1. Geneva, Switzerland, 15-16 September 2014 Regional Asia Information Security Exchange (RAISE) Forum Koji Nakao, Information Security Fellow, KDDI Corporation (ko-nakao@kddi.com)ko-nakao@kddi.com & Co-chair of RAISE ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014)

2. Geneva, Switzerland, 15-16 September 2014 2 Background Regional economies are mainly adopters of International Security Standards, except for Australia, Japan, and South Korea Main challenges Localizations requirements Lack of or limited security standards expertise Lack of or limited recognition and understanding of problems where standards could help resolve or mitigate Government focus, industry participation and contribution

3. Geneva, Switzerland, 15-16 September 2014 3 Objectives of RAISE Forum-1 Provide a platform for sharing of knowledge, exchange of ideas, and dialogues on standards related issues, challenges, and directions, in particular, relating to the adoption, deployment, and implementation of information and communications technology (ICT) related standards in the region; Ensure that the security-related standardization activities in Asia adequately reflect the requirements of the market constituents at a strategic level; Provide a mechanism that could be used to follow- up on Asia policy requirements on Information Security standards issues;

4. Geneva, Switzerland, 15-16 September 2014 4 Objectives of RAISE Forum-2 Provide effective co-ordination between organizations of relevant standardization work programs and their execution; Ensure Asia requirements for standards and standards work in this area are correctly interfaced with international standards activity, and standards activity in other regions, to avoid conflict or duplication of effort; Act as a strategic communications interface between relevant standards authorities and agencies on international standardization related topics.

5. RAISE Forum Geneva, Switzerland, 15-16 September 2014 5 Co-chairs: Koji Nakao (Japan) and Meng-Chow Kang (Singapore) Inaugural meeting held Nov 19, 2004 in Tokyo 14th meeting held in Bangkok on Aug 1-2, 2014 (see the program) MoU with (ISC) 2 in 2012 to promote information security competency and awareness in Asia region Active members include China (including Hong Kong), Chinese Taipei, Japan, Malaysia, Thailand, Singapore, South Korea, Convener of WG 1 from SC 27 and vice-chairmen of ITU-T SG17.

6. Geneva, Switzerland, 15-16 September 2014 6 Current Focus Improving information sharing and communications Extending help and outreach to emerging economies Closing the gaps in existing international standards arena New standards Guidance on use/implementation Preparing the region for emerging/new development (upcoming standards)

7. Geneva, Switzerland, 15-16 September 2014 7 Projects Application Security (resulted in NP in SC27, ISO/IEC 27034 in progress) ICT Readiness for BC (resulted in NP in SC27, published ISO/IEC 27031) Korea ISMS Implementation Guide (published) Security Standards Toolkit (published) Security assessment guides for Network and Systems Security Administrators (published) Business Continuity and Disaster Recovery Services Standards Deployment (published) Latest output are basically focusing on SC27 works. ITU-T activities are required to consider.

8. Copyright (c) 2004-2014, RAISE Forum 8 Date/TimeDescription 0900 to 0930 hrsRegistration 0930 to 0940 hrsIntroduction and welcome notes 0940 to 1000 hrsOpening address 1000 to 1050 hrsInternational Updates on ISO/IEC JTC 1/SC 27 and ITU-T/SG 17 Activities (including Cloud Security and Audit related activities updates) 1105 to 1200 hrsInternational Updates on ITU-T/SG 17 Activities (including Cloud Security and Audit related activities updates) 1330 to 1630 hrsMembers’ Updates on Information Security Status in respective economy Korea’s updates Japan’s updates Chinese Taipei’s updates Malaysia’s updates 1515 to 1630 hrsP.R. China ’s updates Singapore’s updates (ISC)2 ’s updates 1630 to 1645 hrsRAISE Forum ToR and Roadmap 1645 to 1700 hrsWrap-up of Day One/Administrative for Day Two RAISE forum 2014 – the first day

9. Copyright (c) 2004-2014, RAISE Forum 9 Date/TimeDescription 0900 to 0910 hrsDay Two Introduction (Agenda Review) 0910 to 0945 hrsTracing Botnet – Mr Chang KC, ICST 0945 to 1020 hrsCyber-Security Collaboration -- Introduction of PRACTICE project in Japan 1035 to 1110 hrsResearch Collaboration -- Latest activities of NICT (NICTER/DAEDALUS/NIRVANA/NIRVANA 改 ) 1110 to 1145 hrsKR security capability maturity model – Prof Youm 1145 to 1230 hrsBitcoin and Digital/Virtual//Mobile Currencies: Both Sides of the Coin – Prof Pauline Reich 1400 to 1500 hrsDiscussion Session 1 – ISO/IEC 27001 family of standards - update on current developments, certification and applications - Supporting Guidance - Sector specific applications (telecoms security, IT service management and security, Cloud security and privacy, and utility sector security - certification of ISMS, certification of information security professionals 1515 to 1645 hrsDiscussion Session 2 – ISMS certification for SaaS – Antony Ma Discussion Session 3 – Developing Interdisciplinary Training and Curriculum for Cybercrime and Cybersecurity Professionals; What Is and Is Not Happening Discussion Session 4 – Update of 29051 (CoP for PII protection)) 1645 to 1715 hrsWrap-up and Roundtable on Day Two topics 1715 to 1730 hrsNext Meeting Administrative/Closing Remarks RAISE forum 2014 – the second day

10. Web site: http://raiseforum.org/http://raiseforum.org/ Twitter: @raiseforum Copyright (c) 2004-2014, RAISE Forum 10 Q&A/Discussion