Day One Tuesday 3rd October 2006
Defining Responsibility in the Mobile Security Value Chain and Understanding the Business Case for Pre-emptive Security Solutions
Registration and Coffee
08:30
Speed Networking
09:00
Your opportunity to get to know your peers before
the start of the conference and set a relaxed and informal atmosphere
Opening Remarks
09:15
- Chairman: Jack Wraith MBE, CEO & Director, Telecommunications UK Fraud Forum (TUFF)
Understanding Responsibility and the Role of Co-operation in Developing Effective Mobile Security Solutions
Assigning Responsibility to Different Players in the Mobile Security Value Chain to Ensure Comprehensive and Robust Security Solutions
09:30
INDUSTRY FORUM
- Defining responsibility within the mobile security value chain and the role of the various players within it:
- Operators
- Device manufacturers
- Application providers
- End-users and enterprises
- How can players in the mobile value chain effectively work together to ensure robust and trusted security solutions?
- Effectively allocating responsibility for different layers of security to ensure optimum interworking
- Examining the extent of end-user responsibility within the enterprise and consumer markets
- Jack Wraith MBE, Chairman, Mobile Industry Crime Action Forum (MICAF), UK
Examining the Role of Standardisation within Mobile Product Security to Build Robust Security Strategies
10:00
INDUSTRY FORUM
- Outlining current malware threats and potential future security challenges
- How can mobile device security be standardised and what is the effect of standardisation?
- Detailing the perspective of Nokia on the Trusted Computer Group’s security specification
- To what extent can TCG initiatives increase the security protection of the mobile user?
- Janne Uusilehto, Head of Product Security, Nokia Corp., Finland and Chair, Mobile Phone Work Group, Trusted Computing Group
What is the Extent of the Mobile Security Challenges Facing Operators and their Customers Today?
10:30
PANEL DEBATE
The debate surrounding the true extent of mobile
security threats is heated. Is a major virus attack imminent? Are mobile
devices likely to encounter large-scale hacking? Do mobile operating
systems suffer the same vulnerabilities as their fixed counterparts?
Or is the threat continuing to be overstated? This session will let
you join the debate on the true nature of the mobile security threat
today:
- How do different players in the mobile value chain view the current threat and are these views justified?
- Are the views of operators and vendors moving further apart?
- To what extent are viruses still a challenge facing operators?
- Have many of the issues that vendors are still flagging been solved by operators, device manufacturers and software developers?
- Paulo Simoes, Innovation Unit, TMN, Portugal
- Janne Uusilehto, Head of Product Security, Nokia Corp., Finland and Chair, Mobile Phone Work Group, Trusted Computing Group
- Frank Zabawa, Corporate Security / Mobile Security, o2 GmbH & Co.OHG, Germany
- Janine Joubert, Forensic Services Risk Manager, Vodacom, South Africa
Networking Coffee Break
11:00
Assessing the Need and Success for Co-operation and Co-operative Alliances in Building Viable and Cost Effective Security Strategies
11:30
INDUSTRY FORUM
- The need: Outlining the need for co-ordination across co-operative alliances
- Current landscape: Objectives and membership of current co-operative initiatives:
- GSMA
- 3GPP
- Trusted Computer Group
- Trusted Mobile Platform
- OMTP
- Progress so far:What have these bodies achieved to date and what are their future plans?
- Going Forward: Assessing the limitations interworking between alliances and how this impacts their effectiveness
- How can they work together? How do they work together?
- Why: what should my company do? Where should it get involved?
- Nick Allott, Chief Technical Director, OMTP
Mobile Security – A Customer's Worst Nightmare or a Tale with a Happy Ending?
12:00
OPERATOR
- Detailing the development of mobile services and the related risk
- Examining mobile security from a customer perspective and its impact on the strategic planning of mobile security measures
- What is ‘mobile’ security from a customer perspective?
- Frank Zabawa, Corporate Security / Mobile Security, o2 GmbH & Co.OHG, Germany
Integrating M-commerce into the Business Case for Mobile Security
12:30
OPERATOR
- Minimising the security threats to m-commerce and gaining consumer trust to drive the adoption of m-commerce services
- Identifying m-commerce security risks and measuring consumer trust in the service
- Outlining the ideal m-commerce transaction experience as designed by customers
- Examining the ways operators are building trust and meeting security challenges of m-commerce
- Janine Joubert, Forensic Services Risk Manager, Vodacom, South Africa
Developing the Business Case for Mobile Security and Examining Drivers for the Adoption of Mobile Security Solutions
Networking Lunch
13:00
Effectively Educating the End-user to Ensure Maximum Buy-in for User Led Security
14:15
INDUSTRY FORUM
- Which players in the security value chain are responsible for educating the end-user?
