SEARCH ADVANCED
Home Why IANS Research Consulting Individual Membership Events E-Secure-IT About IANS Log In






Date & Location
May 4-5, 2010
Roosevelt Hotel
New York, NY




Earn 16 CPEs for attending the
2-day Forum


Faculty & Speakers



Rich Aldrich



Adam Cardinal



Allan Carey



Josh Corman



Jack Phillips



Marcus Ranum



Ron Ritchey



Randy Sabett



Joel Scambray



Nick Selby



Aaron Turner


New York Metro Information Security Forum

Agenda Tracks

Information Assurance
  • Challenges with Structured and Unstructured Data
  • Use Cases for DLP
  • Moving Beyond DLP: What's Next?

    Security Operations
  • Proactive Threat Management
  • Use Cases for SIEM
  • Best Practices in Response

    Security Gamechangers
  • How Security Changes with Virtualization and Clouds
  • Mobility's InfoSec Future
  • Putting It All Together: Re-Perimeterization

    Software Security
  • Best Practices for a Secure SDLC
  • Tools & Techniques to Test Applications
  • AppSec Tactics and Benchmarks

    Risk Management
  • Think Risk
  • Regulation 2.0: New Administration, New Rules
  • Information Security and Contracts: What You Need to Know for 2010

    Security Leadership
  • "Data Breach Action Plan" - An IANS Case Study
  • Building and Managing a High-Performing Security Team
  • "The Trouble with Harry" - An IANS Case Study

    IANS Focus Topics
  • Standing Up a Pen Testing Capability
  • Seeking the APT
  • Real-time Enterprise Intelligence
  • Are You Rugged?
  • Risks and Rewards from Social Media

    Information Assurance
    Challenges with Structured and Unstructured Data
    This session will focus on the technology and procedures to discover, classify and monitor for inappropriate movement of structured and unstructured data in your environment.

    Use Cases for DLP
    DLP technology has been commoditized. What are some of the ways your peers are using the technologies in ways that perhaps weren't in the marketing manual? This session involves sharing use cases for DLP and the lessons learned.

    Moving Beyond DLP: What's Next?
    You've made a classification scheme, reduced the scope of your data inventory, and used DLP technologies to 'lock down' broad areas of your information. Now what? This session will discuss advanced DLP tips and tricks.

    Security Operations
    Proactive Threat Management
    More targeted threats and zero-day attacks are causing organizations to rethink their threat mitigation strategy. Better assessments and patch/config processes are a priority, but not enough. This session will focus on strategies, processes and technology to turn the tables and become more proactive.

    Use Cases for SIEM
    Solutions for SIEM have matured over the past two years, yet the use cases are often unclear which lead to dissatisfaction. This session involves participants sharing their experiences with SIEM, the specific use case, and the benefits gained from their deployment.

    Best Practices in Response
    Incident response has become a critical infosec function in the wake mass data breaches and increasing attack vectors. This session will focus on sharing best practices to structure a team, develop processes and arm staff with tools to get the job done.

    Security Gamechangers
    How Security Changes with Virtualization and Clouds
    This session will expand upon the practical elements of virtualization and how they extend to Cloud Computing. We'll explore how security manifests for/within/via various types of clouds. Mapping elements to a catalog of compensating controls and compliance initiatives will focus our efforts on the most relevant approaches to assessing security in Cloud Computing environments and how to approach evaluating your options.

    Mobility's InfoSec Future
    Understanding how the evolving mobile threat landscape can impact your organization's overall information security program. Key discussion points will focus on how current infosec controls can be leveraged for mobile and what new controls your organization may need to evaluate to better manage mobile-related risks.

    Putting It All Together: Re-Perimeterization
    This session will take the information from the first two sessions and introduce the concept of de/re-perimeterization with a discussion of the Cloud Security Alliance and Jericho Forum's models and how they relate to security architectures and managing risk in a virtualized and Cloud-driven environment.

