NYMISSA » Event Calendar

Crypto Management – PKI, Certificate Management and other Crypto Challenges

Webmaster — Sun, 29 Jan 2012 13:07:31 +0000

Cryptographic controls are in the forefront of protecting information, but such controls require appropriate implementation, application and oversight (governance). Such controls may be implemented to ensure the confidentiality or integrity of data in effort to be consistent with leading information security practices; however, many organizations are obligated to comply with industry regulations, state laws or contracts to ensure confidentiality/privacy of specific data.

Cryptographic controls have been consistently bypassed. For example:

Encryption algorithms and methodologies have required evolution given their susceptibility to cracking; Malware in recent years is designed to collect data in system RAM, to bypass encryption controls applied to data both in motion and at rest. More recently, researchers have discovered vulnerabilities in SSL/TLS that allow for the theft of encrypted cookies, which could result in data compromise.

For these reasons it is important to maintain strong cryptographic key management policies/processes, and advance cryptographic controls. This program will focus on cryptographic challenges and the efforts such as PKI implementation that have been adopted to address confidentiality/integrity risks.

Save the Date

Webmaster — Thu, 29 Dec 2011 17:30:11 +0000

[ March 14, 2012; 2:00 pm to 5:00 pm. April 18, 2012; 2:00 pm to 5:00 pm. May 16, 2012; 2:00 pm to 5:00 pm. June 20, 2012; 2:00 pm to 5:00 pm. ] Please save the date of our future events.

Data Loss Prevention – Overcoming Implementation Challenges

Webmaster — Thu, 29 Dec 2011 17:25:18 +0000

Since the wave of Data Loss Prevention solutions hit the market place in the mid 2000′s, the concept of DLP has gained considerable traction throughout various industries. Further, several early market DLP products have been integrated into broader enterprise solutions by large technology providers, contributing to marketability, adoption, support and implementation effectiveness.

While adoption has been on the rise, so have obstacles and challenges encountered by DLP project managers and solution owners within the enterprise.

The aim of this program is to inform attendees regarding the challenges that may be encountered during a DLP solution implementation, and convey approaches that will aid them in either avoiding or overcoming such challenges should they be encountered.

Law and Information Security: The Intersection of Law and IT

Webmaster — Fri, 04 Nov 2011 13:09:53 +0000

The Information Security and Legal Teams within organizations are working hand-in-hand more than ever before. The opportunities for interaction and collaboration are growing as data volumes, data complexity, and data types increase and mobile and personal devices proliferate across the enterprise. Digital information has major security ramifications around usage, access, protection, and privacy. This increased complexity directly impacts legal requirements for end-user license agreements, corporate breach notification, and partner SLA’s. Today’s information security professional must understand the legal environment within which they conduct their day-to-day activities.

Application Security – Pulling it Together

Webmaster — Sat, 01 Oct 2011 12:59:54 +0000

The need for integration of application security best practices is evidenced by today’s headlines. Injections, business logic flaws and failures to implement the most basic of security controls contributes to the compromise of not only corporate sites and data, but for some organizations, the relentless attention of global computer hactivists and media outlets alike. Most organizations are realizing the importance of various security activities throughout the SDLC, but many have yet to fully adopt common practices that can significantly reduce exposure associated with web applications.

The aim of this program is to convey the step and processes that aid in accommodating industry best practices with respect to implementing application security controls. The messages and lessons learned from our speakers will aid attendees in understanding effective code review, manual assessment and the governance to ensure the resources dedicated to these efforts are efficient and effective.

May Madness: Privacy, Legal and Regulatory

ibryski — Sun, 08 May 2011 23:19:39 +0000

The initial panic associated with the need to comply with privacy and information security regulations has subsided as organizations have evolved policies and practices to ensure compliance with laws. The focus has been on what organizations “cannot do” with data. Moving ahead, organizations are looking to determine what they in fact “can do” with the vast host of information assets for which they serve as custodians. How can information be used and shared responsibly – how can revenue and business models use information while complying with regulations. Our program speakers have been in the trenches on the privacy and legal battle. They will share stories about what they have done in the past and will share their vision about how privacy and legal issues will evolve moving forward.

Please join us after the program for a cocktail hour, generously sponsored by our hosts Orrick, Herrington & Sutcliff.

