18th Annual New York State Cyber Security Conference Training


18th New York State Cyber Security Conference

10th Annual Symposium on Information Assurance

June 2 - 3, 2015

Empire State Plaza, Albany, NY

Pre-Registration is Required for the Training Session.

*Please note this training occurs before the conference*

It's not a matter of IF, but WHEN, your organization will fall victim to a cyber incident.  Will you be ready?

Cyber security breaches continue unabated with millions of data records stolen each week. It is important for organizations to develop capabilities for detecting and analyzing incidents to both determine the damage and perform remediation action to eliminate vulnerabilities and prevent future attacks.

This two-part training brings together the management and the technical side of incident response all in one day.

Incident Response - The Executive View


Meeting Room 6

We tend to think of cyber incidents as the purview of the technical folks in IT incident response, but executives will be faced with questions from the media and higher ups wanting to know how the incident happened, why the organization was vulnerable and what steps you are taking to remediate any identified problems.

Using an incident scenario (story), this session will help you to explore and better understand what steps and actions your management needs to take to help prepare for, prevent, detect, and respond rapidly and effectively to the event. 

You will learn the essentials of incident response preparation including:

Identifying your incident response team;

The playbook/management plan;

Developing a communications and escalation matrix; and

Understanding the resources at your disposal.

Audience:  Executive and Senior Management, Public Information Officers, Counsel's Office, Human Resources

Incident Response - The Technical View


Meeting Room 7

This class is at capacity. A laptop is required for participation. 

This tutorial will instruct students in developing effective monitoring processes that will enable incident identification and response. We will review principles of effective log management and analysis, including anomaly detection and correlation. The tutorial begins with an overview of the logging protocols and tools necessary to collect data for incident analysis and response. The students in the class will become familiar with different data sources and formats, in the context of the organization's information technology infrastructure.  The second part will discuss particular attack methodologies, including tools, tactics, and procedures that adversaries will employ to gain access to your environment. The third phase of the tutorial will involve analysis of individual log files to detect anomalies and perform root cause analysis. This part of the tutorial will also discuss how files can be correlated with each other such that the attack pathway can be determined. We will work with real world data in hands-on exercises to recognize and analyze hostile activity. The final part of the tutorial details the process of managing the attack including creating an investigative team, managing communication, and preparing reports as necessary.

Audience:  Technical Incident Response and Information Technology Operations Personnel

Information Security Risk Analysis


Meeting Room 7

This class is at capacity. A laptop is required for participation. 

Analyzing the information security risks in an organization is a fundamental task of security management in an organization. Yet, organizations continue to struggle to conduct risk analysis and make the right decisions security investments in the organization. This tutorial takes the students through the process of organization's risk analysis. The tutorial provides a broad overview of the risk analysis process and then delves deep into the actual process through cases and examples. The first part of the risk analysis process is the identification of assets, vulnerabilities, and threats. The second part of the process involves determining the exposure of the organization to cyber security risks. The third part of the process is identifying the controls to mitigate the risk to an acceptable level. The tutorial will use excel spreadsheets and take the users through the entire thread of the risk analysis process. The tutorial discusses the differences between qualitative and quantitative risk analysis as well as some advanced risk analysis methodologies based on attack trees and probabilistic analysis.

360-degree Global Cyber Threat Analysis


Meeting Room 7

From malware to open source intelligence to threat actor identification, analyzing a large cyber-attack is tedious work.  By analyzing pre-existing attacks before they target your organization you can be more proactive.  If you are reacting to an attack against your enterprise you can be more effective. This half-day tutorial will begin with dynamic analysis and profiling of a malware sample.  From the information extracted we will identify domains, functionality, similar attacks and, finally, the threat actor responsible. Using the latest tools for malware analysis, open source intelligence, domain identification and threat actor identification we will create an attack profile that can be used either proactively or reactively to protect your enterprise or respond to attacks. The tutorial will be conducted live from our cyber threat analysis platform and will provide a complete recipe for global cyber threat analysis.