TrustIT is uncovering the latest information on IT security and threats
- International Information Security Conference (SEC 2010)
- Critical Information Infrastructure Protection (CIP)
- Human Choice and Computers International Conference (HCC9 2010)
Track 3: Surveillance and Privacy
|Name||Job Title||Organisation||Abstract Title|
|Paul Ducklin||Head of Technology, Asia Pacific||Sophos, Australia||Malware analysis and detection|
|Dr Peter Gutmann||Researcher, Professional Paranoid||University of Auckland||Unsolveable problems in computer security|
|Detective Superintendent Brian Hay||Superintendent||State Crime Operations Command, Queensland Police Service||Online crime law enforcement|
|Richard Johnson||Head, Information Security||Westpac||Case Studies in applied information security|
|Marcus Sachs||Executive Director of Government Affairs for National Security Policy||Verizon||Cyberspace – A Matter of National Security|
|Richard Turner||CEO||Clearswift||Global insight into Web 2.0 in the workplace today|
|Professor Craig Valli||Professor||Edith Cowan University||Unholy Convergences|
Abstracts and Biographies
Paul Ducklin is a computer scientist with a passionate focus on security. He has been with Sophos since 1995, and is currently Head of Technology, Asia Pacific. Ducklin (or you can call him "Duck", since it is shorter and easier to say) is a regular and popular presenter at AusCERT and Questnet conferences. In 2009 he received the inaugural AusCERT Director's Award for Individual Excellence in Information Security, something he doesn't mention much, except on-line, in press releases (photographs on request) and whenever he's asked to write a biography for a seminar or conference.
The field of computer security contains many tough problems. Some of them though go beyond simply being hard to being completely unsolvable. This doesn't mean that they're merely currently unsolved, but that they have no general solution, or at least no technology-based one. Using the concept of wicked problems from the field of social planning, this talk looks at some of the more notable - and troublesome - unsolvable problems in computer security. While pointing out that certain problems are in general unsolvable may present a bit of a conundrum, identifying this fact may allow them to be addressed at the business-model or political rather than the technological level.
Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption including the X.509 Style Guide for certificates, and is the author of the open source cryptlib security toolkit. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about PKIs and the lack of security usability.
Detective Superintendent Brian Hay has been a member of the Queensland Police Service for 29 years. Since 2004, Mr. Hay had extensively worked in the area of fraud and corporate crime and at present has principal responsibility for the management and direction of the Fraud & Corporate Crime Group.
Mr. Hay has a broad investigative background with forays into the investigation of drugs, outlaw motorcycle gangs, sexual predators and public sector corruption. These duties have been interspersed with uniform general duties and corporate responsibilities.
He is regarded as having a degree of expertise within the fraud and cyber environments and is often sought for media comment. He has made appearances on:
- 60 Minutes;
- A Current Affair;
- Today Tonight;
- Today Show and others.
In 2006 Mr. Hay completed a Masters in Public Policy and Administration.
In 2009 he was the recipient of the Australian Police Medal.
In 2009 he was the recipient of an international award from McAfee for efforts in combating cyber crime.
In 2010 he was the recipient of the National AusCERT Award for Individual Excellence in Information Security.
Richards’s presentation will cover real world examples of the practical application of information security theory and principles to real business scenarios within the financial services industry.
Richard will explore the importance as a risk professional in striking a balance between risk and reward to ensure that the appropriate level of controls are applied to solving business problems.
The value of adopting an appropriate philosophy within information security or information risk to assisting the business to meets its goals whilst also ensuring that controls are effective and that stakeholder trust is maintained.
Richard Johnson is the Chief Information Security Officer for the Westpac Banking Group. Richard has responsibility for ensuring that all customer data is suitably protected and that information systems within Westpac are designed and operated securely. Richard also has responsibility for the security of customer facing systems and for the banks security research & cybercrime response functions. Richard has been with Westpac for 10 years and has over 15 years experience in information security, risk & compliance based roles. Richard has a background in chartered accounting with a degree in economics
Cyberspace began as the domain of technologists and engineers, with a focus on building circuits, switches, computers, and software that could reliably sustain a new global form of communication. In the past decade, cyberspace has taken on a new meaning, one that is more focused on the "content" and meaning of the bits, rather than the "conduit" of wires and switches through which humans connect their thoughts and ideas. This presentation examines these trends and their impact on the security and sovereignty of all nations. Topics to be discussed include how cyberspace became so insecure; complex issues such as the militarization of cyberspace, nation-state cyber espionage, and organized criminal activity; and the impact on critical infrastructures of the flood of counterfeit technology entering the global market.
Marcus Sachs is Verizon's Executive Director for National Security and Cyber Policy. He is a member of the CSIS Commission on Cyber Security for the 44th Presidency and since 2003 has volunteered as the Director of the SANS Internet Storm Center. He is currently the Secretary of the U.S. Communications Sector Coordinating Council and serves on several other public/private working groups in Washington. He retired from the U.S. Army in 2001 following a 20 year career and was subsequently appointed by the President to serve in the White House Office of Cyberspace Security in 2002-2003. He holds degrees in Civil Engineering, Computer Science, and Science and Technology Commercialization, and is currently pursuing a Ph.D. in Public Policy at George Mason University. He authored and teaches a three-day course in Critical Infrastructure Protection at the SANS Institute, is a licensed Professional Engineer in the Commonwealth of Virginia, and is a co-editor of IEEE's Security and Privacy magazine.
As web communications and collaboration have matured and become more and more integral to people's lives companies are now increasingly using such technologies to connect more effectively internally and externally with customers, suppliers and partners. As the traditional 9-5 way of working continues to fade, companies have to adjust to the new world order that Web 2.0 brings to the workplace, harnessing the benefits whilst being mindful of the potential threats. In this presentation, Richard Turner, chief executive officer, will outline the results of global research conducted in 2010 on behalf of Clearswift. The results explore the good, the bad, the ugly of Web 2.0 from the perspective of managers and employees. He will highlight ways in which companies can better harness the benefits of Web 2.0 without losing or demanding control over people and content. He will also outline how Australian companies compare to their global counterparts.
Richard Turner was appointed chief executive officer of Clearswift in 2008. In this role, Richard is responsible for the strategic direction of the organisation, driving the global sales operations and leads Clearswift's mission to simplify its customers' IT security to protect their intellectual property and data.
Under his leadership, Clearswift has implemented a new organisational structure, a new brand identity, a new channel partner program, and improved the support it offers customers. This growth strategy has attracted new customers and resulted in strong business growth during challenging economic times.
Prior to joining Clearswift, Richard spent 12 years at RSA, the security division of EMC, where he held a number of senior management positions including vice president and managing director, Asia Pacific; vice president, worldwide channels; and director of channels and business development, Europe, the Middle East and Africa (EMEA).
Richard brings to Clearswift his extensive experience within the security market and a strong track record for successfully executing growth strategies around the globe.
This will explore the issues around convergence of technologies specifically the use of GPS enabled devices and services and their implications for personal and corporate security. Many computer services (twitter, facebook, foursquare) and devices (computers, cameras, phones) now have geotagging or GPS enabled features. This presentation will explore some of the personal and corporate security issues relating to this unholy convergence of services and resulting outcomes that we use often with little thought other than it's fun.
Craig is currently the Head of School and a Professor (Digital Forensics) within the School of Computer and Security Science. He has 20 years experience in the IT industry and consults to industry on network security and digital forensics issues. He is the Congress Chair for the annual secau Security Congress. Craig is also the Editor of Journal of Network Forensics and Co-Editor of the Journal of Information Wafare. He has over 60 publications to his name on security related topics.