In this interactive session you will learn how to perform effective security metrics reporting and how to implement an Identity and Access Management project. A key takeaway from this session is how one can use metrics and reporting for their IAM program and to ensure that ones identity management tools are meeting their SLAs.

• Venue: PriceWaterhouseCoopers, 300 Madison Avenue,   New  York, NY

• Dress Code: Business Casual

Registration and full details at cvent

The first session will cover emerging technologies, legal, and regulatory issues and reducing spending on legal risks.

In the second session we will learn how to proactively use corporate data and integrate information to thwart attacks and mitigate business risks.

The final session will deal with tools, processes and software used to perform forensics and e-discovery, related developments in the legal and regulatory environment and why organizations have information risk and control on the top of the list.

• Venue: Credit Suisse, 11 Madison Avenue(corner 24th Street ) New  York, NY

• Dress Code: Business Casual

Registration and full details at cvent.

Update: Here are the presentations from this event:

• Converting Data Into Meaningful Information
• Discovering Unexpected ROI for Emerging Technologies

Our first speaker will discuss how you critically examine your plan for “Black Swans”, those incompletely addressed aspects of your plan which can cause your recovery activities to grind to a complete stop. Our second speaker will deal with the potential of using Cloud Computing technologies as vehicles to cost-effectively support both resilience and availability by utilizing an increasingly popular IT business solution.

UPDATED (01/21/2010): Download the presentations for the sessions mentioned above:

• NYMISSA Presentation: Hunting Black Swans (01/13/2010)
• NYMISSA Presentation: Cloud Recovery (01/13/2010)

The session will conclude with an interactive panel discussion on the saga of the H1N1 virus. This panel will attempt to determine whether H1N1 has been a real threat or if it’s just yesterday’s old news. Our panel of BCP consultants will discuss what they have seen (or not seen) at client engagements in terms of preparation for a possible outbreak. We will also call on members of the audience to share their corporate and personal experiences with the group.

• Venue: KPMG, 345 Park Avenue (corner 51st  Street), New York, NY
• Dress Code: Business Casual

Registration and full details are now available at cvent

TITLE: Contractor Program Security Officer
LOCATION: Danbury, CT
SALARY: Open
RELOCATION: Yes

SUMMARY: Our employer is a Fortune 500 company, is a global supplier of systems and services to the aerospace, defense and homeland security markets. With more than $6 billion in annual revenues, Goodrich has one of the broadest portfolios of products in the aerospace industry. The company serves a global customer base, with over 24,000 employees across approximately 90 manufacturing and service facilities in 16 countries worldwide. This is a new position with 10-20% travel.

RESPONSIBILITIES: This position is responsible for security for one or more programs, providing day-to-day security advice and direction at our facility. Successful candidates will have demonstrated the technical skill, motivation, independence, and creativity necessary to complete difficult security tasks. This position will advise on a broad range of program security issues. Performs day-to-day security activities in order to maintain a compliant security program per company and government directives that ensures the protection of sensitive and classified information. Prepares security plans outlining regulations and establishes security procedures for programs. Reviews and writes evaluations of security proposals and plans. Monitors security programs and coordinates communications and network security requirements. Coordinates other documents and procedures prepared by customer government and contractors. Advises team members on program or operational security risks, explains security risks, mitigation strategies, and resolution options. Works with customers and staff to perform security testing of releases.

COMPETENCIES/ABILITIES

• Strong Audit Skills
• Experience with computer/network security
• Ability to interpret regulations (DCID, JAFAN, NISPOM, etc)
• Minimum 8 years relevant experience
• Ability to create internal policies to meet government and customer requirements
• Prior government contract or Agency experience
• Eligibility to obtain Security Clearance (TS with SSBI)

RESUME SUBMITTAL
Interested candidates should submit their resumes via the position posting on the SMR website at: http://www.smrgroup.com/SMR-Jobs.htm

After the presentations, please join us at our networking reception where you can meet other NYMISSA members and sponsors, share stories and enjoy the food & drinks.

• Venue: Bank of NY Mellon, 101 Barclay Street, New York, NY
• Dress Code: Business Casual

Registration and full details are now available at cvent

Session Details:

Session 1:  Keynote Address: Convergence and The Road Ahead

For organizations to effectively manage risks on enterprise level, security must be aligned with business and technology strategy. Security programs have always had human resource, compliance, legal and audit issues to take into account. All types of risk need to be understood and communicated effectively between security and the rest of the organization. In this session Bob West, CEO of Echelon One will discuss how organizations can create effective governance structures, engage the rest of the organization, manage risks consistently, and drive savings into the organization.

Session 2:  Emerging Threats and Security Best Practices
Josh Shaul, VP Product Development, Application Security Inc.

The presentation will highlight several issues related to database threats and more specifically database security, risk and compliance.  Attendees will learn how hackers and their approaches have changed in the past decade, how they continue to evolve, and how they are impacting the landscape with regard to threats to data. The session draws on several recent sources of research to illustrate how attackers are targeting data at a rate the industry has never before seen, how organizations are impacted, and how they are reacting. Attendees will then be introduced to the database security, risk and compliance lifecycle and advised of best practices that allow organizations to pragmatically secure sensitive data and ground compliance initiatives where the data lives – in the database.
The session will conclude with Database Security 101 – easily achievable first steps that can significantly improve an organizations database security posture.

Session 3:  Achieving the Promise: A Consolidated and Virtualized Network Security Infrastructure
Sanjay Raja, Senior Product Line Manager, Crossbeam Systems Inc.

