Loading images...
Loading images...
Loading images...

February 2016 – Overcoming Configuration Management Challenges

Date Venue Presentations
Date February 23, 2016 (Register)

“If for any reason you are prevented from registering, and you would like to attend the event, please send a communication to board@nymissa.com.”

Event Start Time – End Time 2:00 – 5:00 pm
Overall Event Title Overcoming Configuration Management Challenges
Event abstract Configuration Management facilitates the availability, reliability, and security of an organization’s systems by establishing minimum baseline standards for server builds, developing systems based on those standards, and ensuring the integrity of those systems throughout their life-cycle


Where deviations from approved standards occur, they should be captured by auditing or monitoring processes and reported to management, and if necessary reconciled to ensure the security of affected systems.


In this session, various presenters will cover the key elements of configuration management, and how to overcome common challenges.


Robert Half International –

125 Park Avenue, Ste. 400

Dress Code Business casual
Event kickoff opening remarks 2:00 – 2:10
Speaker NY ISSA Board Member
Session description Welcome attendees
Session Title Building Minimum Baseline Standards
Start Time – End Time 2:10 – 2:55
Session Description Minimum Baseline Standards (MBS) are developed by organizations as a matter of due diligence and industry regulation. The standards are developed to reflect your business, best practices and to comply, where possible, with industry guidelines.


However, the task of coordinating resources and obtaining “buy-in” in the development of these standards can be daunting. This discussion will offer some methods to overcome these challenges.

Speakers Francis Yom
Bio(s) Francis Yom is a Senior Sales Engineer at Tripwire.  He brings over 12 years of security software experience, and is responsible for driving sales and evangelizing Tripwire in New York and the Financial Enterprises.

Francis joined Tripwire in 2007.  Prior to joining Tripwire, Francis was a sales engineer at Novell and e-Security.  He is certified on both IT management and security, holding both ITIL and CISSP certifications as well as being an MCSE and a GSEC incident handler.


Session Title Deploying Security Configurations
Start Time – End Time 2:55 – 3:30
Session Description Once a configuration standard is identified and constructed, an organization must develop a procedure to quickly and seamlessly implement a new, or newly updated, standard. This must be done without disrupting the course of normal business and without damaging the organization’s technical infrastructure.


A deployment plan allows organizations to maintain secure configurations and assists in identifying security vulnerabilities, which often occur as deviations from the plan.


This discussion will focus on the phased implementation of minimum baseline standards throughout an enterprise.

Speakers Kenneth Ramachran
Kenneth Ramcahran is a Manager based out of Protiviti’s New York office. He has experience across multiple industries in the solution areas of IT and Enterprise Application Solutions. Kenneth has formulated process documentation that captures activities related to the regulatory and business IT compliance. He is also knowledgeable in testing and documentation of IT controls related to multiple, key business areas as well as those controls relevant to the IT regulations

He’s managed the execution and provided subject matter consultation of configuration management solutions for a global financial institution to over 9,000 critical production severs across four regions including Singapore, Germany, UK, and US.

Networking Break 3:30 pm – 3:50
Session Title Monitoring and Maintaining Compliance
Start Time – End Time 3:50 – 4:30 PM
Session Description Once deployed, a configuration standard should be monitored or periodically audited for any deviations from the standard.  Data from systems should be aggregated and analyzed in order to identify any systems which may deviate from the standard configuration.


Mechanisms for monitoring range from automated tools to manual review.  Once identified, deviations from the standard should be documented and cause of the deviation should be addressed in the deployment plan.

Speakers TBD
Bio(s) TBD
Who should attend  (customize to each session content) Who should attend this session:

ISSA Members, ISACA Members and FS/ISAC Members (and other ISAC’s)

This program has been created for information security practitioners,
but may also be of interest to the following:

Auditors who intend to evaluate configuration management within an enterprise.

Security practitioners and system admins seeking to accomplish or implement Configuration Management objectives.

Security Management & Executives – With a goal of understanding industry practices trends, and seeking perspective on implementing technical assessment activities in the context of a broader application security program.