We are happy to welcome Thomas Ng to the Concise team, as a part time consultant.  Thomas will be working on developing and delivering our DataInsights360 product for small businesses.

Thomas is an Informatics student at the University of Washington with a specialization in Information Assurance (security) and HCI. His primary interest and expertise are in information security issues at the federal level.

Thomas's professional experiences include work in the healthcare and financial sectors, as well as the software industry.  He is also one of the founders of the DISSECT group who are trying to encorage the development of Federal Data Breach legislation that allows for proper statistical analysis of data breaches.
 
 
Marcus Morissette and Seaton Daly will be presenting a Technical Session for the Institute of Internal Auditors in Bellevue on March 9th. For more information see:

http://www.theiia.org/chapters/index.cfm/view.event_detail/cid/34/event_id/15548
Information Privacy is often overshadowed by its more mature cousin, Information Security, when conducting risk assessments and performing audit testing.  With the increased legislative and regulatory focus on privacy in recent years, and the increasingly complex requirements that organizations have become subject to, we believe that it is timely to present some training on how to assess information privacy risks and controls.

This technical session will provide a high-level background on accepted privacy principles and resultant privacy controls. It will give the audience an overview of privacy theory, and then move through the current privacy compliance/regulatory landscape into the development and application of an appropriate privacy control program. 

Also covered will be practical examples including a brief discussion of building privacy into the development of new applications and how to audit applications for appropriate privacy controls.  Real world examples of the risks and consequences that a business faces for failing to adequately assess and address its privacy risks will also be discussed, and audience participation and sharing of experiences will be encouraged.  We plan to make this session interactive throughout, so that all audience members benefit from the collective knowledge of the group.

Two case studies will be used to show how to assess privacy risks and controls, and resultant value of such assessments. The first case study will be that of a currently deployed web application (using automated assessment tools and GAPP based assessment methodology. The second case study will examine a review of the privacy risks surrounding an enterprises marketing/customer management process.
 
 
Marcus Morissette, Concise Managing Director, will be presenting at the National Information Security Group(NAISG) http://www.naisg.org/ meeting in Bellevue on Thursday 28th January.

Marcus will be presenting on the topic of Assume Breach!  Why Preparing for the Worst is the Best Choice.
 
 
Marcus Morissette, Concise Managing Director, will be presenting at the Infragard meeting in Seattle on Thursday 28th January.

There are an impressive slate of presenters at this meeting, and space has already been sold out.

Marcus will be presenting on the topic of Data Breach prevention and management.
 
 
We are delighted to announce that Joshua Betts has joined the Concise team as a Principle Security Consultant.

A former marine, Josh was previously with IOActive in Seattle where he performed a number of varied penetration testing engagements against a variety of different systems and environments. 

Josh strengthen's our technical capabilities and will work with other members of our team to productize our penetration testing offerings.

 
 
We would like to welcome Rob Harvey to the Concise team.

Rob joins Concise as the Director of our Risk & Vulnerability management practice.

Rob was previously with IOActive in Seattle where he was involved with the final security review for Windows Vista and the supervision and enforcement of the Security Development Lifecycle (SDL) at Microsoft along with performing penetration tests, security reviews and threat models for clients in a variety of industries.
 
 
Aaron Weller, Managing Director and lead of our Information Security practice will present on the subject of Audits and Auditors at the Puget Sound ISSA meeting tonight. 

More information about the presentation can be found at http://www.theconcisegroup.com/audits-and-auditors.html

More information about Puget Sound ISSA can be found at
http://www.issa-ps.org/
 
 


Portland, Oregon.

Aaron Weller, Concise Managing Director and Information Security practice lead will present to the Portland chapter of the Information Systems Security Association (ISSA) this afternoon.  Mr Weller will be presenting on how to achieve more effective auditing of security functions, through a proactive approach of engagement between auditors and people being audited.
 
 
Aaron Weller, Managing Director at Concise Consulting Group will be presenting to the Portland Chapter of the Information Systems Security Association (ISSA) on 19th November.

The subject of Aaron's presentation will be Audits and Auditors - can't we all just get along.

For more information, or to register to attend - please visit the ISSA Portland website
 
 
Our Managing Directors, Aaron Weller and Marcus Morissette will be attending the Secureworld Expo in Bellevue on the 28th and 29th of October 2009.  SecureWorld is usually a well attended event for the Puget Sound information privacy and security communities and we are looking forward to an interesting line up of speakers and some good networking.