- What education strategies are available to operators and how can end-user buy-in be secured?
- Removing security as a barrier to usability:
- Making security an integral and simple part of the user experience
- Leveraging security education as a means of gaining end-user trust
- Scott Cadzow, Director, Cadzow Communications Ltd, UK and Vice Chair, Lawful Interception, ETSI Technical Committee
Defining and Meeting the Unique Security Requirements of the Enterprise Market to Win the Trust and Loyalty of Your Enterprise Customer
14:45
- Examining the security requirements of wireless and mobile enterprises
- Securing remote access to company data
- Retrieving and protecting lost data
- Educating the workforce
- Who do enterprises hold responsible for mobile security?
- What security services and support do enterprises expect from network operators?
- How can operators leverage enhanced security features as a marketing tool for value-added service?
- Exploring current enterprise security initiatives and how operators and enterprises can effectively work together
- Tore Orderløkken, Manager, Norwegian Centre for Information Security, Norway
Effectively Dealing with the Increasing Threat from Viruses,Worms and Trojans to Mobile Terminals
15:15
OPERATOR
- Examining T-Mobile’s response to the security challenges of viruses, worms and trojans for mobile terminals and comparison with the fixed line business
- Outlining expected developments in mobile security
- Assigning roles and responsibilities within an organisation to implement effective security strategies
- Effectively mitigating mobile security risks and overcoming the challenges faced by operators
- How should the mobile industry work together in order to overcome mobile security challenges?
- Stefanus Römer, Product Manager, Internet & Internet Access Products, T-Mobile International, Germany
Networking Coffee Break
15:45
Outlining Security Regulations and Requirements and their Impact on the Mobile Security Business Case
16:15
- Examining the business impact of current EU & US legislation
on mobile security
- To what extent is legislation compelling operators to invest in mobile security solutions?
- How does regulation affect the business case for mobile security implementation?
- Planning effective mobile security strategies to met the requirements of directives such as Sarbanes Oxley and the European Commission 8th Directive
- Exploring security audit requirements within current legislation
- Collecting, collating and analysing usage logs
- Seamus Reilly, Senior Manager, Security Team, Ernst & Young, UK
To What Extent is the Operator Responsible for Protecting the End User from the Threat of Identity Theft?
16:45
PANEL DEBATE
Identity theft is the fastest growing crime in the
world.With personal data increasingly being stored on mobile devices,
identity theft poses a major security concern for the mobile industry.
This panel will look at the nature of the threat and how different mobile
players can work together to manage the risk:
- To what extent are end-users currently protected from the threat of identity theft?
- What is the role of the operator in protecting the identity of their customers?
- Are consumers aware of the risks of identity theft when using mobile devices for personal data storage and m-commerce?
- Are the different players in the mobile security value chain effectively co-operating to mitigate the risk to the end user?
- Stefanus Römer, Product Manager, Internet & Internet Access Products, T-Mobile International, Germany
- James Allen, Head of Fraud, Orange Group Fraud & RA, UK
- Tore Orderløkken, Manager, Norwegian Centre for Information Security, Norway
- Andy Thompson, Managing Security Architect, Capgemini, UK
End of Day One and Networking Drinks Reception
17.15
Day Two Wednesday 4th October 2006
Developing Effective Strategies to Manage the Threats and Challenges of Mobile Security
Registration and Coffee
08:45
Opening Remarks
09:15
Chairman: Abraham Joseph, CEO, Inteligentis Ltd,
UK
Understanding Existing Mobile Security Challenges to Inform the Deployment of Mobile Security Strategies
Developing Effective Strategies to Protect Against the Threats from Mobile Malware
09:30
OPERATOR
- Outlining the evolution of mobile malware and its implication for mobile operators
- Making effective and comprehensive risk assessments and setting security targets
- Deploying effective counter measures to combat the threat of mobile malware
- Marcel Zumbuehl, Head of Security, Swisscom Mobile, Switzerland
Building the Business Case for Pre-emptive Mobile Messaging Security Measures
10:00
OPERATOR
- Examining TMN's business case for investing in anti-messaging abuse strategies
- Developing flexible security strategies to encompass future network and service development
- Applying the learnings from TMN's anti-messaging abuse strategy to inform operator's security planning
- Paulo Simoes, Innovation Unit, TMN, Portugal
Live Demonstration of Hacking Mobile Applications Mobile phone applications enable financial transactions but can we trust the technology?
