Context

The UK is faced with many new threats which could damage the infrastructure of the country, especially in terms of its critical infrastructure. These threats include the risk to individuals, to communities, and to businesses. Thus there needs to be an integrated approach to understanding these risks, and to mitigate them wherever possible. A key factor is for a range of domains to collaborate effectively, and to co-ordinate their activities, especially in defining the important threats, and how information can be gained to prevent any future events.

The event is free, and is intended to increase the collaboration of organizations around Scotland, and has been arranged for:

Monday, 20 June 2011 in The Egg on the Craiglockhart Campus at Edinburgh Napier University

There will also be a poster event by PhD students and researchers from around the Scottish academic institutes. Also we aim to award a prize for the Young Security Engineer of the Year. [Prize details]

The Symposium is delivered with the support of Scottish Enterprise.

Aim and Scope of Symposium

This symposium aims to bring together knowledge from many different domains, such as from academia, industry, the public sector, and law enforcement professionals, to provide a vision to create next generation systems which protect the rights of individuals, and which also to reduce the risks of our citizens in the face of threats that they are now exposed to. The focus on this symposium is on risk and uncertainty, with a key focus on:

• Risk within the UK infrastructure.
• Public sector infrastructure and systems.
• Criminal risks and new attack vectors.
• Risks to privacy and identity theft.
• Methods for the detection of electronic fraud.
• Intelligence-led activities.
• Emergency response infrastructures.
• Knowledge networks for intelligence gathering.
• UK response infrastructures.
• Cloud - Security and Cybercrime risks.

Speakers

There will be a wide range of speakers, from academia, the business community, law enforcement, and so on. At present the confirmed speakers are:

• Phil H Cox, Group Captain, Office of Cyber Security and Information Assurance.
• Tony Mole (Detective Chief Superindendent) Head of the SCDEA.
• Ian Bryant. Principal Information Security specialist at HM Government.
• Fred Piper. Royal Holloway. Title: Information Security: Is it in a healthy state?
• Don Smith. Dell SecureWorks.
• Tabassum Sharif, Flexiant.
• Rory Alsop. Title:
• Mike Dickson, Scottish Drug Enforcement Agency.
• Alan Moffat, Scottish Information Assurance Forum.
• Russell Scott, Scottish Police.
• Nigel Jones/Cormac Callanan, 2CENTRE.
• Martin Borrett, Director of the IBM Institute of Advanced Security in Europe, IBM Ltd.
• John Howie, Head of Cloud Services within Microsoft plc.

Web site

The Web site for the Symposium is at:

http://coe-security-and-cybercrime.net/symposium.html

Organisers

The symposium is organised by:

• Bill Buchanan (Edinburgh Napier University), w.buchanan@napier.ac.uk
• Mike Just (Glasgow Caledonian University), mike.just@gcu.ac.uk
• Ishbel Duncan (University of St Andrews), ishbel@cs.st-andrews.ac.uk
• Richard MacFarlane (Edinburgh Napier University), r.Macfarlane@napier.ac.uk
• Burkhard Schafer (University of Edinburgh), b.schaefer@ed.ac.uk
• Robert Ludwiniak (Edinburgh Napier University), r.Ludwiniak@napier.ac.uk
• Robert Orr.

The Symposium is supported by:

• Scottish Enterprise.
• SICSA.
• BCS Cybercrime Forensics Specialist Group.
• Scottish Information Assurance Forum.
• Scottish Institute for Policing Research (SIPR).

Outline Programme

The new updated scheduled is:

Bios

John Howie, CIPP/IT, CIPP, CISA, CISM, CISSP is the Senior Director of Technical Security Services for the Online Services Security and Compliance (OSSC) team within Global Foundation Services at Microsoft Corporation. He manages the teams responsible for strategy and architecture, threat management, and incident response for the company's cloud computing infrastructure. Prior to joining OSSC, John led the Data Governance Initiative in Microsoft's Trustworthy Computing Group, focusing on privacy protections for personal information, strategy, and policy. Previously he managed the company's Security Center of Excellence, and led the security community and its professional development program. John has spent twenty years working in the Information and Communications Technologies industry, principally working in the areas of information security and privacy, in several industry sectors including entertainment, financial services, and telecommunications.

