Submit a Paper

Propose a Workshop

The Fourth International Conference on Information, Process, and Knowledge Management

eKNOW 2012

January 30 - February 4, 2012 - Valencia, Spain


Tutorials

T1. Legal issues involved in creating security compliance plans
David Snead, Attorney + Counselor, Washington, D.C., USA

T2. From Microblogging to a Zero Costs e-Prescribing System: Building a Social e-Prescribing System Using Open Source Technologies
by Piero Giacomelli, TeSAN, Italy

T3. Digital Investigations and Forensic Analysis - Practices and Technologies
by Syed Naqvi, CETIC, Belgium

 

DETAILS

 

T1. Legal issues involved in creating security compliance plans
David Snead, Attorney + Counselor, Washington, D.C., USA

The world doesn’t need another compliance plan that sits on a shelf.  Security is too important an issue for a company to spend time designing a plan that gathers dust.  The best way to create a compliance plan is to leverage a company’s experts:  their colleagues.  Companies do this by giving them the legal and regulatory tools they need to create a plan that they can own.

In this intensive three hour workshop, you will learn how to view security through the lens of a lawyer, or, more importantly, a regulatory enforcement official.  After a briefing on those laws and regulations currently impacting technology security, you will learn why these regulations were enacted in the first place.  This understanding will provide an understanding of how to create compliance plans that anticipate changes in regulations and the application of the regulations to individual businesses.  We will then create a matrix that prioritizes those issues, and the laws that may relate to them.  Finally, we will discuss drafting strategies companies can use to turn the dry topic of legal compliance into a policy that their team will remember and refer to.

This workshop will cover:

  • An overview of the legislative.
  • Legislative and regulatory enforcement theory used to administer these laws.
  • Identification of trends in regulatory enforcement that apply to different technology sectors.
  • How to sort through, and create, lists of compliance priorities.
  • Effective use of policy drafting theory to translate legalese into plain English.

 

T2. From Microblogging to a Zero Costs e-Prescribing System: Building a Social e-Prescribing System Using Open Source Technologies
by Piero Giacomelli, TeSAN, Italy

In this tutorial I would like starting from  the Twitter stream and updating status developing the idea of building an e-prescribing system using microblogging technologies.

This would be a two stage tutorials. After building an explaining the main key idea from the twitter functionality, I would like to show using a common notebook and the Jaiku google opensource engine, how it is possible to create a scalable, nearly zero-cost system for prescribing drugs and medicines and use it to control patient therapy. Possible future application of microblogging in ehealth where also be discussed.

 

T3. Digital Investigations and Forensic Analysis - Practices and Technologies
by Syed Naqvi, CETIC, Belgium

Digital forensics analysis is usually seen as a specialised domain of information and communication technologies (ICT) that is employed when a serious crime involving ICT is committed. It is by and large seen as a responsibility of the computer crime units of law enforcement agencies to conduct examinations of the ICT resources used in a crime. Likewise, until a few decades ago, computer and network security had a perception of defence utility for military establishments. But now computer and network security has become a commodity of every corporate system and home PC. Today's businesses are feeling the need of efficient monitoring mechanisms to protect them from emerging commercial threats such as competitor analysis and steganalysis. The staff members of an enterprise ICT teams are therefore required to acquire the digital forensics analysis skills and the corresponding investigation tools. This trend is experiencing a significant shift in the recent years as the commercial interests of corporate sector increasingly require the post-incident analysis capabilities to ensure business continuity.

This tutorial will provide an insight into the technical, legal and societal aspects of digital investigations and forensic analysis. The tutorial will provide a set of best practices for carrying out forensics analysis of different kinds of devices and systems. The tutorial will highlight the role of digital forensics in enterprise information architecture. It will present a framework for embedding digital forensics analysis techniques at various stages of corporate ICT lifecycle. The tutorial will provide pragmatic analysis of the perception of privacy in the cyber realm especially related to personal data and its analysis by third parties. The tutorial will also provide an overview of the emerging challenges in this field mainly due to the virtualisation and decentralisation of computing and networking infrastructures across geopolitical borders.

 
 

Copyright (c) 2006-2012, IARIA