Mark Pollitt served over thirty years in the U. S. government, over ten years as a military officer in the Marine Corps and Coast Guard and then another twenty as a Special Agent of the Federal Bureau of Investigation. In addition to conducting criminal and national security investigations for over 13 years, he supervised online investigations, was the Chief of the FBI’s computer forensic unit (CART) and was the Director of the Regional Computer Forensic Laboratory Program.

The first decade of the Twenty-first Century saw the continuation of many trends from the end of the Twentieth Century. Globalization, interconnection, massive growth in data and progressively more powerful computing. There are some emergent technologies and their adoption that, arguably, will shape our information security landscape in very different ways than the last century. Geo-location, cloud computing and social networking are already having a serious impact on traditional information security paradigms. This presentation will look at some of those shifts and explore ways in which information security practitioners might adapt to these changes.

Keynote speaker: Prof Joachim Biskup

Joachim Biskup received his Diploma degree in mathematics from Technical University of Hannover in 1972, and his Ph.D. in computer science from RWTH Aachen in 1975. He has performed research in recursion and complexity theory, information systems with an emphasis on database schema design, query optimization and mediation, and various aspects of security, in particular access control and inference control. He has joined the program committees of many international conferences, including ICDT, FoIKS, ER, ESORICS and DBSEC. He has been Professor of Computer Science since 1981, and is now at Technische Universität Dortmund, Germany.

Prof Joachim Biskup will deliver a keynote speech at the conference on the following topic:

Principles of Inference Control Applied to Controlled Query and Update Execution

Abstract

We survey the motivation, the main insight and the perspective of our approach to policy-driven inference control of server-client interactions for a logic-oriented information system. Basically, our approach aims to confine the usability of the data transmitted by the server to a client. The confinement is achieved by enforcing an invariant that, at any point in time, a client’s view on the actual information system is kept inference-proof: the information content of the data available to the client does not violate any protection requirement expressed by a declarative confidentiality policy. In this context, the information content of data and, accordingly, the inference-proofness of such data crucially depend on the client’s a priori knowledge, general reasoning capabilities and awareness of the control mechanism. We identify various parameters of the approach, outline control mechanisms to enforce the goals, and sketch the methods employed for a formal verification.

Keynote speaker: Dr Andreas Schaad

Andreas Schaad, PhD is the Research Program Manager of the SAP Research Security & Trust Group. His research interests include workflow- and application-level security as well as distributed systems security in general. He is a member of several ACM and IEEE conference committees in these subject areas. As a Certified Information Systems Security Professional (CISSP) he (co)authored over 40 international security related publications. Prior to joining SAP he worked for Ernst&Young, London as a systems auditor

Dr Andreas Schaad will deliver a keynote speech at the conference on the following topic:

Security in Large-Scale Industrial Landscapes

Abstract

Maintaining security in large-scale distributed Enterprise landscapes is a continuous process. There is no general optimum and security management must be regarded as the discipline of achieving the appropriate degree of security with respect to a given organizational and regulatory context. In this talk we will discuss and try to position available organizational context and how it could be used for security decisions throughout the system and software lifecycle.