This will be followed by a moderated CISO panel on the state of information security, cloud computing, mobility, advanced threats of malicious software and more.

Presenters

1. Amad Fida, President at brinQa
2. Phil Venables, CISO at Goldman Sachs
3. Thomas Doughty, CISO at Prudential Financial
4. Mark Clancy, CISO at DTCC
5. Dov Yoran, Co-founder at MetroSITE Group

• Venue: KPMG, 345 Park Ave, New York, NY

• Dress Code: Business Casual

CLICK HERE for agenda and registration.

The NY Metro ISSA is delighted to host a “Summer Networking Event” designed to provide their membership with an environment in which to share their experiences and discuss best practices for protecting their organizations. The event is complimentary for NYMISSA members. The event is open to members of sister organizations such as OWASP, ISACA, etc for a nominal fee. Attendees will have a chance to network with professionals in cross disciplines such as audit and privacy.

The networking event will feature a keynote address by the world renowned security expert and author, Ira Winkler, President of the Internet Security Advisory Group.

While overlooking beautiful Central Park, you can enjoy refreshments, explore some of the latest technologies and solutions offered by NY Metro ISSA Sponsors, and network with your colleagues. Attendees will also have an opportunity to win prizes offered by the event sponsors at the conclusion of the event.

CLICK HERE for event details, agenda and registration.

Presentation: Russian-Chinese Espionage

Recognizing the risks and identifying a technology are only at the beginning of the curve when dealing with data loss prevention. In this interactive session we will discuss essential components of a successful DLP strategy including development of business requirements, data classification, compliance to regulatory standards with particular attention to the Massachusetts Data Breach law, phases of deployment and avoiding common pitfalls experienced by CSO’s, practitioners and business leaders alike.

Presenters

1. Ron Baklarz, CISO at Amtrak
2. Don Garvey, CISO at Chubb Insurance
3. Jay Leek, Manager Corporate IT Security Services at Nokia
4. Paul Roberts, Senior Analyst, The 451 Group
5. Paul Rogers, IT Security Manager, Philadelphia Insurance Co.

• Venue: PriceWaterhouseCoopers, 300 Madison Ave, NY,  NY

• Dress Code: Business Casual

CLICK HERE for registration and full details.

Please bring a laptop and LAN cable to this event to fully benefit from the material that will be presented. If you do not have a laptop, you can still benefit by sharing with another member, or following along on the big screen.

• Venue: PriceWaterhouseCoopers, 300 Madison Ave, NY,  NY

• Dress Code: Business Casual

Registration and full details at cvent.

The first session will cover emerging technologies, legal, and regulatory issues and reducing spending on legal risks.

In the second session we will learn how to proactively use corporate data and integrate information to thwart attacks and mitigate business risks.

The final session will deal with tools, processes and software used to perform forensics and e-discovery, related developments in the legal and regulatory environment and why organizations have information risk and control on the top of the list.

• Venue: Credit Suisse, 11 Madison Avenue(corner 24th Street ) New  York, NY

• Dress Code: Business Casual

Registration and full details at cvent.

Update: Here are the presentations from this event:

• Converting Data Into Meaningful Information
• Discovering Unexpected ROI for Emerging Technologies

Our first speaker will discuss how you critically examine your plan for “Black Swans”, those incompletely addressed aspects of your plan which can cause your recovery activities to grind to a complete stop. Our second speaker will deal with the potential of using Cloud Computing technologies as vehicles to cost-effectively support both resilience and availability by utilizing an increasingly popular IT business solution.

UPDATED (01/21/2010): Download the presentations for the sessions mentioned above:

• NYMISSA Presentation: Hunting Black Swans (01/13/2010)
• NYMISSA Presentation: Cloud Recovery (01/13/2010)

The session will conclude with an interactive panel discussion on the saga of the H1N1 virus. This panel will attempt to determine whether H1N1 has been a real threat or if it’s just yesterday’s old news. Our panel of BCP consultants will discuss what they have seen (or not seen) at client engagements in terms of preparation for a possible outbreak. We will also call on members of the audience to share their corporate and personal experiences with the group.

• Venue: KPMG, 345 Park Avenue (corner 51st  Street), New York, NY
• Dress Code: Business Casual

Registration and full details are now available at cvent

After the presentations, please join us at our networking reception where you can meet other NYMISSA members and sponsors, share stories and enjoy the food & drinks.

• Venue: Bank of NY Mellon, 101 Barclay Street, New York, NY
• Dress Code: Business Casual

Registration and full details are now available at cvent

Session Details:

Session 1:  Keynote Address: Convergence and The Road Ahead

For organizations to effectively manage risks on enterprise level, security must be aligned with business and technology strategy. Security programs have always had human resource, compliance, legal and audit issues to take into account. All types of risk need to be understood and communicated effectively between security and the rest of the organization. In this session Bob West, CEO of Echelon One will discuss how organizations can create effective governance structures, engage the rest of the organization, manage risks consistently, and drive savings into the organization.

Session 2:  Emerging Threats and Security Best Practices
Josh Shaul, VP Product Development, Application Security Inc.

