Japan Society of Security Management (JSSM)

Department for Foreign Contacts

< NATIONAL CONVENTION >

 

JSSM Home

About the Department

Events

National Convention

Links

Dept. Japanese Page

 

The 24th National Convention ([Program] and [Presentation Overview of the English Sessions] are provided below.)

 

[Conference at a Glance]

Date: 9:55-19:50,  June 26th, 2010 Saturday

Venue: Senshu University, Ikuta Campus, Bldg. 10/Bldg.  9 (Higashi-Mita 2-1-1, Tama-ku, Kawasaki-city, Kanagawa)

 

Conference Argument: “Risks and Security of the Network Society”

Keynote Speech: Prof. Hideki Imai (Professor in Chuo University, Professor emeritus in Tokyo University)

Special Lecture: Mr. Takejiro Sueyoshi (Special Advisor for UNEP Finance Initiative)

 

English Sessions:

In addition to 6 sessions scheduled, we had 1 ad hoc discussion on "Japan unique security systems".

More than 20 people attended each session and total number of the participants was Total participants 184.

Thank you very much.

 

[Reception after convention]

Six Speakers

 

[Program]

930 -

Reception Desk Open  (Front of Class Room 10301)

9:55 -

10:00

Message from Conference Chairman:  Prof. Tadashi Ozone

Class Room10301 on 3F in Building 10

10:00 -

10:10

JSSM Chairman’s Remarks:  Prof. Ryoichi Sasaki

(10301)

10:10 –

 

11:10

Keynote Speech: Prof. Hideki Imai

『情報環境の進展と暗号技術の今後』

(10301)

 

セッションG

自由論題

セッションE

English Session

11:20 -

11:55

G1

(10302)

G2

(10303)

G3

(10304)

G4

(10315)

E1

(10314)

11:55 -

12:50

Lunch55min.

                                                                   SHIDAX on 4F in Build. 10Cabin on 5F Build. 9)  

Board meeting

(10305)

12:50 -

13:30

General Assembly

(10301)

 

セッションA

コーポレート・ガバナンス

セッションB

先端技術

セッションC

環境マネジメント

セッションD

危機管理

セッションE

English Session

13:40 -

14:15

A1

(10302)

B1

(10303)

C1

(10304)

D1

(10315)

E2

(10314)

14:20 -

14:55

A2

(10302)

B2

(10303)

C2

(10304)

D2

(10315)

E3

(10314)

 

セッションF

ITリスク

セッションH

個人情報の保護

セッションI

IT統制

セッションJ

セキュリティ法制

セッションE

English Session

15:50 -

15:35

F1

(10302)

H1

(10303)

I1

(10304)

J1

(10315)

E4

(10314)

15:40 -

16:15

F2

(10302)

H2

(10303)

I2

(10304)

J2

(10315)

E5

(10314)

 

セッションK

関西支部

セッションG

自由論題

セッションE

English Session

16:20 -

16:55

K1

(10302)

G5

(10303)

 

 

E6

(10314)

17:00 –

 

18:00

Special lecture: Takejiro Sueyoshi

 

『温暖化がもたらす新しい国際競争』

(10301)

18:00 -

19:50

Buffet PartyCabin on 5F in Building 9

 

 

 

 

 


 

[ Presentation number, Name & profile of Presenters, Title & abstract of Presentation of the English track]

E-1

Name

Suchinthi Fernando

Company

Nagaoka University of Technology

Position

Management and Information Systems Science,

Bio

Suchinthi Fernando is currently a Master's student at Nagaoka University of Technology, majoring in Management and Information Systems Engineering.
As a software engineer, Suchinthi has experience in design, development and testing of software systems, including systems for the Land and Transport Authority of Singapore, and also has experience in teaching Information Technology-related subjects to Undergraduate Students of University of Moratuwa, Sri Lanka.
She received her B.Sc. in Information Technology from University of Moratuwa, Sri Lanka.

Presentation title

Human-related Problems in Information Security in Cross-cultural Environments, Suvashis DAS and Tatsuo ASAI

Abstract

 This paper discusses the potential problems due to cultural differences, which foreign companies may face in India concerning information security. Top 5 investing countries in India, namely, Singapore, US, UK, Netherlands and Japan are examined. Potential problems concerning the management of people are developed using Hofstede’s framework. To evaluate the magnitude of potential of problems, a recently proposed measure called Level of Potential (LoP) is adopted.

