Friday, February 28, 2003
7:45 AM - 5:00PM

SPONSORED by:
George W. Daverio School of Accountancy
The Ohio Society of Certified Public Accountants
Information Systems Audit & Control Association-North East Ohio Chapter
Institute of Management Accountants-Akron Chapter
Institute of Internal Auditors-Akron Chapter
Course Technology

____________________________________

Sessions

Cyber-Crime & Critical Infrastructure Protection: Defending Your Castle
Stan Paulson

As we move forward in an increasingly complex and networked world, the delicate connections that support our fundamental lifestyle are increasingly vulnerable to attack from multiple hostile sources. We will discuss the threats being faced in the cyber arena, how those threats may ripple out into the physical world in the future, and what approaches are being taken to address these threats under a re-definition of the term "National Security". Ultimately, we will show how business, government, and academia can work together to build defensive systems against a hostile world.

Protecting Your Information Assets: The Value of a Balanced Approach
John Yates and Joe Martin

Traditionally, organizations have focused almost exclusively on the prevention of attacks against their valuable information assets. Through the deployment of specific hardware and software security products, these organizations have built a moat around the castle. However, an information security program designed entirely around the prevention objective lacks balance, and it is not the most fiscally sound approach. In this presentation, we will discuss the threats that organizations face in today's hostile world and the necessary components of a comprehensive information business continuity and security program. This balanced approach will allow organizations to be more cost-effective in the protection of their information assets.

XML-Oriented Security Issues in an Integrated Business Environment
Eric Cohen

In 1995, the Internet took hold as a powerful tool for integrating machines with people around the world, as America Online, Prodigy and Compuserve first made HTML (HyperText Markup Language) come alive with graphical web browsers. Three years later, the focus on machine-to-machine integration got its shot in the arm with XML (Extensible Markup Language) and Web Services. The organizations behind these de facto and de jure standards are bringing together the stakeholder communities to develop standards like XML Signature, XML Encryption, XKMS, WS Security and other tools to improve on today's security while helping users cope with the increased risks of tomorrow. In this session, you will hear about the changing business information exchange environment, the challenges users are facing, and the concerns and solutions that are added when XML and Web Services are thrown in the mix. In this session, you will learn about:

• XML and Web Services, and how they fit in the integrated business environment
• The perceived challenges that XML and Web Services bring
• Pre-existing conditions that more usable, machine-exchangeable formats merely highlight
• Existing and emerging tools, like XML Signature, XML Encryption, XKMS, WS Security and how they can be used
  

The Human Firewall-Leveraging Your People to Safeguard Information Resources
Michael E. Whitman

Information Security is at its heart, a people problem. While this statement may upset those hard-core technologists who believe the answer to all problems lies in technology, behind almost every single security incident, whether intentional or accidental, is a person. It could be the overworked programmer, who fails to catch a glitch in the software logic, or the unwitting employee who gives out vital system information, or the hacker who tries to exploit your system, because he can. Until we realize that security is a people problem, and address it at its root, we can never be truly secure. That having been said, the answer to this problem lies in part in technology, but more so in the management of people and of systems with people in mind. The subject of this presentation is the examination of the human side of information security, epitomized by the human firewall project. This is a movement to redirect the attention of the security public to the core problem of human involvement in systems development, implementation, and use. The presentation will examine policy, planning, and projects aimed at decreasing the levels of threat and of risk associated with the people that are associated with security. It will also provide information on how an organization can build a "human firewall" consisting of educated and aware individuals tasked with the protection of information resources

____________________________________

Speakers

Eric Cohen
Eric E. Cohen is the Chair of the XBRL US Steering Committee and PricewaterhouseCoopers' technical lead for XBRL. He helps with XBRL's internal training and leads the project to represent back-end accounting and general ledger information with the XBRL GL, the Journal Taxonomy. Eric is also helping with XBRL's accounting supply chain's considerations of future audit and assurance issues, as well as XML digital signatures, encryption and other security and privacy efforts. Eric is one of the listed contributors to the W3C's XML Encryption work.

Joseph F. Martin
Joe Martin is responsible for assisting large organizations in protecting their critical information assets and responding to computer security threats and intrusions. He joined IBM in 1982 and has spent the past 21 years consulting with IBM's customers on the selection and implementation of complex systems, disaster recovery planning, and information security.

Stan Paulson
Special Agent Paulson is with the Cleveland Field Office of the Federal Bureau of Investigation and is assigned to the Computer Crime Squad. SA Paulson has been with the FBI for five years, first as an Intelligence Analyst and then as a Special Agent. Prior to the FBI, he was a systems analyst for a fortune 500 medical firm.

Michael E. Whitman
Michael E. Whitman, Ph.D. CISSP, is an Associate Professor of Information Systems at Kennesaw State University, Kennesaw, Georgia, where he is also the Director of the Center for Information Security Education and Awareness and the Director of the Master of Science in Information Systems program. Dr. Whitman is an active researcher in Information Security, Fair and Responsible Use Policies, Ethical Computing and Information Systems Research Methods. He currently teaches graduate and undergraduate courses in Information Security, Local Area Networks, and Data Communications.

John Yates
As an IBM Certified Professional (Systems Integration/Application Development) consultant with the IBM Business Continuity and Recovery Services consulting group, Mr. Yates specializes in applying business continuity and recovery methodologies for complex platforms across multiple industries with a focus on manufacturing and Enterprise Resource Planning (ERP) systems.