BCS London Office Southampton Street, London, WC1.

The British Computer Society Information Security Specialist Group Announce a Seminar Penetration Testing Day Thursday, 16 th July, 2009. BCS London Office Southampton Street, London, WC1. This event will take a close look at Penetration Testing. The objective of the event is to ensure that all ISSG delegates understand the basics of penetration testing. You will not be taught how to conduct Pen Tests but rather delegates will find out all the basics. A number of experienced Pen Test practitioners will give presentations at the seminar. There will be a heavy emphasis on the technical side but the management of Pen Tests will also be covered. Perhaps just as importantly, there will be ample opportunity for questions to the speakers and for networking with other delegates. As a result of feedback from previous events, much more time is being set aside for formal Q&A's as well as informal networking. This event is expected to be very popular and is limited to BCS ISSG members only. Once the places are filled, potential delegates will be placed on a reserve list and allocated places on a first come, first served basis if there are any cancellations. See Page 4 for Reservation details and please act quickly. Any enquiries should be sent by email to issg-admin@bcs.org.uk. Yours sincerely, Ian Fish, BCS-ISSG Membership Secretary Note: Directions to the venue will be sent out with the Joining Instructions.

Provisional Programme Speaker and Topic 09.30 10.00 Registration & Tea/Coffee and networking opportunity. 10.00 10.05 Mike Westmacott BCS-ISSG Committee and event Chair Welcome and Introduction 10.05 11.00 Speaker : John Yeo - Verizon Business 11.00 11.30 Coffee/Tea 11.30 12.30 Title : Getting the Most from your Security Consultancy Synopsis : John will talk about the complete security assessment lifecycle from the consultants perspective. He will discuss where security consultants can and can t help and how to leverage the most value from them. The talk will include where the security assessment and pentesting market is presently, what developments are taking place, and where we actually want to be in the future, sprinkled together with a few anecdotes and war stories from the field. Speaker : Peter Wood, First Base Title : Top Five Security Vulnerabilities Synopsis : Over the past 12 years, Peter Wood has taken part in a hundreds of penetration tests, from both inside and outside organisations. Over this period several themes have emerged - repeating problems which continue to undermine network security in the majority of organisations. Peter will discuss how to find the most common vulnerabilities in corporate networks, using real-world case studies to illustrate his talk. He will cover Windows domains, infrastructure devices and end points, sharing his experience of the configuration errors and misunderstandings that populate organisations networks everywhere. Peter is renowned for his pragmatism, so expect a down-to-earth, no-frills presentation with plenty of practical examples and plain speaking. Leave your prejudices at home! 12.30 13.15 Lunch A buffet lunch will be served. Vegetarian options will be available. 13.15 14.15 Speaker : Matthias Muhlert, Verizon Business Title : The Limitations of Web Application Vulnerability Scanners Synopsis : The presentation will discuss the risks that are associated with companies relying on vulnerability scanners. The business cases for utilizing an automated vulnerability scanner are tempting but to what extend should they be used? and will aim to answer the following questions that should be of interest to network managers, security managers and application leads:

- Are there unforeseen risks to business by over reliance on vulnerability scanners? - What will a scanner miss? - What risks are associated with false positives and false negatives? - What are the limitations of a vulnerability scanner? 14.15 15.15 Speaker : Ian Mann, Senior Systems Consultant - ECSC Title: Social Engineering: Hacking the Human Synopsis: History shows that breaches in information security are often much more than technical IT security failures. You will see fascinating examples of how extensive IT security infrastructure can be easily bypassed with even the most basic Social Engineering techniques. Includes advanced psychological techniques, used by malicious attackers to manipulate your staff into aiding and abetting security breaches. When you leave this presentation you will: Begin to see gaping holes in your own security and how easily someone can bypass your security countermeasures Understand the human limitations of an information security approach based on IT security technology Probably begin to think like a criminal; a good idea if you really want to improve your security. In addition, Ian will outline how you can include social engineering within a penetration testing programme to ensure that you get a full picture of your security vulnerabilities. 15.15 15.45 Coffee/Tea 15.45 16.00 Panel Discussion chaired by Mike Westmacott A Q&A session for delegates to raise any queries, problems or issues with the speakers. Note : Subject to demand and the availability of speakers, the Q&A session may be extended but will conclude no later than 16.30. 16.00 16.05 Mike Westmacott Closing Remarks. Note : This is the planned program for the event but may be subject to change. Prospective delegates should check www.bcs-issg.org.uk/events.html/ for up-to-date information. Any changes will be notified to delegates with the Joining Instructions.

