Opening Plenary Welcome Addresses: Norbert Pohlmann (Chairman of the Board, TeleTrusT, Germany), David Goodman (Chairman of the Board, eema, UK), Andrea Pirotti (Executive Director, ENISA)

Francisco Ros (Secretary of State for Telecommunications and Information Society, Ministry of Industry, Tourism and Trade, Spain), Francisco García Morán (Director General, Directorate General Informatics, European Commission)

Coffee and Networking Break

Opening Plenary: Chris Kenworthy, Senior Vice President, McAfee Inc., USA. “Evolving cyber-threats and corporate challenges to combat user, web and data risks” Detlef Eckert, Advisor Directorate General for Information Society and Media, European Commission. “Security and IPv6: Challenges and Opportunities” Introduction to sessions: Ronald De Bruin (ENISA) and Session Chairs

Lunch Break

ISSE-Track 1 ISSE-Track 2 ISSE-Track 3 Spanish Track Special Interest n Zaragoza I & II n Toledo III n Toledo I n Toledo IV n Toledo II Trusted Computing Security Management Privacy and Data Protection Awareness and Security education German Workshop. European Citizen Cards: Chair: Wolfgang Schneider, Deputy Institute Chair: Jeremy Hilton, Lecturer, Cardiff Chair: Madeleine McLaggan, Commissioner Chair: Jorge Chinea, Coordinator Area, New Standards, Key Applications, Security Director, Fraunhofer Institute SIT, Germany University, UK Data Protection Commission, Netherlands INTECO-CERT Framework. Chair: Bernd Kowalski, President of Department BSI, Germany

Trusted Storage: Putting Security and Integrating Rights Management into the Freedom and Security - Responses to Security Training in Spain Usage of electronic citizen cards in Data Together Enterprise Fabric the Threat of International Terrorism Javier Algarra, Responsible for Training and, banking: opportunities & challenges Michael Willett, Senior Director, Seagate Bill Shapiro, Engineering Manager, Adobe Marie-Theres Tinnefeld, Professor, University Coordination, CCN-CERT Matthias Büger, Head of Management Research, USA Systems, Inc., USA of Applied Sciences Munich, Germany Services, Deutsche Bank, Germany

Trust in Consumer Electronics The Information Security Framework The Anonymity vs. Utility Dilemma The user’s security education Security Requirements for One Stop Stefan Katzenbeisser, Assistant Professor, for Daimler Financials Services and its Michele Bezzi, Senior Researcher, SAP Manuel Ransan, Coordinator Area, Government Security Engineering Group, Darmstadt Implementation Research, France INTECO-CERT Georg Schäfer, Head of division “IT techology University of Technology, Germany Lenka Fibikova, Senior Information and IT law”, Ministry of the Interior of Baden- Security Specialist & Roland Müller, Corporate Württemberg, Germany Information Security Officer, Daimler Financial Services AG, Germany

NAC 2.0 - Unifying Network Security Information Security Status in A New Framework for Data Privacy Security education in industry Infrastructures and Middleware for the Steve Hanna, Distinguished Engineer, Organisations 2008 Management Sofia Moreno, eSEC SECRETARIAT - application of eID cards in eGovernment Juniper Networks, USA Anas Tawileh, Researcher, Cardiff John Sabo, Director Global Government Spanish Technological Platform for the Thomas Walloschke, Business Development University, UK Relations, CA, Inc., USA Security and Dependability, AETIC Manager, Fujitsu-Siemens, Germany

Coffee and Networking Break

Network Security Identity Management Session continued Security Trends Session continued Chair: Norbert Pohlmann, Chairman of the Chair: Ingo Naumann, Seconded National Chair: Joachim Rieß, Chief Officer Corporate Chair: Alberto Lopez, Project Manager Chair: Bernd Kowalski, President of Board, TeleTrusT, Germany Expert, ENISA Data Protection, Daimler AG, Germany INTECO Department, BSI, Germany

Towards real interoperable, real Quantified trust levels for Securing Wiki-Style Technology in the Information security industry: state Securing Contactless Chips with PACE trusted network access control authentication Global Enterprise: The Competing Tensions of the art Dennis Kügler, BSI, Germany experience from implementation and Ivonne Thomas, PhD student, Hasso-Plattner of Privacy Law and Distributed Collaboration Jose de la Peña, Director, SIC application of Trusted Network Connect Institute, Germany Thomas Daemen, Senior Attorney, Microsoft Josef von Helden, Professor, University of Corp., USA Applied Sciences and Arts Hanover, Germany

