The 1st ACM Workshop on Information Security Governance

The 1st ACM Workshop on
Information Security Governance

November 13, 2009
Hyatt Regency Chicago, Chicago, USA

Held in conjunction with the
16th ACM Conference on Computer and Communications Security (ACM CCS 2009)

Program

Location

Room "Wrigley", Bronze Level of West Tower

9:00 - 9:05 Welcome and Opening Remarks: Michiharu Kudo (IBM Research Tokyo, Japan)

9:05 - 10:00 Session 1: Keynote Talk (Chair: Michiharu Kudo): Information Security Governance Framework and Related Works in Japan
Eijiroh Ohki (Kogakuin University, Japan); Information Secuirty Governance Framework (Short Paper)
Eijiroh Ohki (Kogakuin University, Japan), Yonosuke Harada (InfoCom Research, Inc., Japan), Shuji Kawaguchi (Mitsubishi Research Institute, Inc., Japan), Tetsuo Shiozaki (Fujitsu Limited, Japan) and Tetsuyuki Kagaya (Hitotsubashi University, Japan)
10:00 - 10:30 Break
10:30 - 12:15 Session 2: Compliance and Governance (Chair: Pau-chen Cheng): A method of calculating the cost of reducing the risk exposure of non-compliant process instances
Yurdaer Doganata and Francisco Curbera (IBM TJ Watson Research Center, USA); Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes
Rudolf Schreiner (ObjectSecurity Ltd., UK) and Ulrich Lang (ObjectSecurity, USA); Strengthening Employee's Responsibility to Enhance Governance of IT - COBIT RACI Chart Case Study
Christophe Feltus (Public Research Centre Henri Tudor, Luxembourg), Michael Petit (FUNDP, University of Namur, Belgium) and Eric Dubois (CRP Henri Tudor, Luxembourg); GoCoMM: A Governance and Compliance Maturity Model (Short Paper)
Gabriela Gheorghe (Universita degli Studi di Trento, Italy), Fabio Massacci (The University of Trento, Italy), Stephan Neuhaus (Universita degli Studi di Trento, Italy) and Alexander Pretschner (TU Kaiserslautern and Fraunhofer IESE, Germany)

12:15 - 13:45 Lunch
13:45 - 15:00 Session 3: Security Risk, Policy and Privacy (Chair: Eijiroh Ohki): Dynamic Security Policy Learning
Yow Tzu Lim (University of York, UK), Pau-chen Cheng, Pankaj Rohatgi (IBM TJ Watson Research, USA) and John A. Clark (University of York, UK); A XACML-based privacy-centered access control system
Claudio Agostino Ardagna (Universita' degli Studi di Milano, Italy), Sabrina De Capitani di Vimercati (DTI - Universita' degli Studi di Milano, Italy), Stefano Paraboschi (Universita di Bergamo, Italy), Eros Pedrini and Pierangela Samarati (Universita` degli Studi di Milano, Italy); Security Risk Management using Internal Controls (Short Paper)
Simon Foley (University College Cork, Ireland)
15:00 - 15:30 Break
15:30 - 16:45 Session 4: Panel (Moderator: Fabio Massacci): "How to Make Decisions for Security Governance?"; Panelist
Yurdaer Doganata (IBM TJ Watson Research Center, USA)
Eijiroh Ohki (Kogakuin University, Japan)
Ketil Stolen (SINTEF, University of Oslo, Norway)