I.B.I.S. 97 First Annual International Banking and Information Security Conference "Securing the Future Now" New York City February 19-21, 1997 Sponsored by: National Computer Security Association / USA / www.ncsa.com Winn Schwartau, Interpact, Inc. / USA / www.infowar.com Trusted Information System / USA / www.tis.com Raptor Systems / USA / www.raptor.com Sun Microsystems / USA / www.sun.com Cisco Sytems / USA / www.cisco.com Electronic Relationships for Global Opportunities (ERGO), Liechtenstein Business Strategies Network, Inc. / USA / www.seminar.com Internet Security Systems, Inc. / USA / www.iss.net I.B.I.S. 97 is the only international conference to exclusively focus on electronic security issues of vital importance to banking and financial institutions and their customers. I.B.I.S. is designed to bring financial organizations and their staff up to date on current trends, problems and solutions through highly interactive sessions presented by renowned experts in the field of information security and finance. Key topics to be addressed include: secure financial transactions; on-line commerce; security policy, training, and awareness; security management and auditing; law enforcement concerns and legal liabilities; government and national security perspectives. To make more of the financial community security aware and knowledgeable, I.B.I.S. 97 offers a four part "Security Basics for Bankers" tutorial to provide the fundamentals of information security in a simple, not-too-technical and highly entertaining format. * * * * * * I.B.I.S. 97 Program * * * * * * Wednesday, February 19, 1997 5:00PM - 8:00PM Registration Begins Sponsored Reception for attendees, speakers, sponsors and the press. Light food fare and liquid refreshments. Meet and mingle with experts, policy makers, colleagues and solution providers. Thursday, February 20, 1997 PLENARY: 7:00 - 8:20 Breakfast and Early Registration 8:20 - 8:30 Welcoming Remarks and Administrivia Winn Schwartau, President, Interpact, Inc. 8:30 - 9:00 Keynote Mr. Robert T. Marsh; Chairman, President's Commission for Critical Infrastructure Protection On July 15, 1996, Executive Order 13010 recognized that certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the economic security of the United States. These infrastructures include, among others, telecommunications, banking and finance. These can be threatened by both physical threats to tangible property and by threats of electronic, radio frequency, or computer-based attacks on their information or communications components. Mr. Marsh will speak on the Commission's work with both the government and private sector to develop a strategy for protecting these national assets and assuring their continued operation. 9:00 - 09:30 The European View of Secure Banking in Global Economy George Schmidt, CEO SYSTOR, AG, Switzerland 9:30 - 10:00 Technology Versus Security: Challenges to Modern Banking Dan Schutzer, Vice President and Director of Advanced Technology Citibank; President, Financial Services Technology Consortium Technology moves ahead at a blazing speed yet security is often an afterthought. How does a global financial company deal with myriad choices, national policies and regulations and still make it all work? An overview of the opportunities and challenges that face the global financial community. 10:00 - 10:30 Sponsored Break 10:30 - 11:00 Successful On-Line Banking: A True Story David Luther, President, Network Security Division, Security First Technologies (S1) Being the first at anything means both risks and rewards. And being the first Internet based bank brought its share. Learn how Security First Network Bank, the first bank on the Internet got there. What went right? What went wrong? And how is it going now? Do people trust it? What does the future hold? A fascinating story. 11:00 - 12:00 Very Special Panel Discussion: A Study Into Financial Infrastructure Vulnerabilities Major Brad Bigelow, Office of the Manager, National Communications System and NSTAC's Gov't. Coordinator Steve Fabes, V.P. Electronic Delivery Systems, Bank of America, Member, Presidential NSTAC Kawika Daguio, Federal Representative, Regulatory and Trust Affairs, American Bankers Association An extensive joint Government-Private Sector study has yielded some fascinating results that will both surprise and shock you. This panel is an advance peek at the NSTAC study which is not due to be published until April. No information on the results of this study will be published before I.B.I.S.97. 