You can register for this event in two ways. First you can register by credit card. This is the quickest way to secure your place at the seminar. Please visit : https://wam.bcs.org/wam/login.aspx?ref=event&id=2003 This is the new secure credit card payment system introduced by the BCS for all its services. This particular URL is specific to the Penetration Testing Day Seminar. Second, you can pay by cheque. If you want to do this, please use the form below on pages 5 and 6. For any further information about this event, visit : www.bcs-issg.org.uk or contact us on : issg-admin@bcs.org.uk Note If you wish to register less than 7 working days before the event, please first contact Rachel Browning on 01793 417444 or email the ISSG Administrator above to express your interest and confirm that space is still available. No registrations can be accepted after 12.00 noon on Friday, 10th July, 2009, in any event. Membership of the ISSG is open to all BCS members regardless of membership grade. To register for ISSG membership, BCS members should log into the BCS members area on <www.bcs.org.uk> and add the ISSG to their specialist group membership details.

BOOKING FORM Cheque Payments only Information Security Specialist Group Penetration Testing Day Thursday, 16 th July 2009 BCS, Southampton Street, London Please complete this form and post to Rachel Browning BCS, 1 st Floor, Block D, North Star House, North Star Avenue, Swindon SN2 1FA Email: Rachel.Browning@hq.bcs.org.uk Enquiries: Tel: +44(0)1793 417416 Delegate Details: Title: First Name: Last Name: Job Title: Organisation Name: (for name badge) Address for Correspondence: Post Code: Is the above address: Work / Home (please delete as applicable) Email: Telephone Contact Number: Is the above email address: Work / Home (please delete as applicable) By agreeing to attend, BCS will use your email or correspondence address to communicate with you regarding the event. Dietary / Special Requirements: Ex-VAT VAT Full Fee BCS Member (please state your membership no in the box below] 115.00 17.25 132.25 *Student 40.00 6.00 46.00 Please state your Membership Number *Please include a copy of your student ID card Total Cost

Payment: Address for VAT receipt (if different from the address on page 1) Personal / Company Cheque I enclose a cheque for the Full Fee. Cheques should be made payable to: The British Computer Society Additional Information Payment must be made in advance in order to confirm your place at the event. We do not issue invoices. A VAT receipted invoice will be sent to the person paying, after payment has been cleared. Please note that that Registration closes at 12.00 noon Friday, 10 th July, 2009. For overseas delegates who wish to attend the event please note that BCS will not issue an invitation letter. Cancellation Policy In the event of cancellation and provided Written Notice (letter or email to Rachel Browning) is received by Friday, 10 th July, 2009, a full refund will be made. In the event of cancellation after this date, we regret that no refund can be given. BCS reserve the right to cancel any event. In this case, the full fee will be refunded. Details of event changes or cancellations are available by phoning +44 (0)1793 417416. Name Substitutions Name substitutions are accepted up to 48 hrs prior to the event by fax or email. Fax: +44 (0)1793 417416 Email: Rachel.Browning@hq.bcs.org.uk Electronic Privacy As a body for IT professionals BCS Group regularly communicates with its interested parties by email. I understand that BCS Group will not pass on my email address to other organisations. Data Protection Act 1998 BCS Group will hold your personal data on its computer database and process it in accordance with the Act. This information may be accessed, viewed and used by the Society for administrative purposes and conducting market research. All of these purposes have been notified to the Commissioner. If you are based outside the European Economic Area (the EEA ), information about you may be transferred outside the EEA in accordance with the requirements of the Act.