12th Pader­born Day of IT Se­cur­ity, 6 April 2017

Programme

09:00 Get together
 
09:30 Welcome
Professor Dr. Johannes Blömer and Professor Dr. Eric Bodden, both Paderborn University, Institute for Computer Science
 
09:40 Keynote lecture
Secure Smart Home - Requirements and challenges in IoT from networked household appliances
Dr. Nils LanghammerMiele AG
The increasing networking in the Internet of Things - IoT - has strongly influenced the challenges and the resulting requirements in the environment of networked devices. A constantly changing starting position places special security requirements on manufacturers of household appliances, particularly with regard to networking, due to ever new threat scenarios in the application field. The networking platform Miele@home and the technologies used in it offer a first secure path in the "Smart Home". Miele AG is not alone in the market with its innovative solutions, as the challenges still to be solved and possible best practices should ultimately be mastered and implemented by all manufacturers.
 
10:30 Break
 
11:00 Presentation of the workshops
Professor Dr. Gudrun Oevel
 
11:30

Workshops 1 to 3 parallel:
 
Workshop 1:
Emergency management and high availability

Moderation: Thomas Biere, Federal Office for Information Security (BSI), Bonn
The workshop will deal with the topic of securing critical business processes through emergency management, with special emphasis on the aspect of high availability. In addition to technical components, the BSI believes that an important focus will be on service processes, which will be discussed with the participants.
 
Workshop 2:
EU data protection basic regulation - the new data protection law
Moderation: Carola Sieling, lawyer and specialist lawyer for information technology law, Law Office Sieling, Paderborn
Goodbye BDSG, hello DSGVO! The new basic data protection regulation will come into force from 25.05.2018. The speaker will be available for questions and answers. In this workshop, an overview of the new data protection law and its effects on business practice will be given. In exchange with the participants, a to-do list will be created to better prepare your company for the amendment.
 
Workshop 3:
Ransomware - What to do when malware encrypts important data?

Moderation: Gerd Conradbaramundi Software AG, Augsburg 
In the workshop the phenomenon, the type and the basics of the attack are explained as an introduction. Subsequently, protective measures are presented and options for action as well as damage limitation in case of a successful attack are developed. All topics are discussed and worked out interactively with the participants.
 

 

13:30 Lunch break with snack
  
14:15

Workshops 4 to 6 parallel:
 
Workshop 4:
Threat and risk management: sensible prioritisation of IT security measures

Moderation: Professor Dr. Eric Bodden, Paderborn University
The principle of Security by Design states that security should be considered in all phases of the development cycle of a product. This includes a wide range of measures and is not least a significant cost driver. Therefore, you may also be asking yourself how you can prioritize IT security measures in a sensible way. We will first introduce you to current methods and tools for threat analysis and risk management. Using an example scenario, we will then playfully try out the presented measures with you, so that you get a better feeling for the methods.
 
Workshop 5:
Procedure directory - everything new with DSGVO?

Moderation: Manfred Schneider, pro DS Data protection and data security consulting, Paderborn
The basic data protection regulation, to be applied from May 2018, extends the requirements for data protection documentation. An important component is the list of processing activities (Art. 30 DSGVO). From May 2018 also applies: no directory => fine
What needs to be documented and to what extent, what information is mandatory, what exceptions are there and what is the role of the data protection officer?
In the workshop, information on the procedure will be exchanged with those present and tips for implementing this DSGVO requirement will be developed.
 
Workshop 6:
SIEM - Security Information and Event Management: How do I get control of my data?

Moderation: Katharine BrylskiiT-CUBE SYSTEMS AG, Munich
Every second, operating systems, applications and network devices in a company generate logs. These logs record a variety of events, such as the creation of a new user, the transfer of a file, or the deactivation of a system service. A central analysis of this log data enables, among other things:
 

  • Detection of security incidents
  • Detection of data theft (IP loss)
  • Real-time monitoring of business critical systems
  • Adherence to compliance requirements
  • Cross-System Troubleshooting

The workshop will first give an introduction to the topic SIEM. Afterwards, use cases will be developed together with the participants to uncover security incidents in the company.
 

16:15 Reports of the working groups in plenary
 
16:30 Summary, closing words
Dr. Gunnar Schomaker
 
16:45 End of the event