Interactive Learning Sessions

20th New York State Cyber Security Conference

12th Annual Symposium on Information Assurance(ASIA)

June 7 - 8, 2017

Empire State Plaza - Albany, NY


Cyber Security Risk Management: Analyzing and Exploring the Data

Tuesday June 6, 2017

9:00am - 12:00pm

New York State Office of Information Technology Services, Enterprise Information Security Office (EISO), Governance Risk Management and Compliance Team

*Please note this training occurs before the conference.

Pre-Registration is Required

Analyzing the information security risks in an organization is a fundamental task of security management in an organization. Yet, organizations continue to struggle to identify cyber risks and use this information to drive security investments in the organization.  This session takes participants through an organizational risk management process. The session provides a broad overview of risk management best practices and then delves deep into actual analysis process through cases and examples. The session will bring the process to life through the demonstration of the tools used to do data analytics and lessons learned. 





Cyber Security for the C-Suite

Wednesday June 7, 2017

11:00am - 2:20pm (Session runs 11:00 - 11:50am and 1:30 - 2:20pm)

Pre-Registration is Required

Protecting data is ultimately the responsibility of an organization's C-Suite/Boardroom.   With an increasing number of organizations turning to "smart" offices (mobile phones, tablets, etc.), hackers have a wider attack surface to exploit gaps in an organization's infrastructure.   Most organizations are not aware of every single device being used on their network.  As complexity rises, so does the risk to organizational data.  This session aims to arm senior executives with the knowledge to ask the right questions on cyber security.  Topics that will be covered include establishing proper governance and oversight for cyber security; understanding the evolving threat landscape and business impact; effectively assessing an organization's security risk posture;  applying governance to minimize organizational risk; creating a culture of security awareness; applying frameworks and standards; managing  security incidents; and concluding with metrics for measuring program effectiveness.

Cyber Wargame Simulation

John Gelinne and Pete Renneker, Deloitte & Touche

2:40. - 4:40 p.m. (Session runs 2:40 - 3:30 p.m. and 3:50 - 4:40 p.m.)

Pre-Registration is Required

Cyberattacks are increasing in frequency and impact to organizations, and your organization may be next. These events demand a prioritized response. Where do you start? Who needs to be engaged? How do you act when details are incomplete and events unfold in unpredictable ways? What resources could aid or impede your response? 

Deloitte & Touche Advisory will lead this interactive session, which will immerse participants in a simulated cyberattack. They will share perspectives on cyber incident response, discuss how risks are prioritized, identify strategies for response and recovery, and examine best practices for increasing overall cyber resilience.

Internet of Things (IoT) Hack Lab 

Open during Exhibit Hall hours. No pre-registration is required.

The IoT Hack Lab is a participation area where conference attendees can learn about vulnerabilities of various Internet-connected devices. Presented by Tripwire's Vulnerability and Exposure Research Team (VERT), Tripwire researchers will be on-hand to discuss IoT device vulnerabilities, provide short presentations, and assist attendees as they interact with popular IoT devices.  They will also be displaying some interesting tools and techniques that you can apply to the IoT devices in your life.  The Hack Lab consists of a wide range of 'smart' devices (e.g., routers, cameras, media devices, baby monitors, Wi-Fi electrical outlets.) 

Conference attendees are encouraged to bring their own laptops equipped with either VMWare or VirtualBox with support to run a 64-bit VM to test device vulnerabilities first hand.