Thursday, 20 March 2008

Security World 2008 - Afternoon Day 2

The final afternoon was taken up by a extended panel discussion - Strengthening Security Awareness and Deployment

The Chairman (Director of Vietnamese government department for IT) introduced the discussion by talking about protecting the financial and government systems and the challenges of ICT security to a rapidly growing infrastructure - one that until recently was isolated from the Internet.
The discussion started about the implementation of the law (in Vietnam) to be able to prosecute cybercrime, which is an ongoing process. This moved on to the implementation of international standards (ISO certification) for ICT systems and data security:
  • ISO27001 - a specification for an Information Security Management System and the controls that apply to different organisations.
  • ISO27002 - guidelines to setting security controls.
The discussion then focused on human resources in the ICT industry and education, where training is happening mainly overseas and talented people are snapped up by foreign companies.
Thomas Parenty talked about trust frameworks and the basic three steps:
  1. focus on business activity (what are the objectives)
  2. trust objectives (what must be true to complete these activities)
  3. create trust evidence (to make sure objectives are met)
There was talk about the need for a link between business needs and security implementation.
The discussion shifted to talk about The Common Criteria (CC)and how to implement this (the CC is a framework to specify security and testing) and FIPS (Federal Information Processing Standards).
A question was raised on how to convince the general public in the Asia-pacific region to use legitimate software so that they can get security updates. It was acknowledged that unlicensed software did provide vulnerabilities to viruses, spyware and hackers. Craig Johnson from ESET (NOD32) talked about the need to have a sliding scale of pricing for different countries and the importance to educate the market.
Directory of BKIS, Nguyen Tu Quang said the Vietnamese people are very dynamic and are great fighters and local security software can compete with overseas products. He mentioned how his company uses a local honeypot (target system to attract viruses) so that his local anti-virus is country specific.

The closing remarks were then given by Le Thanh Tam, the managing director of IDG Vietnam (the conference organisers) and gave a brief summary of the 23 presentations over the two days and thanked the contributors, sponsors and attendees.

by tobyonline
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)