Directorate for Science, Technology and Industry

Back to

Home: Information Security and Privacy > OECD-APEC Workshop on Security of Information Systems and Networks - Seoul, 5-6 September 2005

About Publications & Documents Information by Country

OECD-APEC Workshop on Security of Information Systems and Networks - Seoul, 5-6 September 2005

Send

AGENDA

Summary of the Workshop

DAY 1: Monday 5 September 2005

9:00 Opening Session

Welcome
- Opening remarks – Dr. Inuk Chung, Chair, APEC TEL Working Group
- Welcome address to the APEC-OECD Workshop on Security of Information Systems and Networks – Mr. Jung-Hyup Kang, Director General for Information Infrastructure and Security, Ministry of Information and Communication, Korea

Keynote presentations
- Trust & Security as key Challenges to Promoting ICT and Economic Growth - Nobuo Tanaka, Director for Science, Technology and Industry, OECD
- Safeguarding a Cyber World: Collaborative Efforts to Secure Global Network - Hong-Sub Lee, President, Korea Information Security Agency (KISA)

APEC and OECD Strategies for Security
- Workshop Chair – OECD – Keith Besgrove, Vice-Chair, Working Party on Information Security and Privacy, OECD - Presentation
- Workshop Chair – APEC – Shamsul Jafni Shafie, Head, Information and Network Security Department, Monitoring & Enforcement Division, Malaysian Communications and Multimedia Commission - Presentation

10:00 Plenary Session 1: Key Challenges

Trends and Challenges in Security of Information Systems and Networks – Prof. William Caelli, Queensland University of Technology, Australia
Protection of Essential Infrastructure and Services – Ms Nor Azuwa Muhamad Pahri of MIMOS Consulting, Malaysia

10:45 Coffee Break

11:15 Plenary Session 2: Spyware

Moderators: Keith Besgrove, Shamsul Jafni Shafie

TEL 30 Spyware Survey Results – Richard Downing, United States

What is Spyware? - Seow Hiong Goh, Software Policy (Asia), Business Software Alliance (BSA)

Spyware: Policy Issues Faced by Governments – Andrew Maurer, Online Policy, Information Economy Division, Department of Communications, IT and the Arts, Australia

How does Spyware Link to other e-Security Threats? How does it relate to malware more generally? How do these threats affect end users?
- Kim Duffy CEO Internet Security Systems (ISS) - Presentation
- Aaron T. Hackworth, CERT(R) Coordination Center, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA

12:30 Lunch

13:30 Plenary Session 2 : Spyware (continued)

Combating Spyware in the US – Alice Hrdy, Division of Financial Practices Bureau of Consumer Protection Federal Trade Commission, United States
Industry Perspective
- Kang Meng Chow, Microsoft, Singapore - Presentation
- Kay Chuan Chua, Government Relations Representative for Asia Pacific & Japan, Symantec Corporation - Presentation
Using the attributes discussed in the previous discussion, this panel will debate the technical, legal and education strategies for combating Spyware
- Mr. Suresh Ramasubramaniam APCAUCE - Presentation
- Mr. Thomas Veit, Federal Office for Information Security, Germany - Presentation
- Mikko Hyppönen, Chief Research Officer, F-Secure Corp., Finland
Final panel session – Developing an International Agenda
Topics for discussion : Establishing common definitions/understanding, addressing related e-security threats, technical countermeasures, legal countermeasures, public awareness, what cross-border, APEC and OECD actions can be pursued
- Same speakers as above

15:15 Coffee break

15:45 Parallel Session 1 - Reaching out to SMEs and Individuals

The expanding deployment and use of information systems and networks by SMEs and individuals increases the necessity for focusing on securing their systems. What efforts by government are most successful in reaching this segment of users? How is the industry that supplies the hardware, software and services for SMEs and individuals responding to their needs?

Moderator: Michael Mudd, Director Asia Pacific Public Policy, Computing Technology Industry Association (CompTIA)

Introduction to Security and SME’s – Jan Gessin, Asia Oceania Electronic Marketplace Association (AOEMA)
Best Practice of ISMS Implementation in Environments with Limited Resources – Ms. Li-Hsuan Liang, NII Enterprise Promotion Association, Chinese Taipei
Business Perspective on Security Fatigue – SIFT Australia, Nick Ellsmore
National Cybersecurity Alliance: a US initiative geared toward educating SMEs and home users on cybersecurity – Sallie McDonald Special Assistant to the Assistant Secretary for Infrastructure Protection(USA) – on behalf of the National CyberSecurity Alliance
Addressing Information Security Needs of Users – Practical experience at the OECD
Peter Lübkert, Head of Division, Information Technology and Network Services, OECD