12:00PM - 1:30PM Sponsored Lunch 12:45PM - 1:15PM Luncheon Address 1:30PM - 3:00PM Break out Sessions A1 - C1 Breakout A1 Introducing "Trust" and Back-End Protection to Virtual Bankers Moderated by Winn Schwartau Anup K. Ghosh, Ph.D., Reliable Software Jim Litchko, Secure Computing Corporation So you're going on line. You've got crypto and passwords and a brand name firewall so you think you're safe. Right? Think again. Dr. Ghosh addresses an often overlooked aspect of on-line transactions: Host Security. Configuring, maintaining and testing a secure World Wide Web server is not as easy as it sound. By introducing the concept of 'Trust' into financial transactions, you'll hopefully take a second look at your electronic commerce efforts. Breakout B1: Techniques for Secure Transactions Moderated by Stephen Cobb, NCSA Bruno-Christian Chabannes, President, Globe-Online, France A number of competing security technologies are vying for dominance in the growing field of distributed and virtual commerce. How does the individual customer gain confidence in the security and privacy of his transactions. What technologies are available? Who is driving them? This session examines your options, the pros and the cons of each method. Breakout C1: Information Security Basics in Banking for the Non-Technician: "A Four Part Tutorial" Dr. Mich Kabay, author of "Guide to Enterprise Security," and Director of Education for the National Computer Security Association will take the non-technical manager on a two day tour of the fundamentals of information security as it applies to banking, finance and electronic commerce. Enjoy lively class participation and discussion. Complete course materials provided. 3:00PM - 3:30PM Sponsored Break 3:30PM - 5:00PM Break out Sessions A2 - C2 Breakout A2: Integrating Security Throughout the Financial Enterprise George Schmidt, Systor, Switzerland Customers and a competitive environment demand new services and products. You deploy new technology, like the Internet, but what about security? Does your implementation reflect the true vulnerabilities and risks for you and your customers? Security policy and systems integration directly affects both the protection of information assets and legal liabilities. Learn how to design for a secure future in a virtual on-line world. Breakout B2: The Future of Cryptography in Electronic Banking and Anonymous Commerce: Pitfalls and Solutions Bruce Schneier, President of Counterpane Systems, Author "Applied Cryptography" Confidentiality, integrity and authentication in banking require extensive use of cryptography. But, not all cryptography is created equal. What systems work and which ones don't. How do you determine which vendors offer real solutions and which ones invite trouble. And how does anonymous international banking work? Is it a vehicle for hot money or a boon to legitimate commerce? Breakout C2: Basics of Information Security in Banking for the Non-Technician - Part II 5:00PM - 8:00PM Sponsored Reception with Cocktails and Heavy Hors D'oeuvres Friday, February 21, 1997 PLENARY: 7:00 - 8:20 Sponsored Continental Breakfast 8:20 - 8:30 Administrivia 8:30 - 9:00 Securing Global Electronic Banking & Commerce Heidi Richards, Board of Governors, Federal Reserve Board The committee on Payment and Settlement Systems, along with the Group of Computer Experts of the central banks of the Group of Ten countries recently completed their report on the Security of Electronic Money. Heidi Richards, the United States representative to the Task Force on Security of Electronic Money, will speak on the findings of the committee. She will address the technical risks and security features of electronic money products and provide an assessment of the security measures associated with each. 9:00 - 9:30 Denial of Service: The True Threat to Electronic Commerce Winn Schwartau, President, Interpact, Inc. In a mere five years, 50% of retail physical banking presence will be replaced by on-line banking from home, business and on the wholesale front. Financial institutions will rely upon the electronic highways to generate revenues, profits and keep customers happy. But, disgruntled individuals can literally shut-down a bank's ability to conduct business: invisibly, anonymously and from afar. Learn how they do it and what the future holds for defending against Denial of Service attacks. 