日本セキュリティ・マネジメント学会(JSSM)
国際部会
<全国大会>
部会議事録 |
◆第24回全国大会(6月26日土曜日)
全国大会に関する情報は右記URLを参照してください。http://www.jssm.net/jssm/jssm042_2010-1.pdf
[全国大会概要]
日時: 2010年6月26i日(土) 9:時55分-19時50分
場所:専修大学 生田キャンパス10号館/9号館 (神奈川県川崎市多摩区東三田 2-1-1)
統一テーマ: 「ネットワーク社会のリスクとセキュリティ」
基調講演: 今井英樹氏 中央大学教授、東京大学名誉教授
特別講演: 末吉竹二郎氏 国連環境計画・金融イニシアティブ特別顧問
[国際部会主催 英語セッション]
予定された6講演の他、特別セッションを設け、出席者を交えて「日本固有のセキュリティ・システム」について討論を行なった。
各セッションとも参加者は 20名を超え、延べ出席者数は184名に達した。
ご参加のみなさま、ありがとうございました。
[懇親会]
講演者6名
[Program]
930 - |
Reception
Desk Open (Front of |
||||
9:55 - 10:00 |
Message from Conference Chairman: Prof. Tadashi Ozone (Class
Room10301 on 3F in Building 10) |
||||
10:00 - 10:10 |
JSSM Chairman’s Remarks: Prof. Ryoichi Sasaki (10301) |
||||
10:10 – 11:10 |
Keynote Speech:
Prof. Hideki Imai 『情報環境の進展と暗号技術の今後』 (10301) |
||||
|
セッションG 自由論題 |
セッションE English
Session |
|||
11:20 - 11:55 |
G1 (10302) |
G2 (10303) |
G3 (10304) |
G4 (10315) |
E1 (10314) |
11:55 - 12:50 |
Lunch(55min.)
(SHIDAX on 4F in
Build. 10、Cabin on 5F Build. 9) |
Board meeting (10305) |
|||
12:50 - 13:30 |
General Assembly (10301) |
||||
|
セッションA コーポレート・ガバナンス |
セッションB 先端技術 |
セッションC 環境マネジメント |
セッションD 危機管理 |
セッションE English
Session |
13:40 - 14:15 |
A1 (10302) |
B1 (10303) |
C1 (10304) |
D1 (10315) |
E2 (10314) |
14:20 - 14:55 |
A2 (10302) |
B2 (10303) |
C2 (10304) |
D2 (10315) |
E3 (10314) |
|
セッションF ITリスク |
セッションH 個人情報の保護 |
セッションI IT統制 |
セッションJ セキュリティ法制 |
セッションE English
Session |
15:50 - 15:35 |
F1 (10302) |
H1 (10303) |
I1 (10304) |
J1 (10315) |
E4 (10314) |
15:40 - 16:15 |
F2 (10302) |
H2 (10303) |
I2 (10304) |
J2 (10315) |
E5 (10314) |
|
セッションK 関西支部 |
セッションG 自由論題 |
セッションE English
Session |
||
16:20 - 16:55 |
K1 (10302) |
G5 (10303) |
|
|
E6 (10314) |
17:00 – 18:00 |
Special lecture: Takejiro Sueyoshi 『温暖化がもたらす新しい国際競争』 (10301) |
||||
18:00 - 19:50 |
Buffet Party(Cabin on 5F in Building 9) |
[講演番号、講演者名、講演者所属、部署、プロフィール、講演タイトル・概要】
E-1 |
Name |
Suchinthi
Fernando |
|
Company |
|
Position |
Management and
Information Systems Science, |
|
Bio |
Suchinthi
Fernando is currently a Master's student at Nagaoka University of Technology,
majoring in Management and Information Systems Engineering. She received
her B.Sc. in Information Technology from |
|
Presentation
title |
Human-related
Problems in Information Security in Cross-cultural Environments, Suvashis DAS
and Tatsuo ASAI |
|
Abstract |
This paper discusses the potential
problems due to cultural differences, which foreign companies may face in A survey was conducted in |
E-2 の講演者は Mr. Bardakから Mr.Shinodaに変更されました。.