    Software Security
    Best Practices for a Secure SDLC
    Just starting or an existing mature program, organizations can benefit from one another to improve security in their software development lifecycle (SDLC). This session will focus on key elements of a successful program and how to operationalize those elements.

    Tools & Techniques to Test Applications
    Eventually, every conversation around a process heads right to the tools and technology. Testing applications during and after their development is crucial to understanding their current state weaknesses. This session will discuss the tools and techniques for vulnerability testing internal and web-based applications.

    AppSec Tactics and Benchmarks
    As an industry, we struggle to find a benchmark that enables us to measure our progress and effectiveness in the area of application security. This session will explore key tactical and strategic considerations for building your own benchmark.

    Risk Management
    Think Risk
    Business leaders understand and talk in terms of risk, not security. However, risk can have a language of its own whether you're addressing enterprise risk or IT risk. This session will focus on risk management strategies, frameworks and best practices to transition from a security group to a risk-based business advisor.

    Regulation 2.0: New Administration, New Rules
    The financial sector meltdown and a new Administration would cause enterprises to believe regulatory changes are inevitable. This session's discussion will focus on the Obama administration's agenda and what's being proposed in D.C. and elsewhere that could affect your organization.

    Information Security and Contracts: What You Need to Know for 2010?
    More and more frequently, legal departments call on security practitioners for input on contractual and licensing matters. This session will discussion common terms, allocation of liability, and tricks to keep in mind when negotiating security-related provisions.

    Security Leadership
    "Data Breach Action Plan" - An IANS Case Study
    Navigating a suspected data breach is no fun. Your organization immediately gets hit from all sides, and making the right decisions without full information is essential for the entire enterprise team from the CEO on down. IANS' newest case study explores how to prioritize your actions, and puts you in the shoes of senior management.

    Building and Managing a High-Performing Security Team
    Drawing from three years of IANS Forum discussions, this session will focus on the most promising operating models for information security, how feasible it is to manage information security like a business, and how to inject a sense of entrepreneurial spirit into the mix.

    "The Trouble with Harry" - An IANS Case Study
    Striking the right mix of technical speak and business speak is challenge for all IT groups. For IT security professionals, presenting the value of technical controls that don't slow down the business is particulary challenging. This case study will explore these issues.

    IANS Focus Topics
    Standing Up a Pen Testing Capability
    Pen testing is increasingly becoming a standard arrow in the information security quiver. While pen testing is a powerful tool, it's very important to staff your team properly, and cover the important bases of legal authorization and audit trails. This year, the session includes new use cases, lessons learned from the past six forums, plus field experience.

    Seeking the APT
    Advanced persistent threat (APT) is the marketing buzzword of 2010. Are the threats anything net new in the industry or just more top of mind? Almost every penetration aims to be "persistent" and is - by definition - more advanced than the defenses it eluded. The real problem, however, is detecting when APTs are attempting to or have already compromised your IT environment. This session will offer some approaches on how to detect them.

    Real-time Enterprise Intelligence
    In the risk influencer ecosystem, organizations expend a significant amount of energy focusing on geopolitical, financial, operational, and market risks. Since information has more avenues than ever to leave the organization, employee risk should be high on the operational risk list. From background checks to Twitter posts - how are you monitoring your organization's exposure to risk from your employees' activities?

    Are You Rugged?
    Software security is a strategic focus for many organizations as the threats have migrated up the stack to the application layer. Security must be a core competency in the SDLC and developers must be taught and live the principles of secure coding. This session will introduce a new way of thinking in this important area.

    Risk and Rewards from Social Media
    In the "always connected" realm, corporations are evaluating and using social media for a plethora of business cases. From crowd sourcing new product and service ideas to brand promotion and image control to extended customer service, organizations are looking for creative ways to maximize the benefits of social media. This session will explore the rewards and, more importantly, the risks to social media's presence in the organization.

    Forum Schedule


    • DISCLAIMER | PRIVACY POLICY | CONTACT US © 2009 COPYRIGHT IANS