The presentation will highlight several issues related to database threats and more specifically database security, risk and compliance.  Attendees will learn how hackers and their approaches have changed in the past decade, how they continue to evolve, and how they are impacting the landscape with regard to threats to data. The session draws on several recent sources of research to illustrate how attackers are targeting data at a rate the industry has never before seen, how organizations are impacted, and how they are reacting. Attendees will then be introduced to the database security, risk and compliance lifecycle and advised of best practices that allow organizations to pragmatically secure sensitive data and ground compliance initiatives where the data lives – in the database.
The session will conclude with Database Security 101 – easily achievable first steps that can significantly improve an organizations database security posture.

Session 3:  Achieving the Promise: A Consolidated and Virtualized Network Security Infrastructure
Sanjay Raja, Senior Product Line Manager, Crossbeam Systems Inc.

More than ever, IT budgets are stretched thin. IT staff are pressured to cut costs, reduce management complexity and save resources, all while facing an increasingly sophisticated threat landscape. The rise of integrated security platforms and virtualization solutions has been a major step forward in addressing some of these problems, but many of these solutions still fail to perform effectively within an integrated multi-application security infrastructure. This presentation will highlight the core obstacles to achieving a consolidated, virtualized security infrastructure, as well as the options available to help network managers simplify delivery of security services, while still meeting their needs for performance, scalability and reliability.

Sesson 4:  Corporate IT Security: How Malware is Getting Down to Business
Roel Schouwenberg, Senior Anti-Virus Researcher, Kaspersky Lab, Americas

It’s not news that the IT security threat landscape is getting worse by the day.  In 2008 alone, the Kaspersky antivirus lab saw an 8x increase in malware.  Today’s malware imposes significant business risks due to the highly organized nature of attacks – applications, websites and social networks are all subject to attacks and vulnerabilities.  Today’s hackers are highly organized professionals with vast networks who are able to precisely target a specific division as part of a bigger enterprise to ensure the attack remains stealthy.  In fact, these attacks are so stealthy that a corporate target may not even realize his/her machine has been compromised for days, weeks or months.  During this presentation, Roel Schouwenberg, Senior Anti-Virus Researcher at Kaspersky Lab Americas, will examine what this means for the corporate environment and what organizations need to pay attention to in order to stay on top of these threats and evaluate their security approaches.

Sesson 5:  Tales from the Compliance Edge
Matthew R. Alderman, Director of Strategic Alliances at Qualys

Many organizations are tasked with meeting not one but multiple regulatory IT compliance concerns and, in effort to meet myriad complex requirements, have attempted to streamline and automate IT compliance and information security activities.  As a result of this industry trend, many IT security vendors are promoting use of their solutions as IT compliance tools for automating IT compliance processes. With the merging of IT security and IT compliance topics in software solutions, several organizations have been impacted by selecting solutions that were not applicable to their requirements. This presentation is a discussion of observations from the IT security consultant point of view and provides real world information collected from actual IT security and compliance software implementation engagements that can help enable organizations avoid mishaps that have occurred, how to evaluate the pros and cons of different approaches, and understand what best practices can be leveraged to promote success for IT security and compliance initiatives.

• Venue: KPMG – 51st and Park Avenue, New York, NY
• Dress Code: Business Casual

Registration and full details are now available at cvent.com

Session Details:

Session 1: Cloud Security Alliance-Defining Cloud Computing

Dov Yoran will provide an introduction to the Cloud Security Alliance and updates to current research activities.

James Tiller will provide a framework for the day by defining cloud computing, its attributes and commonly existing models (SaaS, PaaS, and IaaS).

Session 2: Panel I Discussion – Cloud: Legal & Regulatory issues

Data security, integrity, identity management, access controls, and eDiscovery are regulatory challenges that must continue to be addressed in a cloud environment.  Federal and state laws concerning the integrity and permanence of both personal and corporate financial data are quite strict. Potential cloud users with sensitive IP, personal information or international data must confront compliance hurdles before considering such offerings. How does one manage and contractually transfer these risks? Our panel will discuss both the familiar and lesser-known regulatory obligations that Cloud users must consider before leveraging the cloud.  Take away from this session practical pointers on managing legal risk as your CIO and CFO press for movement toward the Cloud.

Session 3: Panel II Discussion – Approaches to implementing cloud solutions

Learn from leading industry executives and enterprise security decision makers on their perspective to implementing cloud computing solutions.  What steps have they taken to protect their organization’s data and infrastructure?  How have they prioritized which cloud services to take advantage of?  What are some of their success stories and lessons learned?  Learn this and more during the upcoming ISSA session on cloud computing.

Small community banks in NYC face many of the same security challenges as the big banks. The small budgets and understaffed teams that deal with compliance and security make the challenges more difficult.

In an article on Bankinfosecurity.com, Linda McGlasson writes that small banks are targeted by attackers. She profiles Dennis Weiskircher, IT Manager and Security Officer at Citizens Bank. “I find it surprising how many smaller banks are being targeted by criminals,” Dennis says. “I think they’ve realized that the big banks have the budget to fight online crimes, and so they’ve come down the food chain to hit the smaller banks that have fewer staff to fight these things.”

This discussion will bring some insight on managing IT, Compliance and Security at community banks and the daily challenges they face.

The event will be held at the offices of Deloitte & Touche at 1633 Broadway; registration is now open at cvent.com

The event will be held at PricewaterhouseCoopers, 300 Madison Avenue (at 42nd Street), by the DEC Area by the cafeteria. Full event details and registration information are now available at cvent. com.