Discussion

15:45 Parallel Session 2 - Promoting Effective Global Incident Response (the roles of governments and CERTs/CSIRTs)

Moderator: KrCERT/CC – Facilitator: APCERT

Existing Collaborative Arrangements - What are they and how do they work?
What cross border arrangements currently exist for watch and warning, incident response and information sharing – how do they work and what do they offer the CERT/CSIRT communities.
- Introduction of APCERT - Yurie Ito, JPCERT/CC (On behalf of the APCERT Secretariat)
- Case Study: Co-operation within APCERT - Outline of a Regional CERT/CSIRT Capability in Asia – Jinhyun Cho - KrCERT/CC

Issues and Impediments to Effective CERT/CSIRT Incident Response (IR) operations
To understand some of the issues and impediments to effective CERT IR operations both nationally and internationally and determine how these can be addressed.
- Cross Border collaboration : Practices & experiences - Jiao Xulu - CNCERT/CC
- Building CERT/CSIRT capabilities in developing economies: Network Security in Vietnam and VNCERT - Vu Quoc Khanh - MPT Vietnam

Panel Discussion and Outcomes
Moderator: APCERT
Panel session to discuss the issues raised and to identify outcomes from the session.
- US DOJ
- APCERT (panel)
- Henk Bronk, GOVCERT.NL, Netherlands

17:15 End of day 1 - Cocktail

Day 2 - Tuesday 6 September 2005
9:00 Parallel session 3 - Emerging Security Threats and the Technologies Being Developed to Address Them: the Role of R&D

This session will examine emerging security threats, such as new viruses, worms, and other malware, the threats posed by a new generation of computer savvy hackers and more sophisticated inter-networked technologies, as well as the domestic and international R&D efforts being undertaken to address these threats.

Moderator: Keith Besgrove

Industry Perspective: what are the Risks to be Faced by Organisations? – JongKi Yoo, Business Resilience & Continuity Services, IBM Global Services, Seoul, Korea
Network Security Incident Analysis System for Detecting Large-scale Internet Attacks - Dr. Kenji Rikitake – Expert Researcher Security Advancement Group, National Institute of Information and Communications Technology (NICT), Japan
Fostering the usability of information security solutions – Dr. Steven Furnell, University of Plymouth, United Kingdom
Artifact Analysis R&D – Kevin J. Houle, CERT(R) Coordination Center, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, United States
How will cracking evolve? The discovery of the MS05-036 vulnerability - Mr. Chi-Sheng Yu Information and Communication Security Technology Center National Information and Communication Security Taskforce

9:00 Parallel Session 4 - Comparing Legislative and Policy Approaches to Identity Management and to Security of Information systems and Networks

The session will examine different approaches to identity management and to security of information systems and networks.
Moderator: Shamsul Jafni Shafie

Trusted Computing and the Integrity Government-held Information – Andrew McEwan Mason, New Zealand
Identity Theft – Policies in Australia – Jamie Gillespie, Senior Security Analyst, AusCERT
eGovernment as a Driver for a Culture of Security : the Case of Identity Management (IDM) – Katarina de Brisis, Ministry of Modernisation, Norway
Information Security Governance in Japan – Takashi Ishitobi, Ministry of Economy, Trade and Industry, Japan

10:30 Coffee break

11:00 Plenary Session 3: Reports from the parallel sessions and panel discussion

In this session, the four chairs of the parallel sessions will briefly report the main outcomes of their session and start a panel discussion with one representative of government, business and civil society on possible ways forward for OECD and APEC to co-operate further in the area of security of information systems and networks.
Moderators: the co-chairs of the workshop

Reports from the parallel sessions

Parallel Session 3

Panel discussion

The four chairs of the parallel sessions

Government: Edgar De Lange, Ministry of Economic Affairs, Netherlands

Government: Richard Downing, Department of Justice, Computer Crime Section, United States

Business – Kang Meng Chow, Microsoft, Singapore

Civil society – Marc Rotenberg (Statement)

12:15 Conclusions by the co-chairs of the Workshop on future co-operation

12:35 End of the Workshop.

Top of page

Don't miss

OECD Policy Guidance

Radio Frequency Identification (RFID)
Digital Content

Privacy Online

To assist governments, businesses and individuals in promoting privacy protection online at both national and international levels.

Privacy Online: OECD Guidance on Policy and Practice

Security Guidelines

Now available for download in several languages.

OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (2002)

New Guidelines

OECD Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders

Privacy Guidelines

Includes the "Declaration on Transborder Data Flows" and the "Ministerial Declaration on the Protection of Privacy of Global Networks".

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data