Agenda: Informal Workshop on IT Security Management, 2001


Thursday 19 April 2001

9.00    Welcome and Introduction

Pierre-Dominique Schmidt: Executive Director
Guido Maccari: Head of Information Technology and Network Services, Executive Directorate

9.30    Session 1 -- Defending Against External Security Threats

Session Leader: Mr. Tom Keane, Director, IT Division, Central Statistical Office, Ireland

  • Review recent experiences with computer viruses and other malicious software.
  • Review recent experiences with unauthorised intrusion and denial of service attacks.
  • Can we identify a set of "best practice" defenses that our organisations should seek to implement?
  • How can we best deal with security issues related to remote users (business travellers, teleworking, wireless access, etc.)?
  • How can we best defend against unsolicited and unwelcome e-mail?

Short Presentations:


13.00 Lunch

14.30 Session 2 -- Security of Information Flows Among Our Organisations

Session Leader: Dr. Otto Hellwig, Head of Division for IT Coordination, Bundeskanzleramt

  • How much security is needed? Can there be "too much" security?
  • Can we establish a basic set of management objectives regarding security of information flows among our organisations?
  • What joint actions can we take to ensure security and reliability of these information flows?
  • How do we obtain management buy-in and enlist user support?

    Short Presentations:


Friday 20 April 2001

9.00 Session 3 -- Managing IT Security: Solutions for the Future - Part I
Session Leader: Dee Buck, Chief Technical Officer, World Bank

  • What solutions are on the horizon from industry, academia and/or standards bodies?
  • What is the scope for outsourcing external IT security?

    Short Presentations:


12.30 Lunch

14.00 Session 4 -- Managing IT Security: Solutions for the Future - Part II

Session Leader: Ian Hunter, Head of Network Information Services, EXD/ITN

  • What are the emerging threats to security of information flows, and how can we best address them?
  • How do we reconcile the "need for transparency" with the need to protect confidentiality and integrity of information resources ?

    Short Presentations:


17.00 Workshop Summary and Conclusions