10:30
LIVE DEMO
This demonstration shows how mobile applications
can be used to attack the systems they interact with. It also looks
at an emerging threat; mobile phone phishing, whereby users are redirected
to bogus systems.
- Ken Munro, Managing Director, and Rob Pope, Technical Director, SecureTest, UK
Achieving Effective Network Security by Balancing Reuse and Enhancement of Existing Resources
11:00
OPERATOR
- Can existing 2G security infrastructures be adapted to cope with thechallenges of 3G networks
- Developing scalability in security infrastructures to mitigate the need for large-scale investment in future technologies
- Achieving cost savings through partnerships with other players in the mobile security value chain
- Sharing best practices as a path to cost savings
- Using security metrics to quantify and demonstrate security improvements and cost efficiencies
- Colin Blanchard, Security Risk and Compliance, BT, UK
Networking Coffee Break
11:30
Developing Startegies to Protecting Customers from Malicious Software
12:00
OPERATOR
- What is the operator community doing to protect their customers?
- Restricting sensitive functions on the device
- Usability and security - how does the customer react to security prompts on the device?
- Presenting findings from the OMTP study into security usability on devices
- Education - the best way of protecting the customer?
- Balancing the desire of some customers to install software from any source with the need to protect those with no technical knowledge
- Tim Haysom, Industry Relations Manager, Orange, UK and Board Director & Security Project Lead, OMTP
Examining Application Signing and its Relevance for Developers, Vendors, Mobile Operators and other Content Providers
12:30
OPERATOR
- Exploring the need for application signing and its impact on mobile security
- Outlining the concept of application signing, device application security frameworks and signing schemes
- Examining the current market situation: what has been achieved so far, what are the biggest challenges and what are future developments?
- What are the implications for the stakeholders? Which role should operators and other content providers take? What does this mean for application developers?
- Katrin Jordan, Marketing, Standards & Enablers, T-Mobile International, Germany
Networking Lunch
13:00
Examining Threats to Mobile Devices and Operating Systems to Inform the Operator's Mobile Security Strategy
Using Security Information Management Solutions to Manage Mobile Malware
14:15
- Examining the nature and extent of the threats being faced by the mobile industry today
- Exploring whether current handset-based security strategies being implemented by operators are likely to be sufficient response to this growing problem
- Detailing the benefits of more comprehensive 'defence-in-depth' strategies
- Demonstrating how operators can incorporate advanced network-based threat detection, analysis and countermeasure tools in the solution of this problem
- Jonathan Martin, Senior Consultant, ArcSight Limited., UK
Examining the Strategies for Securing Mobile TV and Other Broadcast Services
14:45
OPERATOR
- The lessons from pay-to-view TV...and the differences
- What are the main security threats to broadcast services?
- What are the options for security, and how do they compare?
- There is big money in broadcast service piracy. Is damage limitation all we can hope for?
- Steve Babbage, Security Technologies Manager & Group Chief Cryptographer, Vodafone Group R&D, UK
Networking Coffee Break
15:15
Examining Developments in Mobile Device Security and Exploring Existing Security Challenges in Current Handset Offerings
15:45
- Outlining the specific security challenges of mobile devices
- Hacking
- Device theft
- Malware
- How are mobile device manufacturers tackling attacks on their handsets?
- Are new devices robust enough?
- Addressing security threats through joint industry cooperation between operators and manufacturers
- David Rogers, Product Security Specialist, Panasonic Mobile, UK
Differentiating Your Service Offering Through Robust Security Strategies
16:15
- Positioning mobile security within an operator's strategic plans:
- Transforming security from a cost centre to a profit centre
- Selling security as a premium service
- Protecting against fraud, network downtime and loss of critical
information
- Quantifying the potential value-add of different security strategies
- Leveraging security as a marketing tool to re-assure the customer and win strategic partnerships with content providers
- Examining incident management strategies when security solutions fail to protect against viral attack or large-scale fraud
- Daniel Hallen, Global Director Mobile Products, McAfee, US
Does Mobile Device Security Represent the Weakest Link in the Mobile Security Value Chain?
16:45
PANEL DEBATE
With increasing device theft and loss, connectivity
to the internet and corporate networks and with PC like operating systems,
the security challenges surrounding mobile devices have multiplied in
recent years. This session will let you join the debate surrounding
mobile device security:
- Do mobile device vulnerabilities represent the weakest link in mobile security?