両名は同一の職場で仕事をしていました。
E-2 |
Name |
Yosh Shinoda |
|
Company |
Intelligent
Systems Lab, SECOM |
Position |
Group Leader |
|
Bio |
Yosh is
currently the group leader of Service Robot Group at SECOM Intelligent
Systems Laboratory in |
|
Presentation
title |
Using Automatic
Scheduling in Facilitating Emergency Disaster Response |
|
Abstract |
This talk will
introduce the nurse scheduling problem, explaining how using a computer
system can speed up a typical scheduling scenario at a hospital where complex
preferences and attributes of the staff, needs of the hospital and rules and
regulations can make manual scheduling very time consuming and difficult. We
will then map the techniques used in building nurse schedules quickly to
scheduling of staff (rescue workers, volunteers, etc.) after a disaster. During disaster
relief efforts number and skills of available workers can vary quickly.
Effective and quick assignment of these workers and volunteers can save lives
as well as freeing up organizers from having to spend their time with just
producing schedules. |
E-2 |
Name |
Dr. Ulas Bardak |
|
Company |
Intelligent
Systems Lab, SECOM |
Position |
Research
engineer |
|
Bio |
Ulas is
currently working as a researcher at SECOM Intelligent Systems Laboratory in |
|
Presentation
title |
Using Automatic
Scheduling in Facilitating Emergency Disaster Response |
|
Abstract |
This talk will introduce
the nurse scheduling problem, explaining how using a computer system can
speed up a typical scheduling scenario at a hospital where complex
preferences and attributes of the staff, needs of the hospital and rules and
regulations can make manual scheduling very time consuming and difficult. We
will then map the techniques used in building nurse schedules quickly to
scheduling of staff (rescue workers, volunteers, etc.) after a disaster. During disaster
relief efforts number and skills of available workers can vary quickly. While
the skills and proficiencies of "official workers" (fire fighting
personnel, medics, etc.) may be known ahead of time, the same cannot be said
about the volunteers who may join the rescue efforts. A doctor who may happen
to be in the vicinity can prove to be invaluable if he or she can be
effectively assigned to a task fitting his or her specialty. Doing them
manually is a difficult task since one would have to remember where the
current shortages are, take into account the doctor's abilities and
preferences and if required, juggle assignment of others in order to open up
a position where this doctor can be most useful. These tasks are much easier
for a computer to do given the right infrastructure to operate on. Effective and
quick assignment of these workers and volunteers can save lives as well as
freeing up organizers from having to spend their time with just producing
schedules. We will finally make the case for how using such a system can help in
mitigating the effects of a disaster in a country like |
E-3 |
Name |
Dr. Sven
Wohlgemuth |
|
Company |
National
Institute of |
Position |
Visiting
Researcher (Postdoctoral Scholar) |
|
Bio |
Since April
2009, Dr. Wohlgemuth is a visiting researcher (postdoctoral scholar of the
German Academic Exchange Service - DAAD) at the National Institute of
Informatics, Dr. Wohlgemuth
has received his doctoral degree of engineering sciences in computer science
on “Privacy with Delegation of Rights” at the Albert-Ludwig University of
Freiburg, Germany. Before, he has received his diploma in computer sciences
with economics at the From 2006 until
2008, Dr. Wohlgemuth has been the founding coordinator of the working group
“Privacy in Business Processes” of the Network of Excellence “Future of
Identity in the Information Society (FIDIS)” funded within the 6th Framework
Programme of the European Commission. From 2001 until 2006, he has been the
coordinator of the German research priority programme “Security in the
Information and Communication Technology” funded by the German Researc Foundation (DFG). Dr. Wohlgemuth was a member of the ISSI
2009, SICHERHEIT 2008 and ETRICS 2006 conferences organizing committee. In
2009, he has got the Gerd Griesser Award 2009 for the article “On Privacy in
Medical Services with the Electronic Health Record”. In 2003, the |
|
Presentation
title |
Privacy and the
Disclosure of Personal Data to Third Parties |
|
Abstract |
Cloud computing
will succeed the Mainframe and Client-Server computing paradigm. The main
difference of cloud computing to the previous paradigm is that individuals
