conference

Clipped directly from the press communication:

As promised, here is a report from the Security 2009 Conference that took place in Oslo in October.

The conference had focus on security issues related to the current economic situation, and how to deal with these issues. IMHO, the conference fell a bit too heavy on product vendors jerking off from the stage, although most of them did quite well at controlling their need to mission their own solutions to be the right one for all. As we all know, there is no "one-size-fits-all" when it comes to security. It all depends on the risk profile of the organization, and their security strategy to uphold their profile. I'll hold my horses for now, this post is a report, not a rant...

The day started out with mingling, breakfast and saying hello to the usual crowd that shows up at these things. And some new of course. As you may remember, I was still very much recovering from my car crash, and being the chair was a true challenge to me. I did not have that much wit about me this day, which probably only served to show me off more serious, and more cocky than my usual self.

Security_2009

Except from the producers jerking off from stage, there were two sessions I liked much. The first one being Per Thorsheim (http://twitter.com/thorsheim) talking about passwords. His been studying the subject for almost a decade, and he has some interesting points. Expect an interview with him. At some point!

The second interesting session was Behavioral biometrics, by Dr. Patrick Bourse. His research is very interesting indeed, showing that using the type pattern of an individual, it is very easy and quick to determine if the one typing is the right person. So for identification purposes, his research is truly promising.

Security_2009

I'd like to thank Renate Thorseid from the Data Protectorate for her insights on privacy issues, and I am certain there where participants who learned something new. In addition, Matias Cuba, from Fortinet, deserves a special notice for giving clear and valuable information without speaking of his products (neither did he talk negatively about any competitors). I used to work with Matias some years ago, and he is growing more professional by the day! Thumbs up, Matias!

Security_2009

In addition to the speeches, there was a round table session where the participants shared their experience and questions.

All over, the Security 2009 event went pretty well IMO. I used the opportunity to talk about how the top level management and their actions are critical in any crisis.

Thanks for this opportunity to meet and network!

The former head of security at Bank of England, Joe Peachey, will give the keynote address at the Scandinavian ISACA Conference from 22-23 April at Hotel Hvide Hus, Aalborg, Denmark. Peachey’s keynote will discuss how important information can be to a company and will point out potential risks. He will also discuss using controls and access rights to mitigate threats and the benefits of implementing such procedures.

ISACA, a nonprofit association, serves more than 86,000 IT governance professionals worldwide.The Scandinavian ISACA conference is the first collaboration of the ISACA chapters in Sweden, Denmark and Norway to bring together experts to discuss how to resolve key issues around IT governance, assurance and security, as well as the benefits of using Control Objectives for Information and related Technology (COBIT) and Val IT, two internationally tested and globally adopted frameworks that addressstrategic alignment, value delivery, resource management and performance measurement.

The opening keynote will be given by Steen Thomsen, professor, Centre of Corporate Governance at CBS (Copenhagen Business School). Thomsen will examine IT governance from the corporate board perspective and how to empower the board with the benefits of IT governance.

On the second day, there will be a panel discussion on the Swedish FRA (Försvarets radioanstalt) legislation. According to the legislation, Sweden will conduct surveillance of all Internet and telecom traffic crossing the Swedish border. The panel will discuss how this legislation will impact companies, citizens, politicians and the press, and if stakeholders should refrain from exchanging sensitive information using these channels. Panellists include Henning Mortensen, senior advisor, DI ITEK (The Confederation of Danish Industries), Mark Klamberg, Dr. Jur., University of Stockholmand Gisle Hannemyr, professor associate, University of Oslo.

The conference is held over two days and will feature more than 30 sessions divided into three streams covering IT governance, assurance and security:

IT Governance

This stream consists of session topics such as the value of IT and using Val IT, how IT can create business value while reducing risks, the challenges and success around IT governance, NorSox, and a case study on E.ON’s risk management strategy.

Speakers in this session include Jan T. Bjornsen from Ageto, Ola Holm from PricewaterhouseCoopers and Rita Lenander from E.ON

IT Assurance

Topics in this stream look at auditing using international standards, Sarbanes-Oxley, requirements and challenges faced during the auditing of Norwegian Central Banks Interbank system, and a practical guide for using COBIT.

Speakers include Aina Karlsen Roed from Ernst & Young, Ulrika Granfors Wellemets from Volvo and Hilde Nordid from Norges Bank.

IT Security

Sessions in this stream will look at the Norwegian data inspectorate’s national and international work, secure multiparty computation, biocryptics, and the implementation of PCI DSS (Payment Card Industry Data Security Standard).

Speakers include Georg Apenes from Datatilsynet; Lars Neupart from Neupart; Jonas Jansson, vice president of the ISACA Sweden Chapter; and Robert Roussey, former international president of ISACA.

The registration fee for the conference is kr 4,995 for ISACA members and kr 6,495 for non-members. Attendees can earn up to 15 continuing professional education hours.