Privacy & Information Security Congress 2010
November 15 - 16th, 2010
The Westin
Ottawa, ON, Canada
Notional Agenda
* = invited
|
Monday, November 15th, 2010
|
|
7:45 - 8:50
|
Registration
|
8:50 - 9:00
|
Call to Conference
MC: Richard Purcell, CEO/Corporate Privacy Group, Executive Director/The Privacy Projects, and Chairman/DHS Data Privacy and Integrity Advisory Committee
|
9:00 - 9:20
|
Welcome Presentation/Opening Remarks
Jennifer Stoddart, Privacy Commissioner of Canada 
|
9:25 - 9:55
|
Session 1 - Concurrent Keynote Speakers
Larry Tremblay, Director General of National Security Criminal Operations, RCMP
Overcoming the law enforcement challenges to fighting cyber crime
Dr. Michael Geist, Canada Research Chair of Internet and E-commerce Law, University of Ottawa
The Privacy Challenge: The Continual Evolution of Canadian Privacy Regulation
|
9:55 - 10:15
|
Morning Break
|
10:15 - 11:30
|
Session 2 - Concurrent Panel Sessions
Panel A: Cyber Security - Cyber Warfare
Moderator: Winn Schwartau, President, Interpact, Inc. Author of Information Warfare, Cyber Shock, Time Based Security and Internet & Computer Ethics for Kids
Cyberwar and cyberterrorism, once derided as mythical fantasies are more real than ever before. Class I Information Warfare attacks privacy, no matter who the bad actor is. We see NGOs and nation-states engaged in aggressive offensive cyber campaigns against the individual, the organization and critical infrastructures.
Recall that during the Balkan Conflict, the personal details of U.S. airmen were aired on international television to intimidate coalition forces. Spear phishing targets prominent individuals to gain security credential and personal information. This exciting session will look at Class I Infowar, how the bad actors are waging it, and what policy makers, regulators and privacy advocates need to know about mitigating this global threat.
Speakers:
- Salim Douba, Chief Technology Officer, Cygnos I.T. Security
- Charles Palmer, Ph.D, Director, IBM Institute for Advanced Security
- Dean Turner, Director, Global Intelligence Network, Symantec Security Response
Panel B: Electronic Medical Records
Medical science is moving rapidly into the digital realm, advancing towards a new world of personalized medicine and healthcare. Our genetic makeup, risk profile, and treatment summary may soon be available not only to us, but also to others inside and outside the health care sector. Technology companies providing health sensor and monitoring equipment will collect, transmit and store data about our bodily functions, health states, drug intake and other intimate information.
How we address these issues today, at the early stages of the digital revolution in health and medicine, will affect how this information will be used, who will see it, and how we control it. Join our conversation about how we manage identity, service provisioning and information controls in the brave new world of personalized medicine.
Moderator: Richard Purcell, CEO/Corporate Privacy Group, Executive Director/The Privacy Projects, and Chairman/DHS Data Privacy and Integrity Advisory Committee
Speakers:
- Joan Roch, Chief Privacy Strategist, Canada Health Infoway
- Khaled El Emam, Associate Professor, Canada Research Chair in Electronic Health Information, University of Ottawa
- Pamela Snively, Managing Director of AccessPrivacyHB
|
11:30 - 12:00
|
Business Breakout Sessions
- Terry Harper - National Data Loss Prevention Specialist- Canada, Symantec
"For Your Eyes Only: Protecting Private information with Data Loss Prevention"
Today's IT Security teams face many threats. Traditionally they have been focused on keeping the bad stuff out but more and more they are faced with keeping the good stuff in. Whether it is threats from malicious insiders or honest mistakes being made by well meaning employees Organizations are more focused than ever on protecting their sensitive information. Join Terry Harper and learn how Symantec is leading the world in Protecting Private information with Data Loss Prevention
- Drew Friedrich, IBM Corp., North American, Indentity Insight Sales Leader
Identity Insight Anonymous Resolution
Identity Insight Anonymous Resolution - Information Sharing without Information Exposure IBM Anonymous Resolution software enables multiple organizations to share and compare proprietary information assets in a de-identified format that allows the original data holders to maintain control over the flow of what information is revealed and what information is concealed.