Group Captain Phil Cox is a Fighter Controller. Commissioned into the Royal Air Force in December 1980, his early service was in a range of UK Air Defence radar units. His subsequent career has been split between staff tours in the MOD and command of RAF Fylingdales and the UK's Air Surveillance and Control System. Operational tours of duty have included the first Gulf War, Iraq, Afghanistan and several deployments to the Falkland Islands. Group Captain Cox attended the Royal College of Defence Studies before his current appointment to the Cabinet Office, where he is responsible for supporting development of UK Cyber Security policy (as Military Liaison Officer to the Office of Cyber Security and Information Assurance). He is married to Tabatha and they live in the wilds of Lanarkshire in Scotland with their 4 dogs, several cats and a flock of sheep. His interests include golf, fly fishing and shooting.

Ian Bryant is a Principal Information Assurance (IA) specialist from the Ministry of Defence (MOD), currently assigned as Enterprise Security Architect for National Policing (within the National Policing Improvement Agency – NPIA). His secondary responsibilities include a number of national and international IA committees, including chairing the UK National IA Forum (NIAF), chairing the Standards SIG of the UK Secure Software Development Partnership (SSDP), acting as UK Lead for the BSI IST/033 Committee (IT - Security Techniques) on Cybersecurity / Evidence-Forensics / Incident Management matters, and being UK national representative and Task Group Chair for NATO work on XML in Cross Domain Security Solutions."

Don Smith is VP Engineering and Technology at Securework. He has worked in the IT industry for 18 years, starting his IT career with the groundbreaking Edinburgh University spin-off, Vision Group. After a successful flotation Vision was acquired by STMicroelectronics where ultimately Don became responsible for security architecture and operations for this $8billion enterprise. During his time at ST in Geneva, Don also worked on successfully integrating 14 acquisitions across 26 sites on three continents. Don joined dns on returning to Scotland in 2005 and was instrumental in the construction of the dns identity management practice and the evolution of the dnsMSS service portfolio. Don is regarded as an expert in the field of Identity and Access Management. After SecureWorks' acquisition of dns, Don focuses on bringing SecureWorks threat intelligence and security messages to European clients as well as continuing to provide leadership across the varied technologies and application areas represented by the IAM umbrella.

Alan Moffat is the Information Management and Security Director with RSC2 Solutions. Alan is a founder member and Chair of the Scottish Information Assurance Forum (SIAF) and is also a member of the Cabinet Office, National Information Assurance Forum. He has 30 years of IT Management and Security experience within the Criminal Justice and Emergency Services arena, including developing secure national infrastructures for UK Police Forces to meet government security standards (MoPS and SPF) and International Standards (ISO 27000 series). Alan is one of only a few UK qualified consultants in the use of Axiology profiling, used throughout the world to profile individuals thinking styles, values and behaviour analysis.

Detective Superintendent Russell Scott joined the Metropolitan Police in London in 1981 where he served in both uniform and detective duties in the West End and Kings Cross areas. In 1988 he returned to Scotland joining Fife Constabulary where he again performed uniform and CID duties. Following promotion to Detective Inspector in 1997 he was transferred to the Force Drugs Squad overseeing surveillance and enforcement teams. In October 2002 he was seconded to the SDEA East Group as Branch Commander during which time he managed a number of covert policing operations targeting serious and organised crime groups throughout Scotland.

He took up his current post as Project Manager for the ACPOS NIM Development Team based at the Scottish Police College in January 2005. He is represented on a number of national committees including the ACPO NIM Working Group and the Scottish Strategic and Tactical Tasking groups. He also led the recent review of Serious and Organised Crime in Scotland and the review of the Scottish Tactical Tasking and Co-ordination Group resulting in him becoming the Actions Manager. In this role he has an oversight of the five Tactical groups for Scotland including the Public Protection Group on behalf of the lead - ACC Livingstone of Lothian and Borders Police. Currently he is the ACPOS lead for implementation of the Management of Police Information (MoPI) programme which includes development of the Bichard recommendations following the Soham murders. In addition he also leads on the work being undertaken with regards to the Magee Review of Criminality Information (RoCI) which examined the sharing of information with international partners.

