ITU Workshop on “ICT Security Standardization
for Developing Countries”
(Geneva, Switzerland, 15-16 September 2014)
Regional Asia Information Security
Exchange (RAISE) Forum
Koji Nakao,
Information Security Fellow, KDDI
Corporation (ko-nakao@kddi.com)
& Co-chair of RAISE
Geneva, Switzerland, 15-16 September 2014
Background
Regional economies are mainly adopters of
International Security Standards, except for
Australia, Japan, and South Korea
Main challenges
Localizations requirements
Lack of or limited security standards
expertise
Lack of or limited recognition and
understanding of problems where
standards could help resolve or mitigate
Government focus, industry participation
and contribution
Geneva, Switzerland, 15-16 September 2014
2
Objectives of RAISE Forum-1
Provide a platform for sharing of knowledge,
exchange of ideas, and dialogues on standards
related issues, challenges, and directions, in
particular, relating to the adoption, deployment,
and implementation of information and
communications technology (ICT) related standards
in the region;
Ensure that the security-related standardization
activities in Asia adequately reflect the
requirements of the market constituents at a
strategic level;
Provide a mechanism that could be used to followup on Asia policy requirements on Information
Security standards issues;
Geneva, Switzerland, 15-16 September 2014
3
Objectives of RAISE Forum-2
Provide effective co-ordination between
organizations of relevant standardization work
programs and their execution;
Ensure Asia requirements for standards and
standards work in this area are correctly interfaced
with international standards activity, and standards
activity in other regions, to avoid conflict or
duplication of effort;
Act as a strategic communications interface
between relevant standards authorities and
agencies on international standardization related
topics.
Geneva, Switzerland, 15-16 September 2014
4
RAISE Forum
Co-chairs:
Koji Nakao (Japan) and Meng-Chow
Kang (Singapore)
Inaugural meeting held Nov 19,
2004 in Tokyo
14th meeting held in Bangkok on
Aug 1-2, 2014 (see the program)
MoU with (ISC)2 in 2012 to promote
information security competency and
awareness in Asia region
Active members include China
(including Hong Kong), Chinese
Taipei, Japan, Malaysia, Thailand,
Singapore, South Korea, Convener of
WG 1 from SC 27 and vice-chairmen
of ITU-T SG17.
Geneva, Switzerland, 15-16 September 2014
5
Current Focus
Improving information sharing and
communications
Extending help and outreach to emerging
economies
Closing the gaps in existing international
standards arena
New standards
Guidance on use/implementation
Preparing the region for emerging/new
development (upcoming standards)
Geneva, Switzerland, 15-16 September 2014
6
Projects
Application Security (resulted in NP in SC27,
ISO/IEC 27034 in progress)
ICT Readiness for BC (resulted in NP in SC27,
published ISO/IEC 27031)
Korea ISMS Implementation Guide (published)
Security Standards Toolkit (published)
Security assessment guides for Network and
Systems Security Administrators (published)
Business Continuity and Disaster Recovery
Services Standards Deployment (published)
Latest output are basically focusing on SC27
works. ITU-T activities are required to consider.
Geneva, Switzerland, 15-16 September 2014
7
RAISE forum 2014 – the first day
Date/Time
Description
0900 to 0930 hrs
Registration
0930 to 0940 hrs
Introduction and welcome notes
0940 to 1000 hrs
Opening address
1000 to 1050 hrs
International Updates on ISO/IEC JTC 1/SC 27 and ITU-T/SG 17 Activities
(including Cloud Security and Audit related activities updates)
1105 to 1200 hrs
International Updates on ITU-T/SG 17 Activities (including Cloud Security and
Audit related activities updates)
1330 to 1630 hrs
Members’ Updates on Information Security Status in respective economy
Korea’s updates
Japan’s updates
Chinese Taipei’s updates
Malaysia’s updates
1515 to 1630 hrs
P.R. China ’s updates
Singapore’s updates
(ISC)2 ’s updates
1630 to 1645 hrs
RAISE Forum ToR and Roadmap
1645 to 1700 hrs
Wrap-up of Day One/Administrative for Day Two
Copyright
8 (c)
2004-2014,
RAISE forum 2014 – the second day
Date/Time
0900 to 0910 hrs
0910 to 0945 hrs
0945 to 1020 hrs
Description
Day Two Introduction (Agenda Review)
Tracing Botnet – Mr Chang KC, ICST
Cyber-Security Collaboration -Introduction of PRACTICE project in Japan
1035 to 1110 hrs
Research Collaboration -Latest activities of NICT
(NICTER/DAEDALUS/NIRVANA/NIRVANA改)
1110 to 1145 hrs
1145 to 1230 hrs
KR security capability maturity model – Prof Youm
Bitcoin and Digital/Virtual//Mobile Currencies: Both Sides of the Coin – Prof
Pauline Reich
Discussion Session 1 – ISO/IEC 27001 family of standards - update on current
developments, certification and applications
- Supporting Guidance
- Sector specific applications (telecoms security, IT service management and
security, Cloud security and privacy, and utility sector security
- certification of ISMS, certification of information security professionals
1400 to 1500 hrs
1515 to 1645 hrs
1645 to 1715 hrs
1715 to 1730 hrs
Discussion Session 2 – ISMS certification for SaaS – Antony Ma
Discussion Session 3 – Developing Interdisciplinary Training and Curriculum for
Cybercrime and Cybersecurity Professionals; What Is and Is Not Happening
Discussion Session 4 – Update of 29051 (CoP for PII protection))
Wrap-up and Roundtable on Day Two topics
Next Meeting Administrative/Closing Remarks
Copyright
9 (c)
2004-2014,
Q&A/Discussion
Web site: http://raiseforum.org/
Twitter: @raiseforum
Copyright
10 (c)
2004-2014,