information security research program henry lee manager, security policy and research office of the...
TRANSCRIPT
Information Security Research Program
Henry LeeManager, Security Policy and Research
Office of the Chief Information OfficerDecember 2007
Information Security Branch
Security Strategies Security architecture, Policy and standards, Research, Application security
Compliance Mgmt. Compliance
management, Audit, Compliance reporting
Chief Info. Security Officer Governance for Information Security
Advisory Services Security consulting, Specialist Services, Awareness
Investigations and Response Investigations, Forensics, Response, Tracking and reporting
Information Security Research Program
• Part of Information Security Program• Developed in 2006; Approved in 2007• Goal
• Promote information security research• Build security research network to facilitate
research activities in the province• Enhance info. sharing with research community
Areas of Interest
• Enterprise architecture and security management• Trust and identity• Security properties and vulnerabilities• Incident response and recovery• Forensics, trace-back and identification• Application security• Metrics and models• Governance, social and economic issues
Activities
• Issue information security research grants• Engage in post-secondary curriculum
development• Organize conferences and workshops• Perform internal research• Build research centres of excellence
Outcomes in 2007
• Information Security Research Grants– Issued $2.5 million for 30+ projects of
9 universities and colleges in the Province– Research focus:
• Cyber Crime (e.g., child pornography, image detection)• Network Security (e.g., network pattern/traffic
analysis, etc.)• Identity Management
Outcomes in 2007
• Post-secondary curriculum development– Collaboration with University of Victoria
(Departments of CS and ECE)– Developed two new courses and revised three
existing courses– Created Security Option within Bachelor of
Software Engineering program– New course will be delivered in Fall 2008
Outcomes in 2007
• Conferences and workshops– Organize two annual conferences:
• Privacy and Security (February)• West Coast Security Forum (November)
– Periodic events within the public sector• Security Day (Semi-annual)• Protection of Information Awareness (As requested)
Outcomes in 2007
• Internal research– Over ten research papers – Guidance for senior management decision
making and policy development– Survey from IM/IT leaders in the public and
private sectors to seek best practices– Collaborate with consulting networks (e.g.,
ISF, CEB, NCSIP)
Outcomes in 2007
• Research centre of excellence– Under planning– Centres specialized in specific security issues– Provide an interdisciplinary forum to bring
collaboration between security researchers
Future Plan
• Extend research areas • Support more projects• Engage more researchers and bring more
active collaboration locally and internationally• Invite more security talent to the Province• Create a research ecosystem