Empirical research of IP blacklists Identity management in open Cure or Curse? The European Union’s Role Electronic Fraud Panel: European Standardization and Christian Dietrich, Project Leader & environments in Cyber Security Governance Lessons María Luisa García Tallón, Chief Claims national Concepts Christian Rossow, Research Assistant, Manel Medina, Professor, University of learned, chances and challenges Service, Banco de España University of Applied Sciences Gelsenkirchen, Catalunya, Spain Henning Hehemann, PhD-Student, University Germany of Muenster, Germany

GIDRE: Grid-based Intrusion Detectio Identity management and privacy Governmental Control of the Internet Cyberterrorism and Response Environment languages technologies Improving user in addressing law enforcement and Alicia Álvarez, General Sub-Director of Olimpia Olguín, PhD student, University control of data privacy national security information and communication systems of Catalunya, Spain Carlos Alberto Gil García, R&D, Engineer, Murdoch Watney, Professor, University of for security, Ministry of Interior Telefónca Investigación y Desarrollo, Spain Johannesburg, South Africa

Conference Programme DAY 1, TUESDAY 7 OCTOBER 2008 10.00 – 18.00

10.00- 11.00

11.00- 11.30

13.00- 14.30

11.30- 13.00

16.00- 16.30

14.30- 16.00

16.30- 18.00

This presentation can be found within your copy of ‘ISSE 2008 Securing Electronic Business Processes’

Panellists: Matthias Büger, Deutsche Bank Thomas Walloschke, Fujitsu-Siemens Georg Schäfer, Ministry of the Interior of Baden-Württemberg Dennis Kügler, BSI Arno Fiedler, ETSI Olivier Delos, Sealed, Belgium Gemma Deler, Applus, Spain

Panel: Assessing the International Response to Information Security Attacks - Moderator: Howard Schmidt, (ISC)2 Security Strategist and former White House Cyber Security Advisor, USA

Panellists: Mary Ann Davidson, Chief Security Officer, Oracle Corporation, USA; Nick Coleman, Independent Reviewer, Cabinet Office, UK; Aizu Isumi, former Principle, Asia Network Research, Japan

Introduction to sessions: Ronald De Bruin (ENISA) and Session Chairs

Coffee and Networking Break

ISSE-Track 1 ISSE-Track 2 ISSE-Track 3 Spanish Track Special Interest n Zaragoza I & II n Toledo III n Toledo I n Toledo IV n Toledo II Fraud Evaluation and Detection Biometrics Large Scale Public Applications Digital Identity Resilient eCommunication Networks – Chair: Günther Welsch, Managing Chair: Helmut Reimer, Senior Partner, Chair: Francisco Jordan, Chief Technology Chair: Marcos Gomez, eTrust Subdirector How far are we? Director, TeleTrusT, Germany TeleTrusT, Germany Officer, Safelayer Secure Communications INTECO Chair: Evangelos Ouzounis, ENISA S.A, Spain Jesús Rivero, Editor, a+)) auditoría y seguridad

OTP and Challenge/Response Biometrics and ID Cards, enablers for Commercial Application based on DNIe (Spanish eID) reality, perspective and algorithms for financial and personal security European Citizen Card (ECC) standards opportunities e-government identity assurance current Andreas Reisen, Head of Biometrics, Travel Online-Bank Web Service Juan Crespo, Communications, Security and landscape and trends and ID Documents, Registration Division Christian Zipfel, Head of Sales Europe & Support for Computer Systems, DGP, Philip Hoyer, Senior Architect, ActivIdentity, UK Federal Ministry of the Interior, Germany CIS, Giesecke & Devrient, Germany Ministry of Interior

NSA Suite B and its significance for Match-on-Card Biometrics, its integration to Electronic Signatures for Public Protection profiles for applications non-USA organisations Smart Card Technology Procurement across Europe with the Spanish national electronic Klaus Schmeh, Product Manager, cv Jonas Andersson, Vice President Business Jon Ølnes, Principal researcher, DNV identity card (DNI -e, Spanish eID) cryptovision, Germany Development, Precise Biometrics, Sweden Research & Innovation, Norway Elisa Vivancos, Senior Consultant, INTECO

