visit their website at www.rcceeg.com for details regarding this group.
The next General Meeting will be held on Thursday, September 19, 2002, beginning at 3:00 p.m. The topic will be Preparing for Violence in the Workplace with Lieutenant Jeff Bader of the St. Louis County Police Department as the featured speaker. Location will be the St. Louis County Emergency Operations Center.
There being no further business, the meeting was adjourned at 5:00 p.m.
Recorded by: Anna M. Bathon, CBCP
MCPF Secretary
Office: 314-466-3509
Fax: 314-466-3939
Email: anna.bathon@bankofamerica.com