Conference Programme Infosecurity Russia 2007
"Cooperation and Mutual Understanding in the Information Security Market"

Section: Legislative Control of Information Security IssuesModerator: Alexander P. Germogenov, Head of Division, Department of State policy in the domain of information and communication technologies, Ministry of Information Technologies and Communications of the Russian Federation

Issues for discussion: Issues of Federal Law Enforcement In the domain of information security. Peculiarities of information security of: information and telecommunication systems, networks of mission-critical infrastructure objects, and mission-critical objects of information infrastructure. Improvement of regulatory control of information security in the domain of the development of modern information and telecommunication technologies and communication. State stimulation of information security development.

Speakers:
Anatoly A. Streltsov - Head of Information Security and Information Technologies Department, Security Council of the Russian Federation
Igor F. Kachalin, Deputy Head of the FSB (Federal Security Service) Centre in Russia FSTEC representatives, Russia

Speakers invited to participate: representatives of the Ministry of Information Technologies and Communications of the Russian Federation

Round-Table Meeting: Standardization, Licensing, and Certification in Information Security

Moderator: Dmitry V. Kostrov, Head of Information Security Department, OAO "Multiregional TransitTelecom"

Issues for Discussion:
What standards exist today? Expediency of certifying according to standards. Its advantages for business. Certificates of what standard should Russian business receive?

Participants:
Vladimir A. Kurbatov, Head of Information Security Division, OOO "LUKOIL-INFORM"
Andrey A. Gritsienko, Head of Information Security Service, Vozrozhdenie Bank; Yury Maksimov, Technical Director, Positive Technologies
Vasily Nosakov, Head of Security Systems Consulting Department, Jet Infosystems

Round-Table Meeting: The Goal of Information Security Organization, Construction and Management in IS Business

Moderator: Mikhail V. Levashov, Main Information Security Specialist, ÎÀÎ "Moscow City Telephone Network"

Issues for Discussion: Why does business need IS? What will it gain from It? How much, when and how? What influence may IS have on the main financial parameters (capitalization, profit, etc)? How to persuade business that it is necessary to preliminary invest in IS? How should IS system itself and the system of the persuasion be built? What practical means of persuasion exist? How to build and manage IS in business given the growth of its capitalization? What are today's main IS threats which prevent this growth? How to assess the quantity of IS risks?

Participants:
Viktor A. Serdiuk, CEO, DialogueScience
Sergey D. Kurianov, Business Development Director, DocsVision
Ilya Medvedovsky, Director, Digital Security
Alexey I. Kuleshov CISSP, CISA, Senior Consultant of Security Department, NVision Group
Alexey V. Lukatsky, Business Development Manager, Cisco Systems
Maxim Malezhin, Senior Consultant "Ernst & Young", CISA, CISSP

Round-Table Meeting: Information Security Standard of the Central Bank - How to Integrate, How to Follow?

Moderator: Mikhail Y. Emeliyannikov , Deputy Commercial Director, NIP "Informzaschita" Specialists of the Bank of Russia, Association of Russian Banks, ABISS, and Commercial Banks will discuss issues associated with integration of the Central Bank Information Security Standards, their application in practice, organization and standards compliance auditing.

Participants: representatives of the Bank of Russia are invited to participate
Pavel V. Genievsky, Secretary of ABISS association Council
Alexander N. Veligura, Chairman of the information security committee of the Association of Russian Banks
Evgeny Akimov, Deputy Head of Information Security Centre, Jet Infosystems

Round-Table Meeting: Personal Data - How to Protect Them?

Moderator: Alexey G. Sabanov, Commercial Director, Aladdin Software Security R.D.

Issues for Discussion: Legislative Base. What is new? Application problems. How to meet statutory requirements? Problems and solutions.

Participants: Igor B. Shubinsky, Division manager, VNIIAS (Russian Scientific and Research Institute of Informatics, Automatics and Communications) Doctor of Engineering, professor, expert of the Scientific Council under Security Council of the Russian Federation; Igor V. Sobetsky, Laboratory Chief, Security Training Centre "Informzaschita

Round-Table Meeting: Information Security Budget: What Expenses on Personnel Should Be Included?

Moderator: Zoya V. Popova, Director, Security Training Centre "Informzaschita"

Issues for Discussion: Expenses on vocational training of IS specialists: is it enough? Why does poor funding for personnel training influence the efficiency of the whole set of information security measures taken? What is the cost of staff professionalism and their awareness of information security issues, of personnel loyalty and retention of experts?