 A survey was conducted in India to evaluate the severity of the potential
problems and the practicability of LoP. It is proved that LoP can predict
problems in the Indian business environment. The results have revealed that Japanese companies may face problems least, while American companies
 do most. The problem of “Unintentional sharing of confidential information” has the highest severity.

The presenter for E-2 has been changed from Mr. Bardak to Mr.Shinoda.

They have worked together to conduct the research.

E-2

Name

Yosh Shinoda

Company

Intelligent Systems Lab, SECOM

Position

Group Leader

Bio

Yosh is currently the group leader of Service Robot Group at SECOM Intelligent Systems Laboratory in Tokyo, Japan. He received his Bachelor's and Master's degrees in Electrical and Computer Engineereing from Carnegie Mellon University in Pittsburgh, Pennsylvania.

Presentation title

Using Automatic Scheduling in Facilitating Emergency Disaster Response

Abstract

This talk will introduce the nurse scheduling problem, explaining how using a computer system can speed up a typical scheduling scenario at a hospital where complex preferences and attributes of the staff, needs of the hospital and rules and regulations can make manual scheduling very time consuming and difficult. We will then map the techniques used in building nurse schedules quickly to scheduling of staff (rescue workers, volunteers, etc.) after a disaster.

During disaster relief efforts number and skills of available workers can vary quickly. Effective and quick assignment of these workers and volunteers can save lives as well as freeing up organizers from having to spend their time with just producing schedules.

 

E-2

Name

Dr. Ulas Bardak

Company

Intelligent Systems Lab, SECOM

Position

Research engineer

Bio

Ulas is currently working as a researcher at SECOM Intelligent Systems Laboratory in Tokyo, Japan and is a co-founder of the social networking site Mindkin. Born in Nicosia, Cyprus, he received his Bachelor’s degree in Computer Science from Carnegie Mellon University in Pittsburgh, Pennsylvania on a scholarship from the Cyprus Fulbright Commission. Ulas also received his Master's degree and Ph.D. from the CMU School of Computer.

Presentation title

Using Automatic Scheduling in Facilitating Emergency Disaster Response

Abstract

This talk will introduce the nurse scheduling problem, explaining how using a computer system can speed up a typical scheduling scenario at a hospital where complex preferences and attributes of the staff, needs of the hospital and rules and regulations can make manual scheduling very time consuming and difficult. We will then map the techniques used in building nurse schedules quickly to scheduling of staff (rescue workers, volunteers, etc.) after a disaster.

During disaster relief efforts number and skills of available workers can vary quickly. While the skills and proficiencies of "official workers" (fire fighting personnel, medics, etc.) may be known ahead of time, the same cannot be said about the volunteers who may join the rescue efforts. A doctor who may happen to be in the vicinity can prove to be invaluable if he or she can be effectively assigned to a task fitting his or her specialty. Doing them manually is a difficult task since one would have to remember where the current shortages are, take into account the doctor's abilities and preferences and if required, juggle assignment of others in order to open up a position where this doctor can be most useful. These tasks are much easier for a computer to do given the right infrastructure to operate on.

  Effective and quick assignment of these workers and volunteers can save lives as well as freeing up organizers from having to spend their time with just producing schedules.We will finally make the case for how using such a system can help in mitigating the effects of a disaster in a country like Japan.

 

E-3

Name

Dr. Sven Wohlgemuth

Company

National Institute of Informatics, Japan

Position

Visiting Researcher (Postdoctoral Scholar)

Bio

Since April 2009, Dr. Wohlgemuth is a visiting researcher (postdoctoral scholar of the German Academic Exchange Service - DAAD) at the National Institute of Informatics, Japan. His research is on privacy and the disclosure of personal data to third parties.    
Dr. Wohlgemuth has received his doctoral degree of engineering sciences in computer science on “Privacy with Delegation of Rights” at the Albert-Ludwig University of Freiburg, Germany. Before, he has received his diploma in computer sciences with economics at the University of Saarland, Germany.

From 2006 until 2008, Dr. Wohlgemuth has been the founding coordinator of the working group “Privacy in Business Processes” of the Network of Excellence “Future of Identity in the Information Society (FIDIS)” funded within the 6th Framework Programme of the European Commission. From 2001 until 2006, he has been the coordinator of the German research priority programme “Security in the Information and Communication Technology” funded by the German Researc Foundation (DFG).

 Dr. Wohlgemuth was a member of the ISSI 2009, SICHERHEIT 2008 and ETRICS 2006 conferences organizing committee. In 2009, he has got the Gerd Griesser Award 2009 for the article “On Privacy in Medical Services with the Electronic Health Record”. In 2003, the German Federal State “Baden- Württemberg has awarded his work on “Usability and Security by Identity Management” with the doIT Software-Award 2003.

