Workshops

You are invited to join Information Security Forum (ISF) members and consultants for an Executive Briefing on Tuesday 5 May 2009, at the Forum am Deutschen Museum in Munich from 09:00 am to 12:30 pm. This briefing takes place as one of the pre-conference workshops of the European Identity Conference (EIC) 2009, and attendance is free of charge.

In addition to listening to presentations, you will have the opportunity to meet with your peers and participate in an interactive, facilitated exchange of ideas on the key issues facing information security and risk management leaders.

We will also share with you the results of ISF research performed for our 300+ global members that harnesses their knowledge and practical experiences to determine best security and risk practices and develop solutions to the problems every major organization faces.

Session One: An introduction to the Information Security Forum (ISF)

This session sets out to introduce you to the critical role ISF plays in the global information security community, and will demonstrate why ISF is widely recognized as being the leading independent authority in information risk management.

Session Two: Information risk in a downturn

As the global economic and business environment changes, the risks to an organisation will change in new and unpredictable ways. Based on the experience of ISF Member organisations across the globe, the key factors associated with a downturn that can critically affect an organisations risk profile will be explored. Practical steps that need to be taken urgently by the information risk function will be discussed and the prospect of new threats and technology challenges will be debated.

Session Three: Risk convergence

The regulatory pressures associated with risk management are expected to reach new levels over the coming years and there is an expectation that the senior (board) level management of an organisation will demand to see one overall picture of risk for the organisation. This session will explore the practicalities of risk convergence and the implications of it for information risk management. Drawing on good practice from across the world, it will propose a pragmatic approach that will enable information risk functions to realise the opportunities associated with risk convergence.

Join us for this senior-level discussion of key security and information risk management issues. Space is restricted to a first come first served basis, so please register early.

Registration to this briefing is free, but space is limited and reservations are required for attendance. Please visit this link to find out more and register.

We look forward to meeting you!

Alistair Bremner
VP Global Business Development

Information Security Forum
www.securityforum.org
www.isfstandard.com

The ISF series of Executive Briefings which take place worldwide are sponsored by Microsoft Corporation.

You are invited to join Information Security Forum (ISF) members and consultants for an Executive Briefing on Tuesday 5 May 2009, at the Forum am Deutschen Museum in Munich from 09:00 am to 12:30 pm. This briefing takes place as one of the... MORE 

In large network infrastructures, heterogeneity and diversity are the rule rather than the exception. Security infrastructures need open standards and interoperability to scale their large deployments. Some of the security standards from OASIS and other organizations support a model where identity authentication, access control, digital signature processing, encryption and key management are provided as services that can be distributed and shared.

This interactive roundtable will provide attendees the opportunity to explore the current security landscape, as well as learn about the future of security services, to include global data privacy policies.

Attendees of the roundtable will:

• Learn how to manage personal information in a technical environment and the ability of government and business systems to support multiple, sometimes overlapping, and at times imprecise privacy laws and policies
• Gain real-world insight on authorization & authentication business solutions
• Discuss and identify standards-based approaches, gaps and overlaps
• And understand the importance of an agile identity and access management foundation in achieving effective enterprise security in both the public & private organizations.

This pre-conference roundtable, organised by OASIS, can be booked for free separately from EIC 2009. Seats are limited, please visit this link to register.

In large network infrastructures, heterogeneity and diversity are the rule rather than the exception. Security infrastructures need open standards and interoperability to scale their large deployments. Some of the security standards from OASIS... MORE 

In this seminar, Martin Kuppinger will start with talking about his view on the status and the major trends in IAM and GRC. Based on that, he will focus on what reduces the risk of investments – with a focus beyond the next two or three years. There are many important trends out there which might play a vital role in future IAM and GRC environments and which might replace at least some of the components which are typically deployed today. As part of this seminar, Martin Kuppinger will give an update on the “Kuppinger Cole Trend Report IAM and GRC 2009-2019” as well as on the “Kuppinger Cole IAM & GRC Roadmap”.

In this seminar, Martin Kuppinger will start with talking about his view on the status and the major trends in IAM and GRC. Based on that, he will focus on what reduces the risk of investments – with a focus beyond the next two or three... MORE 

Scenarios presented by:

• Corisecio
• Deutsche Telekom Laboratories
• Fun Communications
• Hasso Plattner Institut
• Microsoft
• Siemens

It has increasingly become common practice for all kinds of service providers to offer users online access via usernames and passwords. To ensure the security of their private data, people now have so many usernames and passwords that sometimes they have to struggle to remember. InfoCards aim at easier management of various claim-based identities.

Information Cards-like the Web itself-are an open, neutral industry standard for safer digital identity supported by some of the largest companies in the industry, including Deutsch Telekom, Equifax, Google, Intel, Microsoft, Novell, Oracle, and Paypal. All of the individuals and organizations at the ICF are dedicated to building a better digital identity system for the Internet that enables people to easily and safely share identity information across all web sites and services.

Registration for this meeting is free. Please visit this link to register.

Scenarios presented by:

• Corisecio
• Deutsche Telekom Laboratories
• Fun Communications
• Hasso Plattner Institut
• Microsoft
• Siemens

It has increasingly become common practice for all... MORE 

Today's enterprises are under much greater pressure to provide a secure environment, and to remain up-to-date on the regulatory and governance requirements, with regards to individual privacy policy protection and management. As companies move their business-processes online, one of the top challenges they face is integrating internally managed security services, access control among trading partners, and security-as-a-service for their consumers. Everyone must manage multiple users and devices across different platforms, while ensuring the reliability and security their partners and customers require, promoting interoperability to stream-line business processes yet controlling privacy breaches.

Identity management open standards play a crucial role in many applications, including e-governments, e-commerce, business intelligence, investigation, homeland security, and many others.

Come learn about the state-of-identity through a discussion with open standard experts and industry leaders sharing ideas related to identity authentication, access control, extensible resource identifiers, peer-to-peer, social networking, information cards, encryption and key management in distributed systems.

This workshop is full of security solutions that won't disappoint, including:

• Answers on how to secure your applications;
• Insight on how to achieve security, privacy and trust in networked systems;
• A clear view of the current state of federated identity standards and implementations;
• Authorization & authentication business solutions;
• Innovative ideas for encryption and key management in distributed systems;
• As well as, advice from standard organisation representatives on where they see standards activities happening in the future.

Today's enterprises are under much greater pressure to provide a secure environment, and to remain up-to-date on the regulatory and governance requirements, with regards to individual privacy policy protection and management. As companies move... MORE 

User provisioning and identity synchronization are and will always be core components of an IDM solution. This workshop will demonstrate how to quickly enable basic use cases for provisioning and synchronization of identity data in a heterogeneous environment with the SAP Netweaver IDM 7.1 solution, including:

• Setting up an initial and continuous synchronization between a HR-System and several target applications like directories and databases
• Creating and maintaining user accounts with modular workflows and templates
• Provision rights and technical roles in target systems by defining and assigning business roles
• Implementing approval workflows

Since the goal of the workshop is to show how transparent and ready-to-go an Identity Management Solution can be, most tasks will be realized in a Hands-On - mostly "slideware-free" - way.

User provisioning and identity synchronization are and will always be core components of an IDM solution. This workshop will demonstrate how to quickly enable basic use cases for provisioning and synchronization of identity data in a... MORE 

You are doing SOA but have you thought enough about how to secure it? Learn from an early adopter of SOA technologies regarding how they have thought about securing a service-oriented architecture and the threats that could affect your enterprise. This session will cover:

• Interoperability and the business challenges of SOA security
• Considerations for adopting an SOA as part of an EA integration strategy
• Incorporation of agile methods for enterprise development
• Securing and managing service-oriented architectures
• How major decisions and changes made in software development will be approached in the future.

You are doing SOA but have you thought enough about how to secure it? Learn from an early adopter of SOA technologies regarding how they have thought about securing a service-oriented architecture and the threats that could affect your... MORE 

Entitlement management is a key technology that enables organisations to adopt services oriented architecture while ensuring the protection of exposed resources. The eXtensible Access Control Markup (XACML) language is an OASIS standard for expressing entitlements and making access decisions based on these.

The target audience for this workshop are those having identified a need for an entitlement management solution. The goal is to provide the audience with the background to evaluate the usefulness of XACML in fulfilling such a need.

In this workshop you will learn about XACML, the de-facto standard for entitlements. Both business and technical aspects will be presented, as well as a feature preview of the upcoming third version of the standard.

• What is Attribute Based Acceess Control (ABAC)?
  - The underlying concepts of ABAC and the differences to role-bases access control (RBAC).
• What are the benefits of using XACML?
  - The business perspective on the advantages of the ABAC standard XACML.

Babak Sadighi, PgD

• An introduction to XACML 2.0
  - A concise but thorough walk-thru of the technical aspects of the XACML standard version 2.0
• Upcoming: XACML 3.0
  - Looking forward at the most important feature of the next XACML standard version: Delegation  

Ludwig Seitz, PhD

Entitlement management is a key technology that enables organisations to adopt services oriented architecture while ensuring the protection of exposed resources. The eXtensible Access Control Markup (XACML) language is an OASIS standard for... MORE 

Oracle will acquire Sun. Given the significant overlap of the IAM and GRC product portfolios of both companies, that raises some questions. What to do in current product decisions and evaluations? What will be the impact for existing Sun and Oracle deployments? How will the combined roadmap look like? Martin Kuppinger will provide you with an external and independent view on this acquisition.

Oracle will acquire Sun. Given the significant overlap of the IAM and GRC product portfolios of both companies, that raises some questions. What to do in current product decisions and evaluations? What will be the impact for existing Sun and... MORE 

Today's enterprises are under much greater pressure to provide a secure environment, and to remain up-to-date on the regulatory and governance requirements, with regards to individual privacy policy protection and management. As companies move their business-processes online, one of the top challenges they face is integrating internally managed security services, access control among trading partners, and security-as-a-service for their consumers. Everyone must manage multiple users and devices across different platforms, while ensuring the reliability and security their partners and customers require, promoting interoperability to stream-line business processes yet controlling privacy breaches.

Identity management open standards play a crucial role in many applications, including e-governments, e-commerce, business intelligence, investigation, homeland security, and many others.

Come learn about the state-of-identity through a discussion with open standard experts and industry leaders sharing ideas related to identity authentication, access control, extensible resource identifiers, peer-to-peer, social networking, information cards, encryption and key management in distributed systems.

This workshop is full of security solutions that won't disappoint, including:

• Answers on how to secure your applications;
• Insight on how to achieve security, privacy and trust in networked systems;
• A clear view of the current state of federated identity standards and implementations;
• Authorization & authentication business solutions;
• Innovative ideas for encryption and key management in distributed systems;
• As well as, advice from standard organisation representatives on where they see standards activities happening in the future.

Today's enterprises are under much greater pressure to provide a secure environment, and to remain up-to-date on the regulatory and governance requirements, with regards to individual privacy policy protection and management. As companies move... MORE 

• SAP Security Overview
• What is SAP´s Roadmap?
• Integrating SAP Security into Enterprise Security Guidelines
• SAP Security Patches
• Identity Manangement and Entitlements
• Security for your internal software
• Recommendations for add-ons

• SAP Security Overview
• What is SAP´s Roadmap?
• Integrating SAP Security into Enterprise Security Guidelines
• SAP Security Patches
• Identity Manangement and Entitlements
• Security for your internal... MORE 

Identity management services are the baseline for secure cloud computing infrastructures, authenticating users and to support flexible access control to services. Such services of course should preserve the privacy of users, while at the same time enhancing interoperability across multiple domains and simplifying management of identity verification. Therefore, multi-domain identity systems have become even more critical to get right as Cloud Computing services proliferate.

In this workshop, you learn how to use traditional and and cloud approaches together and how to make the right decisions about what to hold in your "private cloud" and what to let go into the cloud.

Identity management services are the baseline for secure cloud computing infrastructures, authenticating users and to support flexible access control to services. Such services of course should preserve the privacy of users, while at the same... MORE 

bos KG: Protocols and Use-Cases for Strong Authentication based on the German ID Card

From 2010 onwards, the German ID card will include an electronic identification application, which can be used by e-goverment and e-business providers to clearly authenticate German citizens. Based on the German eCard API framework an eID server and a citizen client provide such an authentication for various business cases. This presentation briefly introduces the protocols and use-cases for an online identification based on the German ID card.

cryptovision: Company ID vs. National eID Projects - Differences and Synergies

This presentation discusses the mutual dependency between national e-ID projects and corporate ID solutions with a focus on (European) interoperability. The following issues are addressed:

• Relevant legal, formal and technical requirements and stipulations
• Solutions for company ID projects, using eID cards for private sector applications
• Using company ID products for eID projects - benefits and shortcomings
• Forecast: influence of current and upcoming eID standardization efforts on the private sector

Bundesdruckerei: The ID provider as the link between citizens and service providers

The electronic ID card is the solution to many problems encountered on the Internet, such as phishing attacks and data theft. Furthermore, it offers citizens a convenient method of authentication and supplies service providers with reliable data. The data reading process is not simple and calls for know-how which smaller service providers, in particular, are not willing to generate. A crypto service can facilitate the handling of cryptographic material and an ID provider can even perform the entire reading process and supply the service provider with authentic data. For the holder of the electronic ID card, this procedure is transparent and requires the holder's confirmation thus allowing the holder to retain control of his or her data. The usual revocation list query procedure is not possible because pseudonyms can be used in the authentication process. A revocation service and double derivation of a global revocation feature offer a secure solution that requires only a minimum of document-related data.

bos KG: Protocols and Use-Cases for Strong Authentication based on the German ID Card

From 2010 onwards, the German ID card will include an electronic identification... MORE 

Hands-On SOA and Web Security with the Geneva Framework

Learn hands-on how from Vittorio Bertocci, Microsoft Senior Architect Evangelist and co-author of "Understanding Cardspace" how to harness the "Geneva" Framework to enable your applications for the Identity Metasystem and Cardspace. This workshop will not just show the concepts, but show actual .NET code and explain what you need to do in order to hit the ground running quickly with Microsoft's "Geneva" Framework.

Hands-On SOA and Web Security with OpenSSO

Learn hands-on from the masters at Sun Microsystems how to implement SOA and application security using Sun's OpenSSO platform. Code examples will be provided for Java and .NET in different IDEs, and a simple web service will be implemented using SOA security.

Hands-On SOA and Web Security with the Geneva Framework

Learn hands-on how from Vittorio Bertocci, Microsoft Senior Architect Evangelist and co-author of "Understanding Cardspace" how to harness the "Geneva"... MORE