Participants:
Evgeny Kireev, Business Development Director, Positive Technologies
Olga B. Sabinina, Partner, Director of the Department "Recruitment for information technologies and telecommunications market", "Agentstvo Kontakt" Group of companies
Elena Elkina, Marketing Director, Digital Security

Section: Outsourcing Issues. Access Of Outside Agencies to the Company - Experience of Russian Specialists

Moderator: Mikhail Y. Emeliyannikov, deputy Commercial Director, NIP "Informzaschita"Issues for Discussion: Advantages and disadvantages of information security outsourcing. Operating expenses and quality of service. Issues of confidence in an outsourcer and their responsibility. Only one outsourcer is aware of a competitor's sensible information - is it allowable? How to raise the level of confidence in an outsourcer? Is it possible to follow western experience in outsourcing? Can western companies work in this segment of the Russian market?

Participants: Vladimir A. Kurbatov, Head of Information Security Division, OOO "LUKOIL-INFORM"; Andrey A. Gritsienko, Head of Information Security Service, Vozrozhdenie Bank; Advantages and disadvantages of information security outsourcing in comparison to training company own staff Nikolay N. Fedotov, Head of Information Security Department, IT Academy; Technical aspects of IS outsourcing - Vladimir B. Lepikhin, Laboratory Chief, Security Training Centre "Informzaschita"

Round-Table Meeting: Incidents Investigation in the Domain of Information Security: Which Experience is Better - Russian or Western?

Moderator: Igor V. Sobetsky, Laboratory Chief, Security Training Centre "Informzaschita"

Issues for Discussion: What measures should be paid more attention to - technical or police? Is It appropriate to apply tools to investigate incidents? Is it expedient to follow western experience in incidents investigation? What risks exist in case of application to law enforcement bodies? What are the peculiarities of incidents investigation in case of conflicts of interest of property owners?

Round-Table Meeting: Spam and Anti-spam Fight: Industry Prognosis

Moderator: Viktor Dronov, Product Development Manager, Kaspersky Lab

Issues for Discussion: New areas: spam in blogs, IM and voice communication. Stop running after the leaving train: proactive anti-spam-technologies. Less spam or more comfort? Possible changes in e-mail standards

Participants: S.G. Antimonov, Chairman of the Board of Directors, DialogueScience; Alexey V. Grebeniuk, Director of Technical Support Centre, Doctor WEB; N.I. Belenky, Laboratory Chief, Security Training Centre "Informzaschita"; Evgeny V. Altovsky, "AntiSpam" project Coordinator, UNESCO "Information for all"; Mirko Schneider, territory Manager IronPort - now a part of Cisco, Speaker invited by Netwell ; Michael Kasan, Account Vice-president, PineApp Ltd., Israel; Kirill Zorky, Head of Anti-spam Developments, Kaspersky Lab

Round-Table Meeting: Practical Issues of IS Systems Construction

Moderator: Dmitry V. Kostrov, Head of Information Security Department, OAO "Multiregional TransitTelecom"

Issues for Discussion: Pluses and minuses of perimeter Sscurity. Security elements. Should only certified IS systems be used? Insiders. Still, what is more dangerous - outside or inside intruders, and in what industry?

Participants: Pavel Semiakin, Senior Security Engineer of IS Department, ÎÀÎ OAO "Multiregional TransitTelecom"; Mikhail I. Kalinichenko,CEO, S.N.Safe&Software; Alexey Raevsky, CEO, SecurIT Company; Valentin Fedotov, Head of Business development Department, Doctor WEB; Mizrahi Gabriel, Technical Director, PineApp Ltd, Israel; Mikhail Pribochy, Distribution Director, Associates Distribution (Websense Value Added Distributor)

Round-Table Meeting: Securing Confidential Information in Implementation Centre from Unauthorized Intrusion, Administrative Personnel of Data Base Management System, and from Workers of Operational Services

Moderator: Andrey V. Kazachkov Main Specialist of Information Security Division, Department of economic security, ÎÀÎ RAO "UES of Russia"Issues for Discussion: What is the general model of storage threats in modern enterprise storage? What are the main requirements imposed on nformation Security Systems of Enterprise Storage? What are the main principles on which the decision should be based?

