Introduction

ISSA2015 is the annual conference for the information security community that continues on the successful recipe established in 2001. The upcoming conference is held under the auspices of the University of Johannesburg Academy for Computer Science and Software Engineering, the University of South Africa School of Computing and the University of Pretoria Department of Computer Science.

The ISSA2015 Conference will run from Wednesday, 12 to Thursday, 13 August at "54 on Bath" Hotel, Rosebank, Johannesburg, South Africa.

The conference has grown each year in various ways. Not only have delegate and presenter numbers been on the rise, but interest from industry has also grown and been displayed through sponsorship of the conference or aspects thereof. We believe that the quality and relevance of the information presented by industry practitioners and academics has also evolved over the years, as have the opportunities for senior research students to present their research to a critical and representative audience.

Conferences have become a major focus area - and often a money spinner - in many industries, so at any time you will see a number of conferences being advertised in fields such as information security. What sets the ISSA conference apart is that it is not intended to generate a profit for an organisation, and it does not encourage marketing of products and services through presentations. Instead, the proceeds from registration fees are reinvested to ensure that the conference grows or is sustained each year. In exchange for their investment in the conference, sponsors are afforded an opportunity to present company-specific information that has a bearing on the conference themes, and presentations submitted by potential speakers are sent through a vigorous double blind review process, managed by a team of respected international experts in information security.

We trust that the annual ISSA conference will continue to be recognised as an platform for professionals from industry as well as researchers to share their knowledge, experience and research results in the field of information security on a South African, but also on an international level.

To ensure ongoing improvement, we again encourage input from all those interested in the field of Information Security, particularly those who are actively seeking to progress the field, to take part and share their knowledge and experience. As part of the improvement, we are trying something new this year and hope that you will participate. We have created an event on the Whova app, and have uploaded all event information. You will be able to view the agenda, maps to the hotel and conference dinner and outlay of the hotel conference venue, receive important notifications, post to Twitter, find links to presentations and pictures and information on all delegates. Following your download, sign up on Whova with the email address that you used to register for the event. If you are asked to enter an event passcode when accessing the event, please use the following passcode: issdq Here is a link to where you can download the app https://whova.com/download/. alternatively, search for the Whova app on the App Store or Google Play.

We hope that you will enjoy the ISSA2015 conference!

Hein Venter, Marijke Coetzee, Marianne Loock and Mariki Eloff Conference Co-organisers

Focus

Information security has evolved and in the last few years there has been renewed interest in the subject worldwide. This is evident from the many standards and certifications now available to guide security strategy. This has led to a more clear career path for security professionals.

The convergence of technologies together with advances in wireless communications, has meant new security challenges for the information security fraternity. As hotspots are widely available, and more organisations attempt to rid their offices of "spaghetti" so the protection of data in these environments becomes a more important consideration. It is this fraternity that organisations, governments and communities in general look to for guidance on best practice in this converging world.

Cloud computing is opening am entirely new playground for criminals. Where computer systems used to be physical objects, they now become intangible virtual machines that can be erected in the cloud within seconds, and even demolished must faster. This bring new compelling challenges in the arena of digital forensics, let alone the other challenges to be dealt with in digital forensics.

Identity theft and phishing are ongoing concerns. What we are now finding is that security mechanisms have become so good and are generally implemented by companies wanting to adhere to good corporate governance, so attackers are now looking to the weak link in the chain, namely the individual user. It is far easier to attack them than attempt to penetrate sophisticated corporate systems. A spate of spyware is also doing the rounds, with waves of viruses still striking periodically. Software suppliers have started stepping up to protect their users and take some responsibility for security in general and not just for their own products.

The conference focuses on all aspects of information security and invites participation across the Information Security spectrum including but not being limited to functional, business, managerial, theoretical and technological issues. 

Invited speakers will talk about the international trends in information security products, methodologies and management issues. In the past ISSA has secured many highly acclaimed international speakers, including:

  • Pieter Geldenhuys, Vice-chair of the Innovation Focus Group at the International Communications Union, Geneva, Switzerland. Topic: BUSINESS UNUSUAL: Strategic insight in creating the future. Leveraging the value of the Hyper-connected world.
  • Wayne Kearney, Manager: Risk & Assurance at Water Corporation. Topic: Why are management shocked with all the “PHISH” caught? A case study in perspective.
  • Prof. Dr. Sylvia Osborn, Associate Professor of Computer Science, The University of Western Ontario, Ontario, Canada. Topic: Role-based access control: is it still relevant?
  • Prof. Dr. Steve Marsh, Associate Professor at University of Ontario, Institute of Technology. Topic: Trust and Security - Links, Relationships, and Family Feuds.
  • Alice Sturgeon manages the area that is accountable for identifying and architecting horizontal requirements across the Government of Canada. Her topic made reference to An Identity Management Architecture for the Government of Canada
  • Dr Alf Zugenmaier, DoCoMo Lab, Germany. His topic was based on Security and Privacy.
  • William List, WM List and Co., UK. His topic was: Beyond the Seventh Layer live the users.
  • Prof. Dennis Longley, Queensland University of Technology, Australia. His topic was: IS Governance: Will it be effective?
  • Prof. TC Ting: University of Connecticut, and fellow of the Computing Research Association, United States.
  • Prof. Dr. Stephanie Teufel: Director of the International Institute of Management in Telecommunications (iimt). Fribourg University, Switzerland.
  • Rich Schiesser, Senior Technical Planner at Option One Mortgage, USA Rick Cudworth, Partner, KPMG LLP, International Service Leader, Security and Business Continuity - Europe, Middle East and Africa.
  • Dario Forte - CISM, CFE, Founder, DFLabs Italy and Adj. Faculty University of Milano.
  • Reijo Savola - Network and information security research coordinator, VTT Technical Research Centre of Finland.
  • Mark Pollitt - Ex Special Agent of the Federal Bureau of Investigation (FBI) and professor at the Daytona State College, Daytona Beach, Florida, USA.
  • Prof Joachim Biskup - Professor of Computer Science, Technische Universität Dortmund, Germany.
  • Dr Andreas Schaad - Research Program Manager, SAP Research Security & Trust Group, Germany.
  • Prof Steven Furnell - Head of School, School of Computing and Mathematics (Faculty of Science and Technology), University of Plymouth, UK.
  • Prof Matt Warren - School of Information and Business Analytics, Deakin University, Australia.

The purpose of the conference is to provide information security practitioners and researchers worldwide with the opportunity to share their knowledge and research results with their peers. 

The objectives of the conference are defined as follows:

  • Sharing of knowledge, experience and best practice
  • Promoting networking and business opportunities
  • Encouraging the research and study of information security
  • Supporting the development of a professional information security community
  • Assisting self development
  • Providing a forum for education, knowledge transfer, professional development, and development of new skills
  • Promoting best practice in information security and its application in Southern Africa
  • Facilitating the meeting of diverse cultures to share and learn from each other in the quest for safer information system