- Assessing the limitations of devices as effective means of securing data and content:
- Limited battery life, processing power and data storage
- Are device manufacturers doing enough to secure their products from potential security risks?
- David Rogers, Product Security Specialist, Panasonic Mobile, UK
- Seamus Reilly, Senior Manager, Security Team, Ernst & Young, UK
- Colin Blanchard, Security Risk and Compliance, BT, UK
Ensuring the Security and Quality of Service for Fixed-Mobile Convergence Services
17:15
- Examining the new Internet-based security and quality-of-service
risks that will face operators in a FMC environment
- network worms
- distributed denial-of-service attacks
- bandwidth hijacking
- Outlining the specific security elements as defined by the 3GPP IMS and UMA standards
- How does network dimensioning define the nature of security solution requirements?
- Exceeding 3GPP specifications to enable end-to-end FMC infrastructure security
- Ensuring scalability of network security solutions and future proofing security investments
- Cam Cullen, VP Marketing, Reefpoint, USA
End of Day Two
17:45
Day Three Thursday 5th October 2006
Generating Revenue and Examining the Solutions for Ensuring Mobile Security in Next Generation Services
Registration and Coffee
8:45
Opening Remarks
09:15
- Chairman: Scott Cadzow, Director, Cadzow Communications Ltd, UK
Exploiting the Revenue Generating Potential of Robust Mobile Security Strategies
Making DRM a Key Component of the Mobile Content Business Model
09:30
Content Producer
- Examining current DRM technologies and strategies: how is the industry protecting mobile content and are the content providers satisfied with current solutions?
- How are mobile and online services (and DRM) converging?
- Using DRM as a marketing tool for innovative business models and user propositions
- Pierre-Emmanuel Struyven, SVP Product & Business Development, Universal Music Mobile Intl, France
Security and the Mobile Content Business Model – Ensuring Service and Usability from the Operator Perspective
10:00
OPERATOR
- Building trusted relationships with content providers
- Protecting mobile content by effectively working with content providers
- Examining different services and responsibilities within the content market and their implications for DRM, PKI etc.
- Outlining the steps of digital evolution and achieving convergence in practice
- Assessing the usability and operator experiences of mobile music services
- Effectively balancing the security and the marketing of mobile content
- Ove Fagerlund, Development Manager, TeliaSonera, Finland
Moving Mobile Security from a Cost Centre to a Profit Centre
10:30
PANEL DEBATE
With the advent of a raft of new services that require
robust mobile security solutions, mobile security possesses the potential
to become a business driver and profit generator. What is the extent
of this potential and can it be effectively quantified? How can mobile
security managers present this potential to the board? This session
will let you join the debate on the revenue generating potential of
mobile security:
- Can mobile security be realistically sold as a revenue generator?
- What are the business models that enable security to move to a profit centre?
- Integrating security into an operator's marketing strategy to enterprises and consumers
- Daniel Hallen, Global Director Mobile Products, McAfee, USA
- Liisa Kanniainen, Workgroup Executive, Mobey Forum
- Dr.Willms Buhse, Member Executive Board, CoreMedia, Germany & Vice-Chair, Open Mobile Alliance (OMA)
Networking Coffee Break
11:00
To What Extent is Mobile Security Essential to the Success of M-Commerce?
11:30
M-Commerce Provider
- What role does security play in the m-commerce business model?
- Exploring the security of current m-commerce services
- Examining the roles of different players in the m-commerce security
eco-system:
- Mobile operators
- Device manufacturers
- Financial institutions
- Security vendors
- Examining the security strategies open to operators and m-commerce
service providers:
- Removable hardware – SMC, (U)SIM, ASUSB
- Embedded chips
- Software based solutions
- Overcoming the unique authentication challenges of prepaid customers
- Frank Verhulst, IBA Architecture & Innovation Implementation Manager, M-Commerce, Rabobank, Netherlands
Meeting the Mobile Security Requirements of Financial Service Providers and Examining their Impact on M-Commerce Business Models
12:00
INDUSTRY FORUM
- Outlining the security requirements of financial service providers
- How do these security requirements impact operators and the business case for m-commerce services?