Presentation title

Privacy and the Disclosure of Personal Data to Third Parties

Abstract

Cloud computing will succeed the Mainframe and Client-Server computing paradigm. The main difference of cloud computing to the previous paradigm is that individuals and enterprises make use of services out of the cloud via a web browser and they share the cloud’s computing power and data storage. Disclosure of the users’ data to the software service providers of the cloud raises privacy risks. Currently, users cannot enforce agreed-upon privacy policies. In this article, we propose a privacy system for ex post enforcement of privacy policies. Our proposal is to observe disclosures of personal data to third parties by using data provenance and digital watermarking.

 

E-4

Name

Naoko Okawa

Company

Adjudication Division, Secretariat, Board of Audit of Japan

Position

Adjudication Officer / IT Auditor

Bio

Naoko is currently working as an adjudication officer and IT Auditor of Supreme Audit Institution (SAI) of Japan. Born in Tokyo, Japan.

She received her Bachelor’s degree in Law in Keio University, Diploma in Development Studies in Institution of Developing Economies Advanced School of Japan External Trade Organization (JETRO) and MBA in Judge School of Management Studies in Cambridge University.

Presentation title

IT Security Management in Central Government -from SAI-Japan Audit Report in 2006-

Abstract

This session will introduce the Audit report on IT security of Central Government. This report was a part of the Special Audit Report on “Audit results concerning computers systems at ministries” requested by the Diet in 2006. SAI-Japan found data security control systems were not adequate based on the audit of IT security management, such as server room entry control, back-up data storage check, network security control, user authorization policy, etc. in 25 ministries or agencies at that time. Nowadays, all the ministries have CIO and a section in charge of supporting CIO, and the situation is improved. Some update will be followed in the session. 

 

E-5

Name

Michael Deeming

Company

Protiviti Japan Co. Ltd.

Position

Senior Manager

Bio

Michael Deeming is currently a Senior Manager in the IT Audit Practice of Protiviti Japan's "Cross Border Team" and has been supporting International Companies in Tokyo for the past three years.

Michael has experience in leading a wide variety of system assessments, controls evaluations and implementations, planning and executing systems testing, and lifecycle documentation.  Michael also has experience in consulting assignments including systems development, independent verification and validation of systems data, detailed systems process and financial mapping, as both project manager and auditor.

He received his undergraduate B.S. Business and Economics from Lehigh University, an M.S.B.A. in Information Systems and an M.S. Accounting degree from San Diego State University. Michael is also a licensed CPA, CISA, A+ technician and PCI QSA.

Presentation title

The Importance of Integrating IT Audit to Promote Development of Secure Systems

Abstract

This discussion will draw on Michael's experiences to present an overview of the importance of IT Audit involvement during planning and development of a new system to promote data security and integrity. He will review activities in the following areas:

       Project management (establishing the PMO, define the combination of organization, skills, processes, software, and technology that aligns your current and future needs with your business objectives); 

       Security risks within the project life cycle (planning, requirements analysis, system design and development practices, test plans and methodologies, change control and data conversion, implementation and rollout). 

Michael will integrate case study examples of lessons learned as well as samples of findings that he has seen in some of his engagements. This approach of integrating audit with project management and development activities intends to support more effective system development and security. Through the application of knowledge, skills, tools, and techniques to project activities a company can meet or exceed stakeholder expectations by balancing demands between project scope, schedule, resources, cost, quality and desired results.

 

E-6

Name

Darren Griffiths

Company

PricewaterhouseCoopers Aarata

Position

US Principal on secodment to Japan

Bio

Darren is a member of the System & Process Assurance group where he leads the IT controls testing for many of the external audits of PwC’s global clients in Japan.  Born in Sydney, Australia, he received his Bachelor’s degree from the University of Queensland, Australia.  He is an Australian Chartered Accountant, a Certified Information Systems Auditor, and a Certified Internal Auditor. Darren has worked in public accounting in Australia, the UK, the Middle East, the US, and now Japan.

Presentation title

Key Factors in Considering IT Security for a SOX Audit of Internal Controls

Abstract

This talk will provide a high level discussion of how IT security is considered during the course of a SOX audit of the internal controls of an organization’s financial statements. We will consider the current economic climate on ensuring an efficient approach to scoping and testing IT security controls and how this is tied to a risk-based approach to ensure only key controls are considered in scope. We will also look at where we have come from and how our focus on IT security controls has evolved over the last several years, including in response to regulatory changes