2nd Pader­born Day of IT Se­cur­ity, 8 March 2007

Programme

09.00 Get together, visit of the exhibition
 
09.30

Welcome
Prof. Dr. Gregor Engels, Paderborn University, Paderborn Forum “Industry meets Computer Science trifft Informatik“
 

09.40

Plenary presentations (45 minutes each)
 
The situation of IT security in Germany
Michael Hange, Federal Office for Information Security (BSI), Bonn
 
I don't sign anything without my IT consultant - electronic signatures: applications and legal foundations
Prof. Dr. Johannes Blömer, Paderborn University
 

 

11.20
 
Break
 
11.30
 
Company presentations
 
12.30 Lunch break with snack, visit of the exhibition
 
13.30

Presentation of the working groups
 
Electronic signature in practice
Moderation: Matthias Runowski, Carsten Rust, Sagem Orga, Paderborn
In the workshop, the basic principles of electronic signatures will be taught and the necessary infrastructure will be presented. This includes technical, organizational and legal requirements as well as the necessary hardware and software. In particular, the smart card as a secure signature creation device according to the requirements of the legislator will be discussed. Legal principles (e.g. signature legislation, certification processes) and technical security mechanisms are presented.
 
No fear of data protection --- Implementation in practice
Moderation: Manfred Schneider, pro DS Data protection and data security consulting, Paderborn
Efficient, cost-effective and user-friendly data processing systems support companies in the execution of their processes and collect extensive personal data of employees and customers. Different data protection regulations govern the circumstances under which this data may be evaluated and used. If these regulations are not adhered to, not fines / compensation payments, but the expected damage to the company's image are a serious threat to companies. In the course of the workshop, examples will be used to show which legal requirements must be observed and how these can be implemented in a practice-oriented manner.
Target group: management, IT, personnel, marketing and data protection managers, administrators and works councils.
 
What to do if it burns --- importance and structure of an IT emergency precaution concept
Moderation: Jan-Peter Schulz, neam IT-Services GmbH, Paderborn
On the one hand there are legal regulations such as KonTraG, GmbHG, BDSG, on the other hand there are also possible claims for damages as well as enormous image damage, which make extensive IT emergency precautions indispensable.
In this workshop, we will explain the importance and structure of an adapted IT emergency prevention concept and show you efficient planning and implementation of measures in the context of business continuity and disaster recovery.
 
E-mail and Internet in labour law
Moderation: Alexander Wagner, Lawyers, specialist lawyers Wolff, Göbel and Dreier
with the collaboration of DaKim. e.V. and HSM IT-Services GmbH
The workshop E-mail and Internet in Labour Law deals with the current problems surrounding the granting of such benefits to employees. According to the current law, the permission for private emailing and private use of the Internet leads to strong restrictions of the employer's rights. These problems should be recorded and, if necessary, technical solutions, the interests of both sides, employer and employee, should be discussed accordingly. On the other hand, the Federal Labour Court has recently clarified the question under which conditions an employee can be dismissed for unauthorised use of the Internet.
The aim of the event, which is aimed at employers, IT managers and works councils, is to gain an overview of the legal and, in some cases, technical problems with these media so that they are able to develop appropriate solutions for their own operations. After all, the way things are currently being handled in companies cannot remain the same in most cases.
 
IT risk assessment within the framework of ISO/IEC 27001:2005
Approaches, methods, experiences

Moderation: Martin Schneider, Unity AG
The participants will be introduced to different approaches to conducting IT risk assessments that meet the requirements of ISO/IEC 27001:2005. In addition, an IT risk assessment is carried out with the participants using a fictitious example.
 

 

14.00 Coffee break
 
14.30 Parallel working groups
 
16.00 Reports of the working groups in plenary
 
16.50 Summary and closing words
 
17.00 End of the event