The State of the Art in Windows Memory Agatha: Multimodal Biometric Towards interoperability and mutual Success Cases: Forensics Authentication Platform in Large-Scale recognition of eSignatures - Results of the Digital Identity (Spanish eID) success case: Andreas Schuster, Computer Forensic Databases European Study on the standardisation eBank Examiner, Deutsche Telekom AG, Germany Javier Rodríguez Saeta, R&D Director, aspects of eSignatures and of its follow-up Jose Antonio Lozano. Security chief. CCI SeMarket, S.A., Spain Olivier Delos, Managing Partner, Sealed, DNIe (Spanish eID) success case: eBill. Belgium Sebastian Muriel. Director Red.es Success stories: Practical application in the mobility of the advanced digital signature with the Spanish National Electronic Identity Card (DNI-e, Spanish eID) Iñigo Tomé, Senior Consultant, INTECO

Lunch Break

Sponsor Keynote

Research In Motion Privacy and Authentication in the Mobile World

Sponsor Session

Fortify (Subject to be submitted)

Sponsor Keynote

TeleTrusT Deutschland e.V. Presentation of the best candidates for the Innovation Award

Coffee and Networking Break

Conference Programme DAY 2, WEDNESDAY 8 OCTOBER 2008 9.30 – 18.00

9.30- 11.00

11.00- 11.30

13.00- 14.15

11.30- 13.00

15.00- 15.30

14.15- 15.00

Panellists: Andreas Servida, European Commission, DG INFSO/A3

Joern-Uwe Heyder, Federal Office for Information Security (BSI) and ENISA’s Management Board Alternate Member, Germany

Andrew Cormack, JANET(UK) and ENISA’s Permanent Stakeholders Group, UK

Cayetano Carbajo, Corporate Infrastructures Director Telefonica, Spain

Simon van Merkom, Ministry of Economic Affairs, The Netherlands

Sponsor Sessions 09.30-10.00 CoreStreet Citizen ID Projects: the challenge of making credentials work!

10.00-10.30 GigaTrust How Dutch Bank, ING Direct enhanced their security to protect highly

sensitive information

10.30-11.00 Telindus Solving the risk management challenge cost-effectively

Conference Programme Day 2 continued overleaf

15.30- 16.00

This presentation can be found within your copy of ‘ISSE 2008 Securing Electronic Business Processes’

Panel: Social Networking and Social Aspects of IT-Security - Moderator: Johannes Wiele, Editor, LANline, Germany Panellists: Dirk de Maeyer, Manager Advisor, KPMG, Belgium; Paolo Balboni, Associate, Baker & McKenzie, Italy; Anja Beyer, PhD Student, TU Ilmenau, Germany; Jussi Jaakonaho, Chief Advisor, Enterprise Risk & Security, Nokia, Finland; Werner Degenhardt, Academic Director, Ludwig-Maximilians-University Munich, Germany Introduction to sessions: Ronald De Bruin (ENISA) and Session Chairs

Coffee and Networking Break

ISSE-Track 1 ISSE-Track 2 ISSE-Track 3 Spanish Track n Zaragoza I & II n Toledo III n Toledo I n Toledo IV PKI based Security Services Web 2.0 Security Services VoIP Security Critical Infrastructures Chair: Jon Shamah, EMEA Sales Director, CoreStreet, UK Chair: Ronny Bjones, Security Technology Architect, Chair: Jussi Jaakonaho, Chief Advisor Chair: Francisco Villanueva Diez, Senior Consultant of the Microsoft EMEA, Belgium Enterprise Risk & Security, Nokia Corp., Finland General Sub-direction of information and communication systems for security, Ministry of Interior

Development and Implementation of an Symmetric Key Services Markup Language Securing VoIP Networks, Attacks, The need of a National Critical Encryption Strategy for a global Enterprise (SKSML) - A protocol that finally protects what Vulnerabilities and Countermeasures Infrastructure Protection Guido von der Heidt, Topic Manager Public Key matters the data Peter Thermos, CTO, Palindrome Technologies, USA Miguel Angel Abad Arranz, Responsible Area, Infrastructure & Corporate ID Card, Siemens, Germany Arshad Noor, CTO, StrongAuth, Inc., USA CNPIC, Ministry of Interior

