 |
TRACK: Securing the Information Architecture
Wednesday, 9:00 - 12:30
9:00 - 9:45
The Open Group Simplifying the Cost of Compliance
Regulatory compliance affects most all area of governments and business: financial, health insurance, and defense systems. Although these compliance standards are industry specific, and address controls and regulations unique to those industries, most all have elements or requirements around IT security. The key component needed to reduce the cost of IT compliance is automation. The Automated Compliance Expert Working Group has developed a standard called ACEML which provides a standard method of representing any Regulatory Compliance IT requirements. This session will review the ACE working group progress and its involvement with Compliance Organizations, Industry and IT Analysts.
Presenter: Shawn Mullen, AIX Security Architect, IBM
 Shawn Mullen is the AIX Security Architect and Master Inventor at IBM with over 60 US patents.
|
9:45 - 10:30
SPIDER Solution: Self Protecting Information for De-perimeterized Electronic Relationships
This session will consider an icon-based approach to information classification and control developed at Cardiff University and discussed in the Jericho Forum. Building on the Creative Commons approach, Cardiff University’s JISC-funded SPIDER project, and subsequent development work, proposes a method of protecting information within xml-based documents. It employs an adaptable policy such that the author can change access rules even after the protected information has been disseminated. The icons represent the desired controls graphically, but they also have related human and machine-readable controls. The presentation will include demonstration of an MS-Word plug-in to illustrate the ease of use of such a concept. The intent is to develop the approach within The Open Group, exploring the potential of an open “Protective Commons” icon set.
Presenter: Jeremy Hilton, University of Cardiff
 Jeremy Hilton is a leading member of the Strategic Information Systems Sub-group within Knowledge and Information Systems and specialise in information security, information systems strategy, organisational learning and change.He has been working in information security for most of his career, focusing on information security policy and secure systems operation. His main research interests are in effective methods of introducing a culture of information security in organisations, and the communication and enforcement of information security requirements within and between organisations.
|
10:30 - 11:00
Break
|
11:00 - 11:45
Rights Management
Globalization has become an important force in modern business. It has expanded with whom and how we communicate. Wider communication may mean increased risks, however, because companies may be forced to collaborate with capable partners that may have very different views of intellectual property law or operate under different regulatory frameworks.
Rights Management is an effective technology for preventing unauthorized access to corporate information within and beyond the traditional organizational boundary. When coupled with existing infrastructure, it can be deployed in seamless ways for document authors and collaborators worldwide. To help you believe that Rights Management can be an effective information protection solution, I will present a few Adobe LiveCycle Rights Management ES2 customer stories and the kinds of questions they asked when selecting a solution.
Presenter:
Jonathan Herbach, Senior Product Manager, Adobe Systems
 Jonathan Herbach is a senior product manager specializing in security solutions for Adobe Systems, driving the strategy and direction for the LiveCycle Rights Management product. His experience includes enterprise software development, cloud computing, as well as authentication and identity systems. Jonathan holds an M.S. in Computer Science from Stanford University, and is the recipient of a number of honors from Princeton University, where he received his B.S.E. in Computer Science
|
11:45 - 12:10
Standards Requirements for Rights Management
Steve will explain his view that we need 2 standards for information protection - one on rights management, and another on information metadata/tagging standards that Policy Decision Points could use to control information access.
Presenter: Steve Whitlock, Chief Information Security Architect, Boeing, US
 Stephen Whitlock, Chief Security Architect for The Boeing Company, is an internationally recognized specialist in the field of information security. His background includes the development of tools for testing system and network security. He has also written numerous papers and presented information on cryptography, UNIX systems, and network security to a wide variety of audiences.
Whitlock developed an encryption strategy for large, multi-platform enterprise environments, which was presented to the U.S. Office of Science and Technology Policy, the National Security Council, and the FBI.
He has authored numerous articles on information security and has been instrumental in the development of technical standards relating to computing security technologies.
Whitlock has been an active participant in the security activities of the Internet Engineering Task Force, Key Recovery Alliance, Jericho Forum, and The Open Group. As the chair of the Open Group's Security and Electronic Commerce Program Group, he led the development of several standards, including the Common Data Security Architecture, and Advanced Authorization API. He is currently the Vice-Chair of the Open Group Security Forum and a member of the Board of Management of the Jericho Forum.
|
12:10 - 12:30
Rights Management Panel
|
 Return to previous page |
|
|