The ability to compare and correlate multiparty information anonymously, sharing only the information that is pertinent to a specific objective, holds with it the potential to vastly accelerate and shift the entire knowledge discovery process. Responsibly deployed, this anonymization technology makes possible new levels and applications of information sharing while helping address privacy and security issues.
|
12:00 - 1:00
|
Luncheon
|
1:00 - 1:45
|
Session 3 - Keynote Speaker
Corinne Charette, CIO, Government of Canada
Federated Identity Management: It's All about Trust
Federated Identity Management is promising to be a key enabler for enhancing security, optimizing business efficiencies and improving services to Canadians. However, many governments are having difficulty realizing the benefits promised by federated identity management. It is now becoming apparent that standardized technologies and solutions are the enablers, but there still remain key limiting factors that limit wide scale adoption. These limiting factors revolve around the questions of: how do you ‘trust’ the identities from individual and businesses? How do you trust identities originating from other jurisdictions or the commercial sector? In an environment where online service delivery is becoming the primary mode of interaction between citizens and government, and how we collectively trust identities must be viewed as a key issue as governments roll out federated identity management solutions.
|
1:45 - 2:15
|
Session 4 - Business Breakouts
- Denny Prvu, Senior Principal Consultant, CA Technologies -
Data Loss Prevention - The ultimate Goal and ultimate Destination. Can you really secure your end point?
For many years, within information technology we have defined and implemented security to protect access to electronic information and the location where it is located. Content monitoring, filtering and data loss prevention techniques and technologies are now at the forefront at securing your data.
Our past experiences has allowed us to redefine our approach when looking at Data Access Security and the Policies behind it.
The regulatory environment is changing. Find out what organizations, as well as the public and private sector need to consider to best protect themselves from data leaks.
Are inspection techniques, classification just catch phrases? Is Data at rest, or Data in motion a concern for your organization? Are you vulnerable for a data loss?
|
2:15 - 2:35
|
Afternoon Break
|
2:35 - 3:50
|
Session 5 - Concurrent Sessions
Panel A: Identity Management - Authentication and Access
Identity management and access control are foundational elements of the next generation of the web. The success of major contemporary initiatives such as Electronic Service Delivery, Secure Communications, Cloud Computing, automated Human Resources services and Software As A Service are dependent upon these issues being addressed. A panel of made up of public and private sector individuals will discuss key issues, challenges and opportunities associated with these technologies.
Moderator: James Short, Director, CA Technologies
Speakers:
- Pierre Boucher, Deputy CIO, Treasury Board of Canada
- Nigel Johnson, Vice President, Business Development ZIX Corp.
- Martin Kyle, Principal Consultant, Sierra Systems
- Peter MacCauley - CISO Government of Ontario
Panel B: Biometrics
The use of biometric technologies presents an opportunity for increased security and more efficient identification. These benefits need to be developed hand in hand with well defined privacy policies. The panel today includes representatives from 3 key government agencies - CBSA, OPC and DRDC that are on the forefront of shaping how the technology is developed and implemented
Moderator: Raj Nanavati, Partner, International Biometric Group, New York
Speakers:
- Dmitry Gorodnichy, Senior Research Scientist, CBSA
- Andrew Patrick, Information Technology Research Analyst, Office of the Privacy Commissioner of Canada
- Len Goodman Ph.D, Defence Scientist, Defence Research & Development Canada
|
3:50 - 4:35
|
Session 6 - Keynote Speaker
Fran Townsend, Former U.S. Presidential Security Advisor
Business and government share the joint burden of ensuring both privacy and security. Private industry can lead the way using both technology and business process. And government needs to lead the necessary policy development internationally to support these efforts
|
4:40
|
Reception with Ms. Townsend
|
|
Tuesday, November 16th, 2010
|
|
8:45 - 8:55
|
Administrative Announcements
MC: Richard Purcell, CEO/Corporate Privacy Group, Executive Director/The Privacy Projects, and Chairman/DHS Data Privacy and Integrity Advisory Committee
|
|
8:55 - 9:15
|
Welcome Remarks
Chantal Bernier, Assistant Privacy Commissioner of Canada
|
|
9:15 - 9:55
|
Session 7 - Keynote Speaker
Neils Johnson, Principal Technologist, Symantec
Exploring the Current Threat Landscape and How Ubiquity is Turning Security on Its Head
The Threat Landscape is constantly evolving and it critical that you understand how to secure your organization. Join us to hear all about the current trends, impending threats and Ubiquity, the next generation security technology that will help organizations ensure their infrastructure and information are fully protected from today’s newest and most targeted threats.