More than ever, IT budgets are stretched thin. IT staff are pressured to cut costs, reduce management complexity and save resources, all while facing an increasingly sophisticated threat landscape. The rise of integrated security platforms and virtualization solutions has been a major step forward in addressing some of these problems, but many of these solutions still fail to perform effectively within an integrated multi-application security infrastructure. This presentation will highlight the core obstacles to achieving a consolidated, virtualized security infrastructure, as well as the options available to help network managers simplify delivery of security services, while still meeting their needs for performance, scalability and reliability.

Sesson 4:  Corporate IT Security: How Malware is Getting Down to Business
Roel Schouwenberg, Senior Anti-Virus Researcher, Kaspersky Lab, Americas

It’s not news that the IT security threat landscape is getting worse by the day.  In 2008 alone, the Kaspersky antivirus lab saw an 8x increase in malware.  Today’s malware imposes significant business risks due to the highly organized nature of attacks – applications, websites and social networks are all subject to attacks and vulnerabilities.  Today’s hackers are highly organized professionals with vast networks who are able to precisely target a specific division as part of a bigger enterprise to ensure the attack remains stealthy.  In fact, these attacks are so stealthy that a corporate target may not even realize his/her machine has been compromised for days, weeks or months.  During this presentation, Roel Schouwenberg, Senior Anti-Virus Researcher at Kaspersky Lab Americas, will examine what this means for the corporate environment and what organizations need to pay attention to in order to stay on top of these threats and evaluate their security approaches.

Sesson 5:  Tales from the Compliance Edge
Matthew R. Alderman, Director of Strategic Alliances at Qualys

Many organizations are tasked with meeting not one but multiple regulatory IT compliance concerns and, in effort to meet myriad complex requirements, have attempted to streamline and automate IT compliance and information security activities.  As a result of this industry trend, many IT security vendors are promoting use of their solutions as IT compliance tools for automating IT compliance processes. With the merging of IT security and IT compliance topics in software solutions, several organizations have been impacted by selecting solutions that were not applicable to their requirements. This presentation is a discussion of observations from the IT security consultant point of view and provides real world information collected from actual IT security and compliance software implementation engagements that can help enable organizations avoid mishaps that have occurred, how to evaluate the pros and cons of different approaches, and understand what best practices can be leveraged to promote success for IT security and compliance initiatives.

• Venue: KPMG – 51st and Park Avenue, New York, NY
• Dress Code: Business Casual

Registration and full details are now available at cvent.com

Session Details:

Session 1: Cloud Security Alliance-Defining Cloud Computing

Dov Yoran will provide an introduction to the Cloud Security Alliance and updates to current research activities.

James Tiller will provide a framework for the day by defining cloud computing, its attributes and commonly existing models (SaaS, PaaS, and IaaS).

Session 2: Panel I Discussion – Cloud: Legal & Regulatory issues

Data security, integrity, identity management, access controls, and eDiscovery are regulatory challenges that must continue to be addressed in a cloud environment.  Federal and state laws concerning the integrity and permanence of both personal and corporate financial data are quite strict. Potential cloud users with sensitive IP, personal information or international data must confront compliance hurdles before considering such offerings. How does one manage and contractually transfer these risks? Our panel will discuss both the familiar and lesser-known regulatory obligations that Cloud users must consider before leveraging the cloud.  Take away from this session practical pointers on managing legal risk as your CIO and CFO press for movement toward the Cloud.

Session 3: Panel II Discussion – Approaches to implementing cloud solutions

Learn from leading industry executives and enterprise security decision makers on their perspective to implementing cloud computing solutions.  What steps have they taken to protect their organization’s data and infrastructure?  How have they prioritized which cloud services to take advantage of?  What are some of their success stories and lessons learned?  Learn this and more during the upcoming ISSA session on cloud computing.

This discussion will highlight some of the critical data and analysis contained within the 2009 Verizon Data Breach Report. You will learn interesting facts and statistics, which will prove helpful to a company’s planning and security efforts.

Our sponsors will be available after the presentation to answer any questions you may have about the issues and challenges discussed during the session. Please join us and our sponsors in a networking reception where you can meet other NYMISSA members, share stories and have a drink on us.

• Venue: Bank of New York Mellon (101 Barclay Street, New York, NY)
• Dress Code: Business Casual

Registration and full details are now available at cvent.com.

Small community banks in NYC face many of the same security challenges as the big banks. The small budgets and understaffed teams that deal with compliance and security make the challenges more difficult.

In an article on Bankinfosecurity.com, Linda McGlasson writes that small banks are targeted by attackers. She profiles Dennis Weiskircher, IT Manager and Security Officer at Citizens Bank. “I find it surprising how many smaller banks are being targeted by criminals,” Dennis says. “I think they’ve realized that the big banks have the budget to fight online crimes, and so they’ve come down the food chain to hit the smaller banks that have fewer staff to fight these things.”

This discussion will bring some insight on managing IT, Compliance and Security at community banks and the daily challenges they face.

The event will be held at the offices of Deloitte & Touche at 1633 Broadway; registration is now open at cvent.com

The event will be held at PricewaterhouseCoopers, 300 Madison Avenue (at 42nd Street), by the DEC Area by the cafeteria. Full event details and registration information are now available at cvent. com.

As mobile devices become ever more powerful, ubiquitous and integrated into the business landscape, they are increasingly under attack from a range of threats, including theft, malware and sophisticated hacking or eavesdropping attacks.

This session will examine: new classes of malware, such as those designed to attack mobile phones (e.g. Cabir, Locknut and Skulls); the vulnerabilities in devices (e.g. BlackBerry, iPhone); and exposures in the networks they use. It will also identify the security controls that can be deployed to mitigate these threats and vulnerabilities.

The event will be held at PricewaterhouseCoopers, 300 Madison Avenue (at 42nd Street), by the DEC Area by the cafeteria.