Tabassum Sharif is Director of Operations at Flexiant, a leading independent cloud platform provider and software and services company. Flexiant developed Europe's first cloud platform over four years ago and remains one of only a handful of independent cloud platform providers world wide.Prior to joining Flexiant, Sharif acquired a wealth of experience in translating theoretical ideologies and best practices into real world environments working with a number of leading financial service organisations including GE Capital, the JW Group and Alphyra.Tabassum Sharif spent almost eight years in the military specialising in telecommunications and other communication projects after completing a B Eng in Electronic and Electrical Engineering at the School of Electrical and Electronic Engineering with the Corp of Royal Electrical and Mechanical Engineers."

Fred Piper BSc, PhD, CEng, FIEE, ARCS, DIC, FICA, FIMA, MBCS, CISSP, CISM, M.InstIISP. Fred Piper obtained a First Class Honours degree in Mathematics at Imperial College (University of London) in 1962 followed by a PhD in 1964. He began an academic career as an Assistant Lecturer in Mathematics at Royal Holloway College (University of London) and after one year was promoted to Lecturer. He transferred to Westfield College (University of London) in 1969, was promoted to Reader in 1971 and to Professor in 1975. He is currently Director of the Royal Holloway Information Security Group that was awarded the Queen's Anniversary Prize for Higher and Further Education in 1998. He has held a number of visiting positions at other universities, including Illinois (Chicago Campus), Florence, Perugia, New York State (Albany), Michigan State, Western Ontario, Natal and Beijing.

Fred has published over 100 research papers, 6 books (4 on cryptography), and is on the editorial boards of two international journals. He has also supervised over 50 PhD students and is one of the organisers of the MSc's in Information Security and Secure Electronic Commerce being offered at Royal Holloway. He has lectured world-wide on a wide range of topics in information security, both academically and commercially.

In 1985 he formed a company, Codes & Ciphers Ltd, which offers consultancy advice in all aspects of information security. He has acted as a consultant for a number of financial institutions and major industrial companies in the UK, Europe and USA. This consultancy has covered a wide range of subjects including design and analysis of cryptographic algorithms, and work on a number of ATM and EFTPOS systems. In the last few years he has served on a number of committees offering security advice to the UK's Department of Trade and Industry.

• Fred is a member of the Board of Trustees, Bletchley Park.
• In 2002 he was awarded an IMA Gold Medal for "Services to Mathematics".
• In 2002 he was also awarded the first honorary CISSP for a European. This was for 'leadership in Information Security'.
• In 2003 Fred received an honorary CISM for 'globally recognised leadership' and 'contribution to the Information Security Profession'.
• In 2005 he was elected to the ISSA Hall of Fame.
• He was named Professional of the Year at the Communications in Business Awards 2005.
• In 2008 he was elected to be a Fellow of (ISC)2.
• In 2008 he was the first person to be elected to the InfoSecurity Europe Hall of Fame.
• In 2008 he was elected to the International Advisory Board of IMPACT (the International Multilateral Programme Against Cyber Threats)

Mike Dickson joined Lothian and Borders Police 22 years ago and has held a number of roles within that Force. During this time he was also working as a freelance computer programmer on numerous projects worldwide, notably for the financial sector and IBM. On the basis of this, in 1998 he was invited to help set up the Forensic Computer Unit within Lothian's headquarters as a forensic analyst.

