Geneva, Switzerland, 15-16 September 2014

Regional Asia Information Security Exchange (RAISE) Forum

Koji Nakao,Information Security Fellow, KDDI Corporation (ko-nakao@kddi.com)

& Co-chair of RAISE

ITU Workshop on “ICT Security Standardizationfor Developing Countries”

(Geneva, Switzerland, 15-16 September 2014)

Geneva, Switzerland, 15-16 September 2014 2

Background

Regional economies are mainly adopters of International Security Standards, except for Australia, Japan, and South KoreaMain challengesLocalizations requirementsLack of or limited security standards expertiseLack of or limited recognition and understanding of problems where standards could help resolve or mitigate Government focus, industry participation and contribution

Geneva, Switzerland, 15-16 September 2014 3

Objectives of RAISE Forum-1

Provide a platform for sharing of knowledge, exchange of ideas, and dialogues on standards related issues, challenges, and directions, in particular, relating to the adoption, deployment, and implementation of information and communications technology (ICT) related standards in the region; Ensure that the security-related standardization activities in Asia adequately reflect the requirements of the market constituents at a strategic level;Provide a mechanism that could be used to follow-up on Asia policy requirements on Information Security standards issues;

Geneva, Switzerland, 15-16 September 2014 4

Objectives of RAISE Forum-2

Provide effective co-ordination between organizations of relevant standardization work programs and their execution;Ensure Asia requirements for standards and standards work in this area are correctly interfaced with international standards activity, and standards activity in other regions, to avoid conflict or duplication of effort;Act as a strategic communications interface between relevant standards authorities and agencies on international standardization related topics.

RAISE Forum

Geneva, Switzerland, 15-16 September 2014 5

Co-chairs: Koji Nakao (Japan) and Meng-Chow Kang (Singapore)

Inaugural meeting held Nov 19, 2004 in Tokyo14th meeting held in Bangkok on Aug 1-2, 2014 (see the program)MoU with (ISC)2 in 2012 to promote information security competency and awareness in Asia regionActive members include China (including Hong Kong), Chinese Taipei, Japan, Malaysia, Thailand, Singapore, South Korea, Convener of WG 1 from SC 27 and vice-chairmen of ITU-T SG17.

Geneva, Switzerland, 15-16 September 2014 6

Current Focus

Improving information sharing and communicationsExtending help and outreach to emerging economiesClosing the gaps in existing international standards arena

New standardsGuidance on use/implementation

Preparing the region for emerging/new development (upcoming standards)

Geneva, Switzerland, 15-16 September 2014 7

Projects

Application Security (resulted in NP in SC27, ISO/IEC 27034 in progress)ICT Readiness for BC (resulted in NP in SC27, published ISO/IEC 27031)Korea ISMS Implementation Guide (published)Security Standards Toolkit (published)Security assessment guides for Network and Systems Security Administrators (published)Business Continuity and Disaster Recovery Services Standards Deployment (published)Latest output are basically focusing on SC27 works. ITU-T activities are required to consider.

Copyright (c) 2004-2014, RAISE Forum

8

Date/Time Description

0900 to 0930 hrs Registration

0930 to 0940 hrs Introduction and welcome notes

0940 to 1000 hrs Opening address

1000 to 1050 hrs International Updates on ISO/IEC JTC 1/SC 27 and ITU-T/SG 17 Activities (including Cloud Security and Audit related activities updates)

1105 to 1200 hrs International Updates on ITU-T/SG 17 Activities (including Cloud Security and Audit related activities updates)

1330 to 1630 hrs Members’ Updates on Information Security Status in respective economy

Korea’s updates

Japan’s updates

Chinese Taipei’s updates

Malaysia’s updates

1515 to 1630 hrs P.R. China ’s updates

Singapore’s updates

(ISC)2 ’s updates

1630 to 1645 hrs RAISE Forum ToR and Roadmap

1645 to 1700 hrs Wrap-up of Day One/Administrative for Day Two

RAISE forum 2014 – the first day

Copyright (c) 2004-2014, RAISE Forum

9

Date/Time Description0900 to 0910 hrs Day Two Introduction (Agenda Review)0910 to 0945 hrs Tracing Botnet – Mr Chang KC, ICST0945 to 1020 hrs Cyber-Security Collaboration --

Introduction of PRACTICE project in Japan 1035 to 1110 hrs Research Collaboration --

Latest activities of NICT(NICTER/DAEDALUS/NIRVANA/NIRVANA 改 )

1110 to 1145 hrs KR security capability maturity model – Prof Youm1145 to 1230 hrs Bitcoin and Digital/Virtual//Mobile Currencies: Both Sides of the Coin – Prof

Pauline Reich1400 to 1500 hrs Discussion Session 1 – ISO/IEC 27001 family of standards - update on current

developments, certification and applications- Supporting Guidance - Sector specific applications (telecoms security, IT service management and security, Cloud security and privacy, and utility sector security- certification of ISMS, certification of information security professionals

1515 to 1645 hrs Discussion Session 2 – ISMS certification for SaaS – Antony MaDiscussion Session 3 – Developing Interdisciplinary Training and Curriculum for Cybercrime and Cybersecurity Professionals; What Is and Is Not Happening

Discussion Session 4 – Update of 29051 (CoP for PII protection))1645 to 1715 hrs Wrap-up and Roundtable on Day Two topics1715 to 1730 hrs Next Meeting Administrative/Closing Remarks

RAISE forum 2014 – the second day

Web site: http://raiseforum.org/ Twitter: @raiseforum

Copyright (c) 2004-2014, RAISE Forum

10

Q&A/Discussion