Workshop on IT security

March 7, 2006

Wednesday the 19th of April, 2006, the Danish Board of Technology brought together a wide selection of IT-security actors to participate in pointing out and addressing the major IT-Security-related issues in Denmark. The result was an Idea Catalogue that can be used by the DBT, the Ministry of Science, and the IT-Security Panel, as well as others, when planning future projects.

On the year-end of 2005, the Board of IT-security was closed, opening the way for a new construction involving the newly established IT-Security Panel and the DBT. Through this construction, the IT-Security Panel will advise the Ministry of Science, while the DBT is responsible for holding activities to encourage debate and learning. DBT has earlier been engaged in IT-security projects (see i.e. “IT-infrastructure’s vulnerability”), but following this new arrangement, IT-security becomes a permanent part of the Board’s annual programme.

The DBT’s first activity under the new framework was the workshop on IT-Security. The workshop included a wide spectrum of actors– from public administrators, consultants and system developers, to researchers and academics – with the goal of creating a better overview of the security landscape, identifying the most pressing IT-security issues, and helping uncover solutions and relevant actors to meet the challenges.

The workshop consisted of 3 elements – a brainstorm, group work, and voting – and the participants conducted part of their work on laptop PC’s fitted with “GroupSystems” collaborative thinking software. This gave them the opportunity to express their ideas in a rapid and anonymous manner.

The workshop was divided into 3 phases:
Phase 1: A brainstorm en masse, where the participants each came with their ideas concerning various IT-security issues, and placed them under one of the 6 main categories that were predefined by the arrangers. These categories included :

  • Regulations and Standards
  • System Development
  • Technique and Infrastructure
  • Knowledge and Behaviour
  • Communication and Knowledge Sharing
  • Overriding Principles

The brainstorm ended with a prioritisation of the problems.

Phase 2 : Group work. Participants were divided into groups where they discussed and suggested solutions for the top-ranked problems. All participants, thereafter, had the opportunity to propose solutions to any problem identified in phase 1.

Phase 3 : Independent of the work in phases 1 and 2, each group proposed an initiative that can be expected to improve IT-security in Denmark. The participants then concluded the conference by voting / ranking the 6 initiatives.

All input, as well as the results from voting, were registered and published in the idea catelogue on this page. It should be stated that the idea catelogue cannot be considered a finished report with refined results. It is instead a collection of raw data, various ideas, proposals, comments and discussions concering the current IT-secuity situation in Denmark. The catelogue is furthermore only published in Danish at this time.