RSA Conference

    • Security Topics
    • Conference Info
    • RSA Conference USA 2008
    • RSA Conference Japan 2007 (upcoming)
    • RSA Conference Europe 2008

    Email This Page

    2007 Annual Meeting Archives

    This is a collection of session proceedings, documents and links to web pages that are relevant to the topics discussed at the fourth ESAF Annual Meeting, which was held on February 5, 2007 at the Four Seasons in San Francisco, California. The theme for this meeting was “In the Limelight and Under Pressure.”

    This page is intended as a resource for ESAF participants to capture the valuable information shared at the meeting, as well as any related reports or studies that senior executives in information security would find useful. All of the materials have been prepared or recommended by Program Management, the Program Committee or ESAF participants.

    2007 ESAF Meeting Proceedings

    GENERAL SESSIONS

    PDFBalancing innovation with security 

    PDFBreaking out of the silos: collaborative information risk management 

    PDFConversation on US national cyber security 

    PDFSelling security to the C suite 

    BREAKOUT SESSIONS

    PDFEncrypting information: reality check 

    PDFManaging a global compliance strategy 

    PDFMeeting the challenges of legal discovery 

    PDFSpying and prying: how far do you go? 

    PDFSuccessful strategies for third-party risk management 

    PDFUser experience with multi-factor authentication 

    MEETING THE CHALLENGES OF LEGAL DISCOVERY

    PDFRobert Brownstone Bio 
    This document contains links to many articles and other resources regarding legal discovery.

    Breaking out of the Silos: Collaborative Information Risk Management

    PDFThe CIO and the CPO - A Vision For Teamwork and Success: A Best Practices White Paper 32 pages
    This paper provides background on the different perspectives of the IT organization and the privacy office and it offers practical tips for how these two organizations can work together to effectively guard against security and privacy risks. The best practices outlined in this paper are based on Sun’s experience within its own organization as well as input that was gathered from other experts in the industry (provided by Michelle Dennedy, CPO, Sun)

    Managing a Global Compliance Strategy

    PDFCommon global privacy terms and acronyms 2 pages
    List of common terms, explanation of acronyms, and links to sources of information (by Joe Alhadeff, CPO, Oracle)

    PDFPrivacy Global Approaches Oracle 41 slides
    Describes approaches to privacy including US, EU, APEC, Canada, Latin America, Japan, and many other individual countries. (by Joe Alhadeff, CPO, Oracle)

    PDFEU Data Security Survey (2005) 32 pages
    This survey examines the data security rules found in eight European Union (EU) Member States -- Austria, Germany, Greece, Ireland, Italy, Latvia, Poland and Spain -- and in Norway. These countries represent the only European countries to date that have produced detailed security rules on the collection, retention and processing of personal data generally. Includes charts for each country listing obligations and informal guidance. (Internal document by the Novartis Privacy Office led by Joan Antokol, CPO, Novartis)

    PDFData Transfer Slide 1 slide
    Shows the export restrictions on European personal data (by Joan Antokol, CPO, Novartis)

    PDFSafe Harbor Certification Novartis 13 slides
    Presentation on the benefits and challenges to certifying and information on Novartis’ approach and rollout (by Joan Antokol, CPO, Novartis)

    PDFUS EU Safe Harbor Framework Dept of Commerce 24 slides
    Presentation describing the safe harbor framework including, certification procedures, compliance and enforcement, and safe harbor principles. (by Damon Greer, Director, Safe Harbor Program, US Department of Commerce)

    PDFEUDPALINKS (PDF) 2 pages
    Links to the European Union’s data protection home page and key references (by Damon Greer Director, Safe Harbor Program, US Department of Commerce)

    PDFITA Helpful Hints for Safe Harbor Self Certification (PDF) 3 pages
    A list of helpful hints for self certifying to the Safe Harbor, provided by the International Trade Administration. Prior to submitting an organization's self-certification form to the Department of Commerce, it is recommended that these helpful hints be followed. They should be read in conjunction with the Safe Harbor Workbook and the complete set of Safe Harbor Documents. Links to documents and other sources of information are included in this list of helpful hints.

    PDFITA Safe Harbor Framework FAQ (PDF) 18 pages
    Answers to frequently asked questions about the Safe Harbor Framework, provided by the International Trade Administration.

    PDFAPEC Privacy Framework (PDF) 23 pages
    Document outlining a set of principles built around preventing harmful use of personal information and assuring accountability of information flows for the Asia Pacific Economic Cooperation (APEC), which is a trade and economic cooperation organization of economies with a Pacific coast. The Framework is intended to provide clear guidance and direction to businesses in APEC economies on common privacy issues and the impact of privacy issues upon the way legitimate businesses are conducted.

    PDFAPEC Electronic Commerce Steering Group (ECSG) (PDF) 1 page
    Description of the ECSG, it’s activities and links to APEC and ESCG documents. (by Damon Greer Director, Safe Harbor Program, US Department of Commerce)

    PDFCross-Border Privacy Rules – Implementation & Operation (PDF) 4 pages
    A concept paper prepared by the “Cross-Border Rules Study Group” for the purpose of discussion only as a follow-on to the APEC Privacy Framework. The intention is companies that implement and use such Cross Border Privacy Rules would be in compliance with the Framework.