Participants: representatives of OAO RAO "UES of Russia", ELVIS-PLUS representatives, Demos

Expert Panel: The Condition and Prospects of the Russian Hardware Authentication Market

Moderator: Sergey L. Gruzdev, CEO, Aladdin Software Security R.D.

Issues for Discussion: The current condition and characteristics of the market, assessment of the market shares occupied by suppliers, assessment of the market capacity and its development dynamics: Understanding of prospects and key factors that impact market development (technological, economic, etc) What new market players may enter the Russian market? How will the market change after the Russia's entry into the WTO? The most significant projects able to influence the market development. Which technology is better? 5 key success factors (from every producer)

Participants: Representatives of Àktiv, Rainbow, OKB SAPR, Demos (RSA), Multisoft, Aladdin R.D., company integrators

Section: Information Security from A to Z. For Those Who Begin

Moderator: Sergey E. Adadurov, Director, VNIIAS Russian Scientific and Research Institute of Informatics, Automatics and Communications

Presentations: Architecture of information security systems - Mikhail Kader, Alexey Lukatsky, Cisco Systems; How to choose an antivirus protection system? - M.Pilipenko, CROC; Introduction to network security - Sergey D. Ryabko, CEO, ZAO "S-ôÅrrÁ CSP";The system of information security management as a process - Ilya Medvedovsky, Director, Digital Security;Security of e-mail systems: how to provide multilevel security? - Vladimir B. Lepikhin, Laboratory Chief, Security Training Centre "Informzaschita"; Sergey D. Kurianov, Business Development Director, DocsVision

Round-Table Meeting: Security of Mobile Payment SystemsModerator: Sergey A. Kiriushkin, Joint-Stock Company ANK

Issues for discussion: Mobile payments risk assessment, legal issues of mobile payment security, identification and authentication in mobile payment systems, the role of certifying centres in mobile payment systems, application issues of the existing infrastructure of telecoms operators and bank infrastructure for development of public key infrastructure. Security issues in integration of mobile payment systems with the project "Universal social card" and others.

Visitors and exhibitors invited to participate: representatives of security, legal and IT departments of banks, telecoms operators; government representatives, in the interest of which payments are made into the budget (duties, fines); certifying centres, IT security enterprises.

Section: Plastic Cards Application Security - Legislation and Application Experience

Moderator: Andrey A. Stepanenko, Marketing Director, NIP "Informzaschita"

Issues: New requirements of the world plastic cards industry - what threatens Russian banks which participate in international payment systems? Problems associated with fulfillment of international regulator requirements. Are there legal means of optimizing expenses on their elimination?

Participants: A.P. Larionov, Deputy Head of Information Security Service, Vozrozhdenie Bank; M.S. Emm, Deputy Consulting Director, NIP "Informzaschita"

Round-Table Meeting: Information Security of Trade Retail-Companies and E-Shops

Moderator: Alexander Gudko, Columnist, "Electronics. Manufacturing and Trade", MARKETLIGHT.INFO site Coordinator

Issues: Security of enterprise datacentre which is responsible for prices relevance and stock reserves issues, and support of e-shop portal. How to make datacentre disaster-tolerant? Security of wireless local-area networks (WLAN). Integrity and confidentiality of information transferred through VPN. Organization of mission-critical information access system for staff and internet access regulation including ICQ control. Communication channel security in sales areas of commercial enterprises. Information security of e-shops

Participants: Evgeny Sizov, IT Director, store chain "Svyaznoy"; Vladimir Kovalenko, Head of "IT" group,ULTRA Electronics, Moscow; Mikhail V. Levashov, Main Information Security Specialist, ÎÀÎ "Moscow City Telephone Network"; Vladimir B. Lepikhin, Laboratory Chief, Security Training Centre"Informzaschita"; Sergey V. Ryzhikov, CEO, 1Ñ-Bitrix; Sergey Gordeychik, System Architect, Positive Technologies; Heads of Information Security Departments of chain stores which have e-shops as well as independent e-shops

Round-Table Meeting: Network Information Security: User-Integrator-Producer

Moderator: Alexander Vlasov, Editor, Publishing House "Groteck"

Issues: How do producers of network security products understand priorities of their work? What results were achieved during the previous year? How do customers assess them? Is It possible to consolidate efforts of the national network security industry representatives in the direction of VPN market development?

Round-Table Meeting: Service Ideology of IS Business: Is the Customer Always Right?