Mobile Security: Protecting Communications, Data and Devices

ibryski — Wed, 23 Mar 2011 23:44:54 +0000

Predicting the future is difficult, however few will argue with the continued predicted growth of the use of smartphones. Naturally, this growth will also see an increase in exploits and vulnerabilities within these mobile computing platforms (operating systems, applications, web browser, etc).

As new mobile product and service offerings flood the market, security and risk management practitioners need to be one step ahead of the game in order to protect their organizations.

This month’s NYMISSA program offers insight into how organizations can better protect their environments from mobile threats. Our speakers offer solutions and suggestions about how to address the biggest potential impact which in part is caused by the proliferation of sophisticated mobile devices interacting with corporate networks.

Speakers include:

Jesse Lindeman, Director of Product Management at MobileIron.
Jeff Stern, VP Business Development at KoolSpan
Eric Green, Board Member at Mobile Application Development (MAD) Partners

Malware and Advanced Persistent Threats: Current Trends and Mitigation

ibryski — Tue, 08 Mar 2011 20:56:18 +0000

Malware and Advanced Persistent Threats (APT) are cyberthreat categories directed at both business and political targets. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been compromised and initial data breach goals reached. Malware successfully penetrates enterprises through a variety of vectors, even in the presence of properly designed and maintained defense-in-depth strategies. At the very heart of every attack lies remote control functionality. Criminal operators rely upon this capability in order to navigate to specific hosts within target organizations, exploit and manipulate local systems, and gain continuous access to critical information.

Protecting your organization against malware and APTs poses a challenge that intimidates even the most stalwart security professionals. Leading organizations are solving this problem, however, and today’s speakers will share both the war stories and the solutions in the fight against APTs and how your organization can turn the battle in your favor.

The Dark Side: Financial Crimes and Identity Theft

Webmaster — Fri, 11 Feb 2011 19:49:26 +0000

Financial Crime is nothing new; however, the ways in which financial crime is being committed are changing. Criminals are increasingly using Information Technology (IT) to commit crime. The underlying threat of financial crime is a risk of doing business. Costs include, but may not be limited to, recovery actions, investigation, external legal advice, eForensic/data compromise related investigations/review and associated security costs recruitment, re-training and the potential negative impact on operational delivery.

Individuals and organized crime groups have historically targeted financial institutions to obtain account information and funds by exploiting vulnerabilities through a variety of fraudulent schemes. Organized criminals have developed these schemes from traditional fraud scams, embracing the opportunities provided by multiple business channels, in particular online/eCrime. The value of customer information has been recognized by organized crime for many years with theft and or compromise of customer sensitive information increasing at an alarming rate.

Security professionals are in the front lines of the war against financial crime. This program features speakers from various organizations who will share war stories and offer guidance to help you manage financial risk in your organizations.

Presenters include:

Roel Schouwenberg, Senior Anti-virus Researcher, Americas, Global Research and Analysis Team, Kaspersky
Victor W. Lessoff, Special Agent in Charge, IRS, Criminal Investigation Newark Field Office
Tim Brown, SVP and Chief Security Architect, CA Technologies

For detailed agenda and registration CLICK HERE

Application Security: Enterprise, Mobile and Web

Webmaster — Tue, 16 Nov 2010 14:28:50 +0000

Ask any security practitioner or developer what the first thing is that comes to mind when they hear the term “Application Security” and you will get many different responses. The term and concept encompass a variety of considerations that must be addressed when securing data on the application level. It is possible to focus on the accuracy of code, the development of appropriate data usage policies as well as labeling data to address privacy requirements.

In the first session we will learn how to establish an application security policy. This is will be followed by a talk on the state of mobile applications and its threat environment. The final session will feature a panel of experts discussing timely and relevant topics related to application security. Today’s program will be as appealing to developers as it will be to policy makers and data privacy practitioners. We invite folks to attend and come prepared to share their questions and “in the field” experience with each other to enrich the sessions.

Snacks and cocktails to follow, sponsored by Veracode.

Speakers include:

Matt Moynahan, CEO of Veracode
John Jacott, Director at Veracode
Zane Lackey, Senior Security Consultant at iSEC Partners
Seth Peter, Co-founder and CTO at NetSPI
Tom Brennan, CEO at Proactive Risk
Dave Goldsmith, CEO at Matasano Security

Details, agenda and registration CLICK HERE.