- Assessing alternative business model scenarios in response to m-commerce security requirements
- Detailing the Mobey Forum's analysis of the m-commerce business eco-system
- Liisa Kanniainen, Workgroup Executive, Mobey Forum
Driving the Adoption of M-Commerce by Creating Trust in Mobile Networks and Services: Overcoming the Security Challenges Ahead
12:30
- Making usability compatible with trust and dependability
- Exploring trust and security models for mobile and wireless networks
- Examining the business case for built-in security measures to create end-user trust
- Detailing the security challenges addressed by the European Security Taskforce and their implication for operators
- Dr. Sathya Rao, Director, Telscom AG, Switzerland and former Technical Director, SEINIT
Networking Lunch
13:00
Developing Effective Strategies to Secure Next Generation Networks
Integrating the Security Considerations of IMS into Operators' Future Network Planning
14:15
OPERATOR
- What role does security play in the business case for the deployment of IMS based networks and service offerings?
- Outlining the security challenges IMS implementation will present
the operator:
- Opening of the packet voice and data network to the public Internet
- Multiple devices with single identities accessing the network at any one time
- Denial of Service attacks on the IMS core elements
- Targeted SIP Dos attacks and their potential in a NGN network
- Internet, GRX and other separated networks - different worlds and their secure interconnection in providing a seamless service to customers
- Examining the role of Media and Application Layer Gateways and Session Border Controller in securing IMS networks
- Guaranteeing QoS is not lost at the expense of strong network security
- What is offered (e.g. BCPs, whitepapers, standards, drafts) from various communities (3GPP, IETF, NSA, ...) to secure the IMS-service?
- Erich Hochstoeger, Mobile Service Networks, Expert System Engineer, Mobilkom, Austria
What Role Can the (U)SIM Play in Enabling Robust Security for Operators?
14:45
OPERATOR
- Exploring the enhanced ability of the SIM card to protect the private key
- Exploiting the existing relationship between the end-user and the SIM in creating security usage models
- Is the SIM the most secure environment for mobile transactions?
- Examining the remotely configurable nature of the SIM as a means of deploying security keys and remotely blocking unauthorised transactions
- Exploring the enhanced security features of the USIM
- Víctor Gayoso Martínez, Handsets & Smart Cards Department, Telefónica Móviles, Spain
Implementing a Handset Architecture that Enables Reduced Time, Cost and Liability of Deploying Secure Services and Provisioning of Applications
15:15
LATE ADDITION CASE STUDY
- Looking at the challenges facing handsets today to enable secure services
- Examining ways to reduce fragmentation specific to secure applications
- Effective handset architecture to enable a more effective deployment of secure services and applications at lower cost and faster time to market
- Impact of improved handset security robustness on operator strategies
- Jay Srage, WW Product Strategy Manager, Celluar Systems, Texas Instruments, USA
Networking Coffee Break
15:45
Learning from the Implementation of Fixed VoIP Security Solutions and Applying Fixed VoIP Best Practices to Wireless VoIP
16:15
VoIP PROVIDER
- Overcoming the security threats of fixed VoIP:
- Hacking
- Automated SPAM messages
- Phising requests
- Examining the role of VPNs in securing VoIP infrastructures
- Segmenting VoIP traffic over its own VLAN to avoid attacks against data traffic
- Assessing the unique risks of wireless VoIP networks and dual mode handsets
- How can best practices of fixed VoIP security be applied to wireless VoIP?
- Mark Osbourne, Chief Information Security Officer, Interoute Ltd, UK
Does the Risk of Financial Loss Stemming From VoIP Security Weaknesses Negate the Potential Cost Savings?
16:45
PANEL DEBATE
As operators and telecoms service providers push
ahead with deployments of VoIP and wireless VoIP the questions surrounding
the security vulnerabilities of these technologies remain. VoIP service
providers will have to convince enterprises and consumers that VoIP
is a secure means of communication before widespread adoption is achieved.
This session will let you join the debate on VoIP and wireless VoIP
security issues:
- To what extent are security concerns holding back the adoption of VoIP and wireless VoIP?
- Do the cost savings of VoIP services outweigh the potential loss from security breaches through VoIP?
- How are VoIP service providers addressing security vulnerabilities and educating customers of these solutions?
- Can non-VoIP operators exploit the weaknesses in VoIP security as a means of combating the substitution of their services for VoIP?
- Scott Cadzow, Director, Cadzow Communications Ltd, UK and Vice Chair, Lawful Interception, ETSI Technical Committee
- Mark Osbourne, Chief Information Security Officer, Interoute Ltd, UK
- Abraham Joseph, CEO, Inteligentis Ltd., UK
Chairman's Closing Remarks and End of Conference
17:15
