Consumer Information Security Workshop
May 20 - 21, 2002

WORKSHOP SCHEDULE

SESSION 1
Monday, May 20, 2002

8:30 a.m.
Doors open: Federal Trade Commission, Room 432  

9:00 a.m.
Announcements
Welcoming Remarks: Chairman Timothy J. Muris  

9:15 a.m.
Keynote
Richard Clarke, Special Advisor to the President for Cybersecurity

Why is consumer information security important?

9:45 a.m. (this session will include a 15 minute break)
Panel I: The Current State of Consumer Information Security

What are the risks? How are they changing, e.g., how do the increasing popularity of broadband and the availability of scripts change the threat level? What are the harms to consumers? What data is available regarding these risks?

Moderator: Mark Eichorn
  • Lawrence Dietz, Director of Market Intelligence Communications, Symantec Corp.
  • Mary J. Culnan, PhD, Slade Professor of Management and Information Technology, Bentley College
  • Jeff Fox, Senior Projects Editor, Consumer Reports
  • Bruce Heiman, Executive Director, Americans for Computer Privacy
  • Rob Leathern, Analyst, Jupiter Media Metrix
  • Rich Pethia, Director, CERT Centers

11:45 a.m.
Lunch  

1:00 p.m.
Panel II: What steps can consumers take now to secure their information? What are businesses doing to educate consumers about these steps?

What can consumers do to secure their information systems? What resources are available to consumers? What can businesses do to increase security awareness and educate consumers?

Moderator: Laura Berger
  • Tatiana Gau, Senior Vice President, Integrity Assurance, America Online Inc.
  • Stephen C. Jordan, Vice President and Executive Director, Center for Corporate Citizenship, U.S. Chamber of Commerce
  • Shannon Kellogg, Vice President, Information Security Program, Information Technology Association of America
  • Chengi Jimmy Kuo, Network Associates Inc.
  • Bernhard Meister, Systems Architect, Security Architecture, Development and Implementation, Verizon Communications

1:45 p.m.
Panel III: What existing business models help consumers maintain security?

What business models reduce or eliminate security concerns, or make it easier for consumers to safeguard their own security?

Moderator: Laura Berger
  • Scott Charney, Chief Security Officer, Microsoft Corp.
  • Simson Garfinkel, Chief Technology Officer, Sandstorm Enterprises; President, Vineyard.NET, Inc.; Author, Web Security, Privacy, and Commerce
  • Austin Hill, Co-Founder and Chief Strategy Officer, Zero-Knowledge Systems
  • Stephen Cobb, Senior Vice President, Research & Education, ePrivacy Group
  • James C. Plummer, Jr., Coordinator, National Consumer Coalition Privacy Group, Consumer Alert

2:45 p.m. Break  

3:00 p.m.
Panel IV: What steps can businesses that maintain consumer information take to improve their own security?

What security challenges do businesses face in protecting stored information? Do they manage their own security or contract out? How do they protect consumer information while allowing access to that information as needed? Where do they go for resources on security issues? How do they deal with security issues on a daily basis?

Moderator: Dr. Alicia Clay, Program Manager, Information Security, Computer Security Division, NIST

  • Martin E. Abrams, Center for Information Policy Leadership, Hunton & Williams
  • Lynn Goodendorf, Six Continents Hotels
  • Franklin S. Reeder, Center for Internet Security
  • Vince Sollitto, Vice President, External Affairs & Corporate Communications, PayPal Inc.
  • Vic Winkler, Sun Microsystems Inc.
  • Marc Zwillinger, Kirkland and Ellis

5:00 p.m.
Closing Remarks: J. Howard Beales, III, Director, Bureau of Consumer Protection  

SESSION 2
Tuesday, May 21, 2002

9:00 a.m.
Panel V: The OECD Security Review

What is the OECD security review? What is the end product of the process? What impact will the revised OECD guidelines have in changing the ways that businesses, government, and individuals think about their roles in enhancing information systems and network security?

Moderator: Maureen Cooney, Legal Advisor for International Consumer Protection
  • Joe Alhadeff, Chief Privacy Officer; Vice President, Global Public Policy, Oracle Corp.
  • Sarah Andrews, Research Director, Electronic Privacy Information Center
  • Orson Swindle, Commissioner, Federal Trade Commission
10:00 a.m.
Panel VI: Emerging Standards for Business Security

What impact might standards have in changing consumer security? What types of initiatives might drive the adoption of security standards?

Moderator: Ellen Finn
  • Kimberly Kiefer, ABA Committee on Information Security
  • Peggy Lipps, Senior Director, Security and Risk Assessment, Banking Industry Technology Secretariat (BITS)
  • Mark MacCarthy, Senior Vice President, Public Policy, VISA U.S.A.
  • Dr. Larry Ponemon, Chief Executive Officer, Privacy Council
  • Fran Meier, Executive Director, TrustE

11:15 a.m.
Break  

11:30 a.m.
Panel VII: Alternative Approaches

What new approaches might change the ways that consumer security is currently managed?

Moderator: Mark Eichorn
  • Paul Collier, Executive Director, Biometrics Foundation
  • Jeff Fox, Senior Projects Editor, Consumer Reports
  • Peter Harter, Senior Vice President, Business Development and Public Policy, Securify, Inc.
  • Scott Hatfield, Sr., Vice President and Chief Information Officer, Cox Communications, Inc.
  • Alan Paller, Director of Research, The SANS Institute
  • Rich Pethia, Director, CERT Centers; Internet Security Alliance
  • Richard Smith, Internet Security Consultant

1:00 p.m.
Closing Remarks
Commissioner Orson Swindle