ING Corporate PKI, a cross-border and cross-application Managing compliance with regulations and SPAM over Internet Telephony and how to deal The UME (Spanish military emergency) experience security mechanism can one size fit all? governance standards for Service Oriented with it Captain Leopoldo Santos, Captain Engineer, Frank Kraamwinkel, Product Manager ING Corporate PKI, Architecture using Model Driven Security Rachid El Khayari, Researcher, Fraunhofer SIT, Germany Ministry of Defence ING Payments & Cash Management, Netherlands Ulrich Lang, CEO, ObjectSecurity Ltd., UK Transforming Mobile Platform with PKI-SIM Card The Collision of SOA, Web services, & IAM - Influence of Security Mechanisms on the Quality Challenges for the Protection of Critical ICT into an Open Mobile Identity Tool How to Architect Security Without Getting Crushed of Service of VoIP, Peter Backs, System Developer, Based Financial Infrastructures Konstantin Hyppönen, Researcher, University of Matthew Gardiner, Sr. Principal Product Sirrix AG & Norbert Pohlmann, Professor, FH Henning Arendt, Consultant, @bc®, Germany & Bernhard Kuopio, Finland Marketing, CA, Inc., USA Gelsenkirchen, Germany Hämmerli, CEO, ACRIS GmbH, Switzerland

Closing Plenary The cryptographic year in review: Bart Preneel, Professor, K.U. Leuven, Belgium Summary of sessions and closing discussion: Ronald De Bruin (ENISA) and Session Chairs

Lunch Break

Post Conference Workshop “Incentive Systems for Awareness Raising and Behaviour Change” Chair: Johannes Wiele, Editor, LANline & Werner Degenhardt, Academic Director, Ludwig-Maximilians-University Munich, Germany Panellists: Katerina Christaki, Awareness Raising Analyst, ENISA; Tom Köhler, Director IT-Security Strategy & Communication, Microsoft, Germany; Frank Bock, Chairman, Desine, Germany Presentation of the newly established ENISA European Awareness Raising Community and of the two projects “Internet Risk Behaviour Index” (IRBI) and “Desine” followed by an open discussion.

Conference Programme DAY 3, THURSDAY 9 OCTOBER 2008 9.30 – 15.00

9.30- 11.00

11.00- 11.30

11.30- 13.00

13.00- 14.00

14.00

15.00- 17.00

Fraud Prevention Economics of Security Security for Mobility Workshop Digital Identity (Spanish eID), STORK Workshop Chair: Gunter Bitz, Director Fraud Chair: Lucas Cardholm, Director, Ernst & Chair: Bernd Kowalski, President of the Spanish experience Chair: Miguel Álvarez Rodríguez, Prevention Competence Center, SAP AG, Young, Sweden Department, BSI, Germany Chair: Miguel Bañón, INTECO’s collaborator The Ministry of Public Administration Germany

Lessons learned from an online fraud Security Economics and European Policy Security of Mass Transport Systems AETIC incident Rainer Böhme, Researcher, Dresden Marc Sel, Director & Stefaan Seys, Senior ASIMELEC David Barroso, R&D CTO, S21sec, Spain University of Technology, Germany & Ross Consultant, Pricewaterhouse Coopers, AUTELSI Anderson, Richard Clayton and Tyler Moore, Belgium Researchers, University of Cambridge, UK

Managing vulnerabilities and How Economy and Society affect Authentication for Web Services with ISO 27001 – ISMS in Spain achieving compliance for Oracle Enterprise Security Management the Internet Smart Card Chair: Ana Santos. Project Manager. INTECO databases in a modern ERP environment Some non-technical Trends Walter Hinz, Senior Systems Architect, Implementation Standard ISO 27001 - ISMS Stefan Hölzner, Senior Manager & Jan Eberhard von Faber, Head of Strategy Giesecke & Devrient, Germany at SMEs Kästle, Senior Associate, KPMG, Germany and Marketing, T-Systems, Germany Sara Garcia, Senior Consultant, INTECO

An Analysis of Malware Protection Security Metrics in real life Securing Flash Technology How Does Change Management, a key factor to Features in Microsoft Windows Vista and Sara Järpenberg, Security Controller, Volvo It Look From Inside? achieve information security goals Windows Server 2008 IT, Sweden| Helena Handschuh, Security Architect, Gianluca D’Antonio, President, Jan De Clercq, Senior Technologist HP, Belgium Spansion, France ISMS Forum Spain

Conference Programme Day 2, Wednesday 9 October 2008 continued

16.30- 18.00

This presentation can be found within your copy of ‘ISSE 2008 Securing Electronic Business Processes’

eID Inventory, Trust and Application Groups Jan Timmermans, Netherlands

eID and Upcoming Technologies Reinhard Posch, Chief Information Officer, Austria

eID Process Flows Jim Purves, IPS, UK

eID and Common Specifications Miguel Álvarez Rodríguez, The Ministry of Public Administration

PILOTS Jim Purves, IPS, UK

WP 6.5 Change of address Renato Portela, Project Manager, PT Multicert

Sponsor Session 10.30-11.00 charismathics (Subject to be submitted)