11.00 - 11.45
ACEML: Cost-Effective Automated Compliance
Regulatory compliance affects most all area of governments and business: financial, health insurance, and defense systems. Although these compliance standards are industry specific, and address controls and regulations unique to those industries, most all have elements or requirements around IT security. The key component needed to reduce the cost of IT compliance is automation. The Automated Compliance Expert Working Group has developed a standard called ACEML which provides a standard method of representing any Regulatory Compliance IT requirements. This session will review the ACE working group progress and its involvement with Compliance Organizations, Industry and IT Analysts.
Shawn Mullen, IBM, US
Shawn Mullen is the AIX Security Architect and an IBM Master Inventor with over 60 US patents.
|
11.45 - 12.30
Improving Effective Management of Information Security
The Open Group's Security Forum has 2 focus areas: Security Architectures, and Security Management. In this presentation, Ian will outline the Security Management projects aimed at contributing towards improving effective management of information security. These include the Information Security Metrics/Management Model (ISM3), Automated Compliance Expert (ACE), Risk Management Taxonomy and Cookbook, Distributed Audit Services (XDAS), an Ecosystem for Security, Trust Management, and Identity & Access Management in Cloud Computing.
Ian Dobson, Director - Security Programs, The Open Group
In 2001, Ian became Director of The Open Group's Security Programs – currently comprising the Security Forum and from its formation in January 2004 the Jericho Forum. In this role he coordinates the activities of the members of these information security-related forums, working closely with CISO and other CxO-level technologists, IT architects, and business decision-makers, on information security issues. Members represent both the vendor (supply) and the customer (buy) sides of industry, as well as Government and Academia. This role includes outreach and liaisons with other industry groups, and with de jure and de facto standards groups, to promote development of open-systems interoperable standards-based solutions and best practices to information security challenges.
Ian joined X/Open in 1991. Prior to this, his early career included 3 years as a design engineer on electronic instrumentation, then technical writing and support/training services at STC (communications), Mergenthaler-Linotype (phototypesetters and color scanners), Logica (word processors and consultancy), Norsk Data (Sintran and UNIX), and Parceline (distribution tracking).
|