In 2003 this Unit was expanded greatly to become the Scottish National Hi-Tech Crime Unit at which time it was migrated to the Scottish Crime and Drug Enforcement Agency. During this time he obtained a Masters Degree in Computer Forensics at the Royal Military College of Science and a Masters in IT and Telecommunications Law at Strathclyde University. He has worked on high profile cases covering such diverse areas as child abuse, fraud, counterfeit currency, software piracy, drugs, terrorism, missing persons, murder and money laundering. Mike lectures at the Scottish Policing College, Glasgow University, Strathclyde University and the National Police Improvement Agency and assists with technical courses in his field. He has also been published in various journals in the field of computer and mobile telephone forensics.

Nigel Jones MBE FBCS is currently the law enforcement coordinator of the Cybercrime Centres of Excellence Network for Training, Research and Education (2CENTRE) and a director of Technology Risk Limited, a company specialising in technology risk solutions.

Nigel served for 30 years in the UK Police Service where in addition to wide ranging experience in major commercial fraud and computer crime investigation both nationally and internationally, he was the UK Police representative on the G8 sub group on high tech crime and UK coordinator of a series of G8 Industry conferences. During his time as a fraud investigator he designed and delivered an academically accredited fraud training programme. He created National High Tech Crime Training Centre at the National Centre for Policing Excellence at Wyboston in the UK and was responsible for the creation of the design and delivery of a core curriculum and modular high tech crime training programme for the UK police service.

Nigel formed the Kent Police Computer Crime Unit in 1993 and is co-author of the ACPO "Computer Based Evidence - Good Practice Guide" and member of the Technical Working Group on the Investigation of Electronic Evidence (TWGIEE) in the USA. Nigel has given presentations at numerous national and international events including the preparation and moderation of a hi-tech crime scenario at the United Nations 10th Crime Congress.

In 2003 Nigel was appointed as project manager of a European Commission Agis funded programme to develop a cybercrime training programme for the 28 EU and candidate countries. He also project managed a series of training courses course on behalf of the European Police College (CEPOL) to deliver training to senior managers of EU police forces and a further project to deliver training to a group of countries from North Africa, the Middle East and Southern Europe.

In January 2005 Nigel was elected by the Member Countries as Chair of the Interpol European Working Party on IT Crime. He worked in close collaboration for two years with Canterbury Christchurch University in the development of an MSc award in Cybercrime Forensics that is now offered by the University.

Nigel is currently the training manager for a €2.7m European Commission funded programme to further harmonise cybercrime training across international borders. He is a consultant to the Council of Europe in their cybercrime projects in Georgia and South Eastern Europe. He co-authored a paper on the training and education requirements of law enforcement that led to the 2CENTRE concept. He is a member of the Digital Forensic Specialist Group advising the UK Forensic Science Regulator.

Martin Borrett is the Director of the IBM Institute of Advanced Security in Europe. He leads the Institute and advises at the most senior level in clients on policy, business, technical and architectural issues associated with security. Martin leads IBM's Security Blueprint work and is co-author of the IBM Redbooks "Introducing the IBM Security Framework and IBM Security Blueprint to Realise Business-Driven Security" and "Understanding SOA Security" . He is Chairman of the European IBM Security User Group community and Chairman of the IBM UKI Technical Consulting Group. He is a member of the IBM Academy of Technology, a Fellow of the BCS, and a Chartered Engineer (CEng) and member of the IET. Martin has a passion for sailing and has represented Great Britain; he is also a keen tennis player.

Ian Whittaker BSc FCA FIIA. Ian is a Senior Consultant with Amor Group, www.amorgroup.com, Scotland’s largest independent IT Company having, inter alia, previously been an eBusiness Advisor to Scottish Enterprise, Group IT Director for one of Scotland’s fastest growing Energy Service Groups and Head of Computer Auditing in Scotland and Northern England for an international accountancy firm.  He is a committee member of the IT Faculty of the ICAEW and has presented on a number of new technology and business topics, including computer control and security, to universities and institutions both in the UK and Europe.  As a Management Consultant he has provided independent corporate and financial advice regarding Information Technology exploitation during start-ups, spin-offs, acquisitions, demutualisations and mergers.