Moderator: Galina Bolshova, Editor and Columnist, "InformCourier-Svyaz"

From Integrator's Point of View: Does the customer have to assign the task at T3 level? Does T3 worked out by them always satisfy the task assigned? Is the integrator entitled to have principles: "the customer wants this way, but it is not right; I will persuade the customer of their mistake"? What are the main difficulties with integration process? How much does the offered and implemented solution comply with original project goals?From the Customer's Point of View: Integration goals: Have they become closer after project implementation? How was the solution offered (versions, effectiveness assessment, risk analysis)? Integration difficulties (interaction with the integrator and within the company) Lessons of the project: To what conclusion have you come basing on the results of integration : products and solution producers (matters to be paid attention), integrators, organizational management…What is an ideal integrator and what are their qualities?

Participants: Dmitry D. Ustiuzhanin, Head of Information Security Department, ÎÀÎ "VympelCom", Jet Infosystems representatives, Vasily A. Okulessky, Head of Information Security Department, SB OAO "Bank of Moscow"; Elena Suchkova, "InfoWatch"; Alexander I. Tkachev, Security Department, OAO "SVYAZINVEST"; D.V. Kubasov, "Svyazintek"; Evgeny Novikov, Head of Networks Management Centre, OOO "Lukoil-Inform"; Andrey Golov, Head of Security Group, CISSP, CISA, Energy Consulting Integration Group of Companies; Alexey V. Lulatsky, Business Development Manager, Cisco Systems; Mikhail V. Levashov, Main Information Security Specialist, ÎÀÎ "Moscow City Telephone Network"; Sergey D. Kurianov, Business Development Director, DocsVision

The Role of Authentication in Construction of Information Security Systems
Alexey G. Sabanov, Commercial Director, Aladdin Software Security R.D.

New Dimensions in Web Threats and Cyber Crime
Mikhail Kondrashin, Head of the Competence Centre, Trend Micro Russia &CIS

Section: Market innovations

Presentation by Alexander Sinelnikov, Dozor Jet Product Promotion Manager;
Dr.Web AV-Desk, Dr.Web for Exhange and Dr.Web SMMTP - New Antispam and Antivirus Protection Technologies - presentation by Doctor WEB representatives;
Websense Content Protection Suite (CPS) Product - Associates Distribution (Websense Value Added Distributor) representatives;
McAfee Data Loss Prevention (DLP) Product - Associates (McAfee ElitePartner Solution Provider) representatives;
Digital Security Office LSM - comprehensive solution for lifecycle management of information security control system in a company.
New Solutions by SecurIT: secure data storage and protection against insiders;Innivations by PineApp Ltd
New security management technology: correlation system of RSA envision events;
Innovative approach to security of database management systems - RSA Database Security Manager

Round-table meeting: Modern Approaches to Protection Against Insiders: from "pinpoint" to comprehensive
The problem of insider threat has been existing from the moment of the fist computer invention. However until now little attention was paid to it. IT security specialists concentrated their efforts on anti-spam fight and hackers attacks and practically ignored issues of protection against insiders. Recent years are marked with rapid development of specialized It security systems (ILD&P)

Issues: What's IT threats? What necessary functions should a modern ILD-P solution have? What are the main trends of market development? Special emphasis will be put on discussion of "pinpoint and comprehensive security" during which participants will share their views concerning protection against insiders.

Moderator: Rustem Khairetdinov, Commercial Director, InfoWatchParticipants: Andrey A. Gritsienko, Head of Information Security Service, Vozrozhdenie Bank; Alexey Cherednichenko, Technical Expert, Symantec; Yury Lysenko, Head of Information Security Division, RosEuroBank; Dmitry Ustiuzhanin, Head of Information Security Department, ÎÀÎ "VympelCom"; Alexey I. Kuleshov CISSP, CISA, Senior Consultant of Security Consultant, NVision Group; Alexander Mikhailov, Technologies and Professional Services Director, Associates

Authentication Based on Risks. Fraud Protection; Solutions for Banks
EMC representatives

The Past and The Future of Universal Means of Protection Against Malicious Programmes and Internet Threats
Mikhail Kondrashin, Head of the Competence Centre, Trend Micro Russia & CIS

Aspects of Information Security of Applied Systems

Open Technologies Seminar:

• requirements of regulating authorities for information security
• Open Technologies approach to information security of the whole lifecycle
• construction of a comprehensive information security system
• specialized information security solutions