9:30 - 10:00 Lessons for the Financial Community from the Department of Defense Robert Ayers Bob Ayers has been the Chief of DoD Intelligence Information System Computer Security Program; the Director of the Defense-wide Information Systems Security Program and Director of the Combined DISA/NSA Center for Information Systems Security. So he knows that managing and securing a huge network presents a range of security issues, including hundreds of thousands of attacks annually. What lessons has the Department of Defense learned that can be applied to banks and financial organizations. 10:00 - 10:30 Sponsored Break 10:30 - 11:00 Crimes of Greed: Domestic Computer Crime Philip Reitinger, Department of Justice, Computer Crime Unit A Federal law enforcement overview of computer crimes, and what government and financial organizations can do to prevent and respond. 11:00 - 11:30 Frank O. Trotter, III, Senior V.P. of Foreign Exchange Mark Twain Bank Frank Trotter is a pioneer; he was the first to put Ecash to the test in a real live banking situation. How did it go? What were the successes and failures. Should you do the same thing? First hand experience is the best teacher. 11:30 - 12:00 Selling Security to Management and Achieving Staff Cooperation Christine McNulty, Applied Futures Management wants more security and asset protection. Employees don't want to be bothered. Or Management doesn't want to know about vulnerabilities and ignores security. Creating teamwork and a sense of mission is critical to implementing good security practices. Listen to a world renowned "Paradigm Shifter" share her experiences in managing cooperation in a security aware organization. 12:00PM - 1:30PM Sponsored Lunch 12:45PM - 1:15PM Luncheon Address 1:30PM - 3:00PM Break out Sessions A3 - C3 Breakout A3: Legal Implications of Authenticating Electronic Transactions Benjamin Wright, Attorney and Editor of EDI Forum Is there a single, perfect way to authenticate an electronic business message? Sign a contract? Authorize financial transactions? Several competing approaches, including different forms of cryptography and biometrics are emerging, some even being enshrined into laws such as the Utah Digital Signature Act. This session will analyze, largely from a legal perspective, several authentication models and their relative strengths and weaknesses. Breakout B3: Forensics of Computer Crime for Financial Institutions Kenneth Citarella, Asst. District Attorney, Westchester County What happens when you security is breached. Is there a loss? Who did it? What do you do now? This fascinating session walks you through the mind of the technical criminal and the steps you need to take in response to an attack. Breakout C3: Basics of Information Security in Banking for the Non-Technician Part III 3:00PM - 3:30PM Sponsored Break 3:30PM - 5:00PM Break out Sessions Breakout A4 Smart Cards and the Cashless Society: Ready for Prime Time? Moderated by Stephen Cobb, NCSA Don Gleason, President, Smart Card Enterprises From Stored Value Cards to Smart Credit Cards and Electronic Purses. Do they have a place in your product offerings? Who makes what kinds of products that might be of interest to your institution. What are the risks and rewards? An industry overview. Breakout B4 Telewar and the Back Hoe Attack Ron Eward, Martech Strategies The real cyberspace, made of copper and glass and wire, is the backbone of your business. This terrifying session shows you the holes in your physical transport layer systems and what you need to do to repair them. If you think you have redundancy in your communications and distributed transaction systems, this session might make you think again. Breakout C4: Basics of Information Security in Banking for the Non-Technician Part IV 5:00PM - 5:30PM Conference Wrap Up Winn Schwartau, Interpact, Inc. Dan Schutzer, CitiBank Kenneth Citarella, Asst. D.A., Westchester 5:30PM - 8:00PM Birds of a Feather Unsponsored Reception _________________________________________________________________ Three Ways to Register! 1. Call NCSA at (717) 258-1816. 2. Print the form (see below) then fill it out and fax to (717) 243-8642. Be sure to include VISA, MasterCard, or American Express Card Number, Expiration Date, and your signature. 3. Print the form (see below) then fill it out and send completed registration form and payment information to: NCSA 1200 Walnut Bottom Road, Suite 3 Carlisle, PA 17013 Excuse me. Where is the form and how do I print it? Click on this link for form. then hit Control-p or go to File and select Print Back to Conference menu Back to NCSA Main Menu _________________________________________________________________ This page updated January, 1997 by spiderwoman@ncsa.com. © Copyright, 1996, NCSA ®