3rd Pader­born Day of IT Se­cur­ity, 3 April 2008

Programme

09:00

Get together, visit of the exhibition
 

09:30-09:40

Welcome
Prof. Dr. Gregor Engels, Paderborn University, Paderborn Forum “Industry meets Computer Science trifft Informatik“
 

09:40-10:30

Plenary lecture
 
Prof. Dr. Günter Müller, University of Freiburg, Institute for Computer Science and Society, Department of Telematics
 

10:30-11:00

Break
 

11:00-13.00

Presentation of the working groups 1 to 3 (3x5 min.),
then parallel:
 
Manfred Schneider, pro DS Data protection and data security consulting:
The data protection supervisory authority is coming - what to do?
The use of data processing systems is essential for companies in today's world. In addition to business management data, personal information about customers and employees is also stored extensively.
For more than thirty years, data protection regulations, including those of the German Federal Data Protection Act (BDSG), have been observed, regardless of whether personal data is processed in data processing systems or manually.
Despite the long lead time, many companies only become aware of the fact that data protection law defaults exist when the authorities announce that they want to check compliance with the regulations on site.
In the course of the workshop, information will be provided on the authority and requirements of the supervisory authority and how companies can successfully prepare for such an audit.
 
Fabian Henniges, economore GmbH & Co KG, Rainer Funke, Institute for Computer Science:
Security in VoIP systems
VoIP promises cost reductions through the substitution of separate switching technologies with IP networks. Not only are security risks of IP technology directly transferred to voice communication, but new protocols also create new attack scenarios.
The workshop will discuss threats, demonstrate attacks and present countermeasures.
 
Thomas Hübner, Sagem Orga:
Electronic signature in practice
In the workshop, the basic principles of electronic signatures will be taught and the necessary infrastructure will be presented. This includes technical, organizational and legal requirements as well as the necessary hardware and software. In particular, the smart card as a secure signature creation device according to the requirements of the legislator will be discussed. Legal principles (e.g. signature legislation, certification processes) and technical security mechanisms are presented.
 

 

13:00-14:00 Lunch break, visit of the exhibition
 
13:40-16:00

Presentation of the working groups 4 to 5 (2x5 min.),
then parallel:
 
Michael Förtsch, Federal Office for Information Security (BSI), Bonn
Jan-PeterSchulz, neam IT-Services GmbH, Paderborn:
IT security management in practice - effective use of the BSI's GSTOOL when creating IT security concepts
With GSTOOL, the BSI has been selling a software for almost 10 years now which is intended to support all those who are entrusted with the design, creation or updating of IT security concepts according to IT basic protection. GSTOOL is an easy-to-use database application with a graphical user interface, which is designed to enable efficient and intelligent data storage of all required data in the network.
In this working group, the responsible project manager at the BSI will first present the software and its (success) history and give an outlook on the future of GSTOOL.
The business unit manager Security of neam IT-Services GmbH will report on the possibilities and limits of using GSTOOL for the creation and implementation of an IT security concept on the basis of a concrete project.
In the sense of an exchange of experiences the participants of this workshop will have the opportunity to discuss with the other participants and the two speakers.
 
Prof. Dr. Johannes Blömer, Paderborn University:
Encryption in daily use - protected communication and secure data storage
In today's age of global networking, service offerings such as e-mail are often used to exchange all kinds of data, including sensitive data, with authorized persons. How easy it can be for unauthorized third parties to eavesdrop on this communication can be seen time and again in the media; keyword industrial espionage. Also, more and more often sensitive company or customer data is carried by employees on laptops around the world. If the laptop is stolen, the company's existence can be threatened. Despite such dangers, the proportion of companies that actively tackle this problem is relatively low.
One approach to solving such problems is the use of cryptography. Cryptography is an effective means of ensuring the security of sensitive data. There is a multitude of cryptographic procedures and protocols for almost every application. However, the establishment of cryptography in a company requires a certain amount of preparation and, above all, know-how in order to ensure the desired objectives, such as confidentiality of data or authentication of communication partners. Here, quick fixes under the motto "A lot helps a lot" can create more problems than they solve.
In this workshop we would like to cover some typical use cases in which cryptography can significantly improve the security of company data