Ubiquity is an innovative approach to security that analyzes files in context, using the age, frequency and source along with other security metrics to expose threats others miss. Based on results from over 100 million systems in over 200 countries, Ubiquity uses the context to identify rapidly changing threats. It takes malware creator’s greatest strength, their ability to generate millions of unique threats, and turns it against them!
|
|
9:55 - 10:15
|
Morning Break
|
|
10:15 - 10:50
|
Session 8 - Concurrent Keynote Speakers
- Steve Adegbite, Adobe Senior Security Strategist
Securing the way the world experiences and engages with information: Adobe's perspective
In today's world, the way people experience and engage with information is almost as important as the information itself. In order to create a safe, rich and flexible experience, you need to approach the information engagement paradigm from a different perspective. You need to apply the most stringent security mechanism, process and dedication to secure code quality while still enabling users of your software to engage freely with their ideas. This keynote will talk about Adobe's journey and perspective on the best way to do just that.
-
Lynette Owens, Director, Internet Safety for Kids and Families, Trend Micro -  -
Kids and the Internet: Exploitation, Education and Engagement
Parents, educators and legislators are increasingly concerned with Internet user safety issues facing children, starting at shockingly young ages. Cyber bullying, "sexting," age-inappropriate content, exploitation and identity theft threaten young people through pervasive online presence and social networking. Lynette Owens, director of corporate outreach for the Internet Safety for Kids and Families program at Trend Micro, will discuss the current state of Internet risks and the need for the engagement of industry representatives to aid educators and legislators as they devise awareness and education programs regarding media literacy, digital citizenship, and student safety.
|
|
10:50 - 12:05
|
Session 9 - Concurrent Panel Sessions
Panel A: Security and Privacy Implications of Cloud Computing
Is cloud computing a jurisdictional legal issue? Is it an outsourcing contractual issue? Are consumers and employees concerned? What are the organizational risks and are the issues the same for the public-sector and the private-sector? Is personal information in the cloud less secure or more secure than at an organization? This session will look at these questions and discuss security and privacy implications of cloud computing.
Moderator: Terry McQuay, Founder and President, Nymity, Inc.
Speakers:
- John Sabo, CISSP,Director, Global Government Relations, CA Technologies
- Ronda Henning, Senior Secure Systems Engineer, Harris Corporation
- Derick Cassidy, CISSP-ISSAP, Security Lead, Oracle Public Sector
Panel B: Data Breaches
Data breaches are an unfortunate reality and pose a significant risk to an organizations reputation. This panel will discuss how to avoid them, and what to do if it happens.
Moderator: Frank Work, Information and Privacy Commissioner, Alberta
Speakers:
- Suzanne Morin, Assistant General Counsel and Privacy Chief, Bell Canada
- Robert Ellis Smith, Publisher, Privacy Journal
- Miyo Yamashita, PhD., Partner, Deloitte
|
|
12:05 - 1:15
|
Luncheon Keynote Address
William Blair, Chief of Police, Toronto Police Service, President of the Canadian Association of Chiefs of Police.
The police require information for the investigation of crime and the protection of individuals and communities. There is often tension between, on the one hand the desire for more and better information that will protect individuals, the community and the state, and on the other hand the privacy rights that limit how personal information is obtained, used and shared by public sector officials. Working through these tensions, to arrive at appropriate and effective policies and approaches, can be achieved only through serious and open dialogue by stakeholders. The speaker will attempt to stimulate and shape this dialogue by posing questions that preoccupy police:
- Can we allow protection of privacy and information to compromise our personal and public safety and security?
- Does the security of information take priority over security of the public?
|
|
1:15 - 1:50
|
Concurrent Keynotes
-
Winn Schwartau, President, Interpact, Inc. Author of Information Warfare, Cyber Shock, Time Based Security and Internet & Computer Ethics for Kids.
- How are smart phones so different from conventional computers? What are the technical privacy and security challenges inherent in protecting mobile devices that are not inherently ‘securable’?
- Why is the consumerization of mobile technology so important to the Enterprise?
- App stores and mobile apps are the greatest hostile code and malware delivery mechanism every created. An estimated 20% of Android and Apple apps are already infected. The iPhone/iPad has been rooted. What is the outlook for criminal attacks to the new mobile platforms?
- Apps and smartphones as business enabling technologies.
- Extending corporate privacy and security policy to the mobile workforce.
Winn will present the most recent information available on these rapidly changing technologies and what the Enterprise needs to consider. He invites ‘tough’ and challenging questions from the audience to address your specific concerns, perceptions and possibly, misconceptions of mobile security and the Enterprise.
