Home · About · A-Z Index · Search · Contacts · Press · Register · Login

Monday 22nd October - Active Loss Prevention Plena


Monday 22nd October - Active Loss Prevention Plenary
Page 2 of 2
First Previous    [1]  [2]    Next Last
22-Oct-2001 14:55 - Amsterdam - Robert Carolina - Robert Carolina started with an overview of his talk:

Signature & verification process 
Why does legislation exist? 
Cross-border recognition issues
PA221972 .JPG
22-Oct-2001 14:56 - Amsterdam - Robert Carolina - He moved on by taking a close look at the registration process, signature and transmission, and reliance. He considered what would happen if the certification authority (CA) misidentified the signatory and therefore if the CA could limit their liability by contract. He said that the reason legislation was needed was to cope with problems such as electronic signature, electronic writing, introduction as evidence and liability apportionment. Here he focused on the CA liability

Next he took the subject of cross-border certification and all the relevant problems that arise. This flowed naturally into the area of cross-border signature and the associated problems of recognition. The third item he then addressed was cross-border liability and recognition of liability limits
PA221973 .JPG
22-Oct-2001 14:56 - Amsterdam - Robert Carolina - He threw out a two-point challenge:

Cross-border certification is legally confusing 
Can the standards process help to establish a cross-border framework? 
Robert questioned whether executives truly understood the business they are making decisions about feeling that they did not particularly in the area of technology. He also said that a significant cultural change was needed between suppliers and customers with suppliers taking more liability.
PA221974 .JPG
22-Oct-2001 14:56 - Amsterdam - Robert Carolina - He made the point that the standards process itself could serve as a powerful motivator and driver; he drew on the meat packing business as an analogy.

Robert concluded that the forum had a fantastic opportunity to shape the future with good IT standards
PA221975 .JPG
22-Oct-2001 14:57 - Amsterdam - Robert Carolina
PA221976 .JPG
22-Oct-2001 15:25 - Amsterdam - Q&A: Robert Carolina & Matthew Yeo
PA221977 .JPG
22-Oct-2001 15:26 - Amsterdam - Q&A: Robert Carolina & Matthew Yeo
PA221978 .JPG
22-Oct-2001 15:26 - Amsterdam - Q&A: Robert Carolina & Matthew Yeo
PA221979 .JPG
22-Oct-2001 16:05 - Amsterdam - Lisa Hansford-Smith - Lisa Hansford-Smith began by outlining the areas she was going to address:

Client Environment and Concerns 
Is e-risk just hype and what are the risks? 
A Risk Management Methodology 
Cyber solutions 
She continued with challenges organizations with new uncertainties such as:

Volatility of Internet ventures 
Minimal barriers to entry and new virtual competitors - 
New customer habits, expectations, and needs 
Reputation harm from Internet banking/securities scams 
Obsolescence by new technologies 
Legal uncertainties 
Global governmental regulation and taxes 
She went on to describe a typical website development with an elegant-looking slide displaying potential gain versus level of complexity.

She asked whether or not eRisk was just a matter of hype? She stated that an enormous amount of companies had had some form of cyber crime. Most companies do not understand what is, or can be, going on; technology is another thing and “not my problem”.

She continued with examples of some of the new economy risks, which she split into 3 areas:

Liabilty 
Crime 
Business continuity 
These examples included:

Confidential bank details could be viewed on two UK web sites 
ISP liability for content on web sites 
Breach of advertising laws in France and Germany 
Computer system hacked into to steal credit card numbers to extort company 
Materials on a web site breaches trademark and copyright laws 
Denial of Service takes a web site off line that produces 50% of sales turnover for a company
PA221980 .JPG
22-Oct-2001 16:05 - Amsterdam - Lisa Hansford-Smith - Almost half the crimes committed come from inside.

She went on to describe underwriting and client issues and showed four essential points in a risk management action plan:

Identify your activities putting you at risk. 
Look at perils affecting your reputation and profitability. 
How the existing insurance program address these activities and perils and how the BCP plan will respond 
Develop an action plan involving IT/IS, Legal, Marketing, and Audit functions. 
Next she went on to talk about four basic points required in an insurance action plan:

Examination of the cyber risk and risk management 
Insurance wording gap analysis 
Extension of current wordings 
Placement of specific cyber policies 
She talked about significant issues in this insurance risk arena and how typical insurance addressed these risks. She talked about risk options and then presented 7 cyber risk policies:

Net Secure (First and Third party) 
AIG (First and Third party) 
Hiscox (First and Third party) 
Lloyds (First and Third party) 
Zurich 
Chubb 
Swiss Re (First Party)
PA221982 .JPG
22-Oct-2001 16:06 - Amsterdam - Lisa Hansford-Smith - Lisa presented some insights into security audits within the cyber area by discussing the following four points:

Focus on Security is good risk management 
Many middle market companies are not paying enough attention to security - i.e. it can not happen to me 
Insurers will not provide cyber coverage to a company that has not put in place good security risk management 
Insurers are looking for security policies, ethical hacking or regular scanning 
She touched on limits and premiums and concluded with:

E-Business environment is very dynamic 
Companies must take control over their risk management process 
There are solutions out there
PA221985 .JPG
22-Oct-2001 16:46 - Amsterdam - Martin Kendrick - Martin Kendrick began by presenting the various memberships his company had. He then went over what Brand did and delivered with the help of a video that Martin wanted to frighten people with. He continued with an overview of things such as denial of service attacks, wireless LANs, GPRs, content, privacy and MMF. He made the point that it is possible to crash to the point of requiring a power cycle any of the routers of the leading manufacturer in less than 1 minute.
PA221987 .JPG
22-Oct-2001 16:47 - Amsterdam - Martin Kendrick - Code Red Virus - your servers “maybe” protected but what about the bandwidth the numerous attacks eat up. He talked in detail about wireless LANs making some very interesting points:

less than 20% of WLAN users deploy ANY encryption - 50% of networks in US next year will have some WLAN 
there is a leading quote: 
“if anybody is broadcasting sensitive info over RF in ANY format, they're pretty much asking for it. The most important layer of security is physical, after all” 
AT&T took about 2 weeks to setup a test and then 2 hours to crack WEP encryption, we can now do it in 4 min 6 sec. 
Need to treat everything as “remote” 
Role of the VPN 
IPSec/MD5 possibly not fast enough
PA221989 .JPG
22-Oct-2001 16:47 - Amsterdam - Martin Kendrick - Martin next talked in detail about GPRS security and authentication painting it with several colorful examples. He also stated that many VPNs do not handle address translation. He moved onto content management and delivery giving examples of all sorts of problems that could develop. He addressed WAP/ SMS / Internet issues. In providing access and security the business must be able to validate the identity of the customer in order to secure their information and give them controlled access to it.

Martin went through a very good slide dealing with privacy and security in SIM cards. He felt that the privacy challenge was one of providing a privacy framework that enhances relationships and which meets the demands of current and future legislation that rapidly becomes a business challenge

Martin concluded by the need for finding a common solution for a divergent world with a revealing talk about the impossibility of absolutely guaranteeing software performance
PA221990 .JPG
First Previous    [1]  [2]    Next Last
Page 2 of 2

 


Home · Contacts · Legal · Copyright · Members · News
© The Open Group 1995-2012  Updated on Wednesday, 27 March 2002