and enterprises make use of services out of the cloud via a web browser and
they share the cloud’s computing power and data storage. Disclosure of the
users’ data to the software service providers of the cloud raises privacy
risks. Currently, users cannot enforce agreed-upon privacy policies. In this
article, we propose a privacy system for ex post enforcement of privacy
policies. Our proposal is to observe disclosures of personal data to third
parties by using data provenance and digital watermarking. |
E-4 |
Name |
Naoko Okawa |
|
Company |
Adjudication
Division, Secretariat, Board of Audit of |
Position |
Adjudication
Officer / IT Auditor |
|
Bio |
Naoko is
currently working as an adjudication officer and IT Auditor of Supreme Audit
Institution (SAI) of She received
her Bachelor’s degree in Law in |
|
Presentation
title |
IT Security
Management in Central Government -from SAI-Japan Audit Report in 2006- |
|
Abstract |
This session
will introduce the Audit report on IT security of Central Government. This
report was a part of the Special Audit Report on “Audit results concerning computers
systems at ministries” requested by the Diet in 2006. SAI-Japan found data security control
systems were not adequate based on the audit of IT security management, such
as server room entry control, back-up data storage check, network security control,
user authorization policy, etc. in 25 ministries or agencies at that time.
Nowadays, all the ministries have CIO and a section in charge of supporting
CIO, and the situation is improved. Some update will be followed in the
session. |
E-5 |
Name |
Michael Deeming |
|
Company |
Protiviti Japan
Co. Ltd. |
Position |
Senior Manager |
|
Bio |
Michael Deeming
is currently a Senior Manager in the IT Audit Practice of Protiviti Michael has
experience in leading a wide variety of system assessments, controls
evaluations and implementations, planning and executing systems testing, and
lifecycle documentation. Michael
also has experience in consulting assignments including systems development,
independent verification and validation of systems data, detailed systems
process and financial mapping, as both project manager and auditor. He received his
undergraduate B.S. Business and Economics from |
|
Presentation
title |
The Importance
of Integrating IT Audit to Promote Development of Secure Systems |
|
Abstract |
This discussion
will draw on Michael's experiences to present an overview of the importance of
IT Audit involvement during planning and development of a new system to
promote data security and integrity. He will review activities in the
following areas: ・ Project
management (establishing the PMO, define the combination of organization,
skills, processes, software, and technology that aligns your current and
future needs with your business objectives); ・ Security risks
within the project life cycle (planning, requirements analysis, system design
and development practices, test plans and methodologies, change control and
data conversion, implementation and rollout). Michael will
integrate case study examples of lessons learned as well as samples of
findings that he has seen in some of his engagements. This approach
of integrating audit with project management and development activities
intends to support more effective system development and security. Through
the application of knowledge, skills, tools, and techniques to project
activities a company can meet or exceed stakeholder expectations by balancing
demands between project scope, schedule, resources, cost, quality and desired
results. |
E-6 |
Name |
Darren
Griffiths |
|
Company |
PricewaterhouseCoopers
Aarata |
Position |
US Principal on
secodment to |
|
Bio |
Darren is a member
of the System & Process Assurance group where he leads the IT controls
testing for many of the external audits of PwC’s global clients in |
|
Presentation
title |
Key Factors in
Considering IT Security for a SOX Audit of Internal Controls |
|
Abstract |
This talk will
provide a high level discussion of how IT security is considered during the
course of a SOX audit of the internal controls of an organization’s financial
statements. We will consider the current economic climate on ensuring an
efficient approach to scoping and testing IT security controls and how this
is tied to a risk-based approach to ensure only key controls are considered
in scope. We will also look at where we have come from and how our focus on
IT security controls has evolved over the last several years, including in
response to regulatory changes |