Dr Basil Philipsz, MIISP is the Managing Director of Distributed Management Systems, www.dms-soft.com, which has developed CASQUE, a multi factor authentication, key distribution and key management system. New generation, CASQUE SNR is currently being certified by CESG. Basil, a serial inventor, is Chair of Ideas North West, a self help Inventors Group based in the North West of England, www.ideasnorthwest.co.uk and is a founding director of a Solid State lighting company, www.csaphotonics.co.uk. Interests: Pure Mathematics, Development of high assurance security systems for both Hardware and Software, Mentoring of Inventors.

Organisers

Bill Buchanan is a Professor in the School of Computing at Edinburgh Napier University. He currently leads the Centre for Distributed Computing and Security, and works in the areas of security, e-Crime, intrusion detection systems, digital forensics, e-Health, mobile computing, agent-based systems, and simulation. Bill has one of the most extensive academic sites in the World, and is involved in many areas of novel teaching in computing. He has published over 27 academic books, and over 130 academic research papers, along with awards for excellence in knowledge transfer. Presently he is working with a range of industrial/domain partners, including with the Scottish Police, health care professionals and the FSA. [Web page]

Mike Just is a Lecturer (Assistant Professor) at the School of Engineering & Computing at Glasgow Caledonian University. He is also a Visitor at the School of Informatics at the University of Edinburgh. Mike has penned more than two dozen publications in his areas of interest, which include applied cryptography, human computer interaction, network security, and social informatics. Prior to his current academic position, Mike spent more than 10 years working in both the public and private sectors. In 2003, he designed the Government of Canada's online authentication recovery solution, currently used by more than 6 million citizens and businesses. He earned his PhD in Computer Science in 1999 from Carleton University. [Web page]

Richard McFarlane is a lecturer in Security and Forensics in the School of Computing, at Edinburgh Napier University. Current research areas include Network Security, Forensic and Security Frameworks, Virtualisation, and Network Device Emulators. He has a Degree in Computing, followed by 7 years in industry, Masters in Networking and 2 years teaching Networking, Security and Forensics, BSc Hons, MSc, Cisco Instructor CCNA, CCNA Security, PBCS, EnCase Forensic I. [Web page]

Dr Ishbel Duncan is a lecturer in the School of Computer Science at the University of St Andrews. Having previously been a Research Fellow with BT investigating large scale software testing in which the adequacy of a test suite is optimal, she became interested in the adequacy of security, that is, security testing and analysis of its effectiveness. She has worked on projects as diverse as communications metrics, wireless sensor networks, e-voting, agent testing, virtual world education and security requirements modelling before building up and currently running a successful MSc programme in Information Technology. She lectures in Security at both Honours and MSc level. [Web page]

Prof Burkhard Schafer studied Logic, Theoretical Linguistics, Philosophy and Law at the Universities of Mainz, Munich, Florence and Lancaster. My main field of interest is the interaction between law, science and computer technology, especially computer linguistics. How can law, understood as a system, communicate with systems external to it, be it the law of other countries (comparative law and its methodology) or science (evidence, proof and trial process). As a co-founder of the Joseph Bell Centre for Legal Reasoning and Forensic Statistics, I help to develop mathematically sound methods to evaluate scientific evidence, develop computer models which embody these techniques, and provide assistance to police and lawyers to interpret and apply scientific evidence, A special interest here is the development of computer systems that help law enforcement agencies to co-operate more efficiently across jurisdictions, assisting them in the interpretation of the legal environment within which evidence in other jurisdictions is collected. This research is linked to my wider interest in comparative law and its methodology, the idea of a "Chomsky turn in comparative law", and the project of a "computational legal theory" My Research Centre is the Joseph Bell Centre. He is involved with a number of organisations that promote the exchange between computer science and law, including the German Association for Informatics, BILETA, and the Evidence and Investigation network of the Scottish Institute for Policing Research. I'm also on the Nomination Committee of the International Association for Artificial Intelligence and Law. [Web page]

Support

The Symposium is delivered with the support of Scottish Enterprise. It has been developed through the Strategic Investment Fund at Edinburgh Napier University, and has the support of the Scottish Institute for Policing Research (SIPR).