Return to > Information security and privacy > Security > 2002 Security Guidelines

AGENDA

Summary of the Workshop

 

DAY 1: Monday 5 September 2005

9:00         Opening Session 

• Welcome
  • Opening remarks – Dr. Inuk Chung, Chair, APEC TEL Working Group
  • Welcome address to the APEC-OECD Workshop on Security of Information  Systems and Networks – Mr. Jung-Hyup Kang, Director General for Information Infrastructure and Security, Ministry of Information and Communication, Korea

• Keynote presentations
  • Trust & Security as key Challenges to Promoting ICT and Economic Growth - Nobuo Tanaka, Director for Science, Technology and Industry, OECD
  • Safeguarding a Cyber World: Collaborative Efforts to Secure Global Network - Hong-Sub Lee, President, Korea Information Security Agency (KISA)

• APEC and OECD Strategies for Security
  • Workshop Chair – OECD  – Keith Besgrove, Vice-Chair, Working Party on Information Security and Privacy, OECD - Presentation
  • Workshop Chair – APEC – Shamsul Jafni Shafie, Head, Information and Network Security Department, Monitoring & Enforcement Division, Malaysian Communications and Multimedia Commission - Presentation 

10:00       Plenary Session 1: Key Challenges

• Trends and Challenges in Security of Information Systems and Networks  – Prof. William Caelli, Queensland University of Technology, Australia
• Protection of Essential Infrastructure and Services – Ms Nor Azuwa Muhamad Pahri of MIMOS Consulting, Malaysia

10:45       Coffee Break

11:15       Plenary Session 2: Spyware

Moderators: Keith Besgrove, Shamsul Jafni Shafie

• TEL 30 Spyware Survey Results – Richard Downing, United States

• What is Spyware? - Seow Hiong Goh, Software Policy (Asia), Business Software Alliance (BSA)

• Spyware: Policy Issues Faced by Governments – Andrew Maurer, Online Policy, Information Economy Division, Department of Communications, IT and the Arts, Australia

• How does Spyware Link to other e-Security Threats?  How does it relate to malware more generally? How do these threats affect end users?
  • Kim Duffy CEO Internet Security Systems (ISS) - Presentation
  • Aaron T. Hackworth, CERT(R) Coordination Center, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA

12:30       Lunch

13:30       Plenary Session 2 : Spyware (continued)

• Combating Spyware in the US – Alice Hrdy, Division of Financial Practices Bureau of Consumer Protection Federal Trade Commission, United States
• Industry Perspective
  • Kang Meng Chow, Microsoft, Singapore - Presentation
  • Kay Chuan Chua, Government Relations Representative for Asia Pacific & Japan, Symantec Corporation - Presentation
• Using the attributes discussed in the previous discussion, this panel will debate the technical, legal and education strategies for combating Spyware
  • Mr. Suresh Ramasubramaniam APCAUCE - Presentation
  • Mr. Thomas Veit, Federal Office for Information Security, Germany - Presentation
  • Mikko Hyppönen, Chief Research Officer, F-Secure Corp., Finland
• Final panel session – Developing an International Agenda
  Topics for discussion : Establishing common definitions/understanding, addressing related e-security threats, technical countermeasures, legal countermeasures, public awareness, what cross-border, APEC and OECD actions can be pursued
  • Same speakers as above

15:15       Coffee break

15:45       Parallel Session 1 - Reaching out to SMEs and Individuals

The expanding deployment and use of information systems and networks by SMEs and individuals increases the necessity for focusing on securing their systems.  What efforts by government are most successful in reaching this segment of users?  How is the industry that supplies the hardware, software and services for SMEs and individuals responding to their needs?

Moderator: Michael Mudd, Director Asia Pacific Public Policy, Computing Technology Industry Association (CompTIA)

Discussion

15:45       Parallel Session 2 - Promoting Effective Global Incident Response  (the roles of governments and CERTs/CSIRTs)

Moderator: KrCERT/CC – Facilitator: APCERT

• Existing Collaborative Arrangements - What are they and how do they work? 
  What cross border arrangements currently exist for watch and warning, incident response and information sharing – how do they work and what do they offer the CERT/CSIRT communities.
  • Introduction of APCERT - Yurie Ito, JPCERT/CC (On behalf of the APCERT Secretariat)
  • Case Study: Co-operation within APCERT - Outline of a Regional CERT/CSIRT Capability in Asia – Jinhyun Cho - KrCERT/CC

• Issues and Impediments to Effective CERT/CSIRT Incident Response (IR) operations
  To understand some of the issues and impediments to effective CERT IR operations both nationally and internationally and determine how these can be addressed.
  • Cross Border collaboration : Practices & experiences - Jiao Xulu - CNCERT/CC
  • Building CERT/CSIRT capabilities in developing economies: Network Security in Vietnam and VNCERT - Vu Quoc Khanh - MPT Vietnam

• Panel Discussion and Outcomes
  Moderator: APCERT 
  Panel session to discuss the issues raised and to identify outcomes from the session.
  • US DOJ
  • APCERT (panel)
  • Henk Bronk, GOVCERT.NL, Netherlands

17:15        End of day 1 - Cocktail

Day 2 - Tuesday 6 September 2005
9:00 Parallel session 3 - Emerging Security Threats and the Technologies Being Developed to Address Them: the Role of R&D

This session will examine emerging security threats, such as new viruses, worms, and other malware, the threats posed by a new generation of computer savvy hackers and more sophisticated inter-networked technologies, as well as the domestic and international R&D efforts being undertaken to address these threats.

Moderator: Keith Besgrove 

9:00 Parallel Session 4 - Comparing Legislative and Policy Approaches to Identity Management and to Security of Information systems and Networks

The session will examine different approaches to identity management and to security of information systems and networks.
Moderator: Shamsul Jafni Shafie

10:30  Coffee break

11:00  Plenary Session 3: Reports from the parallel sessions and panel discussion

In this session, the four chairs of the parallel sessions will briefly report the main outcomes of their session and start a panel discussion with one representative of government, business and civil society on possible ways forward for OECD and APEC to co-operate further in the area of security of information systems and networks.
Moderators:  the co-chairs of the workshop

Reports from the parallel sessions

• Parallel Session 3

Panel discussion

• The four chairs of the parallel sessions
• Government: Edgar De Lange, Ministry of Economic Affairs, Netherlands
• Government: Richard Downing, Department of Justice, Computer Crime Section, United States
• Business – Kang Meng Chow, Microsoft, Singapore
• Civil society – Marc Rotenberg (Statement)

12:15  Conclusions by the co-chairs of the Workshop on future co-operation

12:35  End of the Workshop.