Events

 

 June 20, 2017 at 6:30 PM

ISSA National Capital Chapter June meeting topic:

The Payments Ecosystem: Security Challenges in the 21st Century
by Phil Smith III of HPE Data Security

Abstract

Credit and debit cards—whether they use magnetic stripes, EMV (“chip” cards), or near-field communication—are well-established in world commerce, and the majority of enterprises process them in some part of their operations. But how does this ecosystem really work? What are its vulnerabilities and security gaps, and how can we defend them? And what do mobile payments systems, bitcoin and its clones, and other innovations mean for the future?

As story after story in the press has demonstrated, simply keeping your physical card secure is no longer sufficient —and neither is protecting the IT perimeters of card processing systems. Millions of card numbers have been breached at all layers of the system, despite companies’ best efforts to secure at a system level. The Payment Card Industry Data Security Standard (PCI DSS) lays down excellent guidelines to help secure data, but many breaches have occurred despite passing PCI DSS compliance assessments.

Come learn about how the threat landscape is evolving, what the attackers are doing, and how merchants and processors are reacting to stay ahead of the attackers.


About the Speaker

Phil Smith III
Philip Smith III is Senior Product Manager and Architect, Mainframe and Enterprise, at HPE Data Security. He has spent over 35 years doing and managing software support/development. Phil also creates technical reference books, contributes to trade journals, speaks at SHARE and local user groups, and tracks IBM evolution.

 

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, June 20, 2017 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 

 

 June 20, 2017 at 6:30 PM

ISSA National Capital Chapter July meeting topic:

Derived Personal Identity Verification (PIV) Credentials
by David Coley of Intercede

 

Abstract
Derived credentials have been a technical option on mobile devices for over a decade, yet the deployment and ultimate usage of Derived PIV Credentials (DPC) is a relatively recent innovation for agencies.  The NIST framework outlining the use of DPC, Special Publication 800-157, was released in December 2014.  It defines the administrative process required to ensure a user can prove possession of a valid Personal Identity Verification (PIV) card prior to the issuance of a new PKI credential for use on mobile devices or other platforms that don’t easily support a PIV card and associated reader. To date, many agencies have not engaged closely with NIST and the Federal Identity, Credentialing, and Access Management program to align internal policies and move forward with DPC.  As a result, the U.S. Government either continues to rely on username and password or has forgone access to business and mission applications from mobile devices lacking built-in or attached smart-card readers.

 
The ATARC Mobile Identity Management project team, a collection of industry and government members, found that while the creation and issuance of DPC is relatively well understood, issues associated with credential storage and management, as well as PKI enablement of service providers (aka relying parties, web servers, mobile API’s), remains a significant hurdle to mobile enablement and use.
 
In this talk, learn a bit more about the obstacles facing the US Government in the deployment and use of derived PIV credentials and the guidance offered by the ATARC team for accelerating their use.

 

About the Speaker
David Coley is a Senior Solutions Engineer at Intercede, a cybersecurity company specializing in enabling digital trust in a mobile world. David has worked in the mobile and security fields for over 20 years educating executives and technical teams on the use of mobile technology to increase workforce flexibility.  His emphasis has been on U.S. Government customers and the wide-ranging missions they support.

david coley 

 

Please RSVP if you plan to attend.
Non-members are welcome without charge! Light refreshments will be served.

 

Tuesday, July 18, 2017 6:30 PM

Center for American Progress (CAP)
1333 H St. NW
10th Floor
Washington, DC, 20005

Click here for details.

 

 

Additional information