-
Rob K. Lamb, Vice-President, IBM Security Products,
Smarter Planet: Evolving Security Threats and Countermeasures
On the Smart Planet, where systems are evolving and changing faster than ever before, it is the organizations that are constantly looking forward that have endured and prospered. Companies need to embrace the newest technologies, like cloud computing, but they also need to understand the threats that these emerging technologies face. IBM is committed to not only the technologies that shape tomorrow, but also to the security infrastructure that can help turn that good technology into technology you can trust. In order to innovate on the Smart Planet, companies need to stay ahead of the threat.
|
|
1:55 - 2:25
|
Session 10 - Business Breakouts
-
Martin Kyle, Principal Consultant, Sierra Systems
Case Study of Identity Management Interoperability in British Columbia
While Identity Management solutions mature and industry trends develop, the success of identity federations largely depends on interoperability issues at governance, business, and technology levels.
The British Columbia electronic Identification service (BCeID) holds hundreds of thousands of registrations and provides authentication for at least a hundred separate online services within the BC Government. Sierra Systems has gained deep insight into interoperability issues from its involvement with BCeID and integrating Identity Management with portal infrastructures across North America. This session will look at interoperability as it relates to identity information, identity assurance, and identity lifecycle management.
Join Martin Kyle as he explores real life examples of how to navigate the interoperability landscape of Identity Information Management.
-
Derick Cassidy, CISSP-ISSAP, Security Lead, Oracle Public Sector
Is Your Data Protected?
Think Again! Two thirds of sensitive and regulated data in most organizations resides in databases. But did you know that unencrypted data could be read by anyone with operating system level access to your database files? That poorly coded web applications can be exploited to allow access to your databases? Do you have sensitive production data in your test environment where any developer can see it? These are just a few of the ways in which data breaches and fraud happens every year.
|
|
2:25 - 2:45
|
Afternoon Break
|
|
2:45 - 4:00
|
Session 11 - Concurrent Sessions
Panel A: Social Networking
What is it about social media on the Internet? Why are we finding it so easy to be public and so hard to be private? Studies have shown that corporations, employers, parents and others often use information we've posted "just for our friends" and make decisions based on what they see? Whose life is it anyway? Why can others use our postings in ways we don't want - or even know about? Just because it becomes public, does that mean we are allowing an information free-for-all?
Join the debate about how social media, from Facebook to Twitter to MySpace, has changed our relationships. Consider what it means to have a third party 'in the middle'. Ponder the ultimate privacy complexity - whose data is it anyway?
Moderator: Richard Purcell, CEO/Corporate Privacy Group, Executive Director/The Privacy Projects, and Chairman/DHS Data Privacy and Integrity Advisory Committee
Speakers:
- Brad (Renderman) Haines, Author, Director, Renderlab
- Edward Palmieri, Facebook Legal
- Lori Ruff, The LinkedIn Diva, Chief Learning Officer, Integrated Alliances. Author #PrivacyTweet Book01, Rock The World with your Online Presence, and Rock The World with Social Media.
- Jacob Glick, Canada Policy Counsel, Google Inc.
Panel B: Surveillance - A Society under Surveillance: Who is Watching You and Why?
- Who wants to know our personal details and what are they doing with that information?
- Is privacy merely a relic of previous centuries?
- Is there any way to return some degree of privacy to the individual?
- Can we define the level of privacy expected?
- What do we collectively do about inaccurate data on people and organizations? Current restoration is an expensive, time consuming nightmare.
This expert panelists will discuss the "frog in the frying pan" transition we’ve seen privacy experience in the last 20-30 years, comment on the current situation and provide some real-world methods to manage and control privacy.
Moderator: Winn Schwartau, President, Interpact, Inc. Author of Information Warfare, Cyber Shock, Time Based Security and Internet & Computer Ethics for Kids
Speakers:
- Karl Martin, Ph.D, Principal, KMKP Engineering
- Michael Legary, Principal, Seccuris, Inc
|
|
4:00 - 4:40
|
Closing Keynote Address
Stephen E. Flynn, Ph.D, President, Center for National Policy, Washington DC
|
|
4:40
|
Closing Remarks
MC: Richard Purcell, CEO/Corporate Privacy Group, Executive Director/The Privacy Projects, and Chairman/DHS Data Privacy and Integrity Advisory Committee
|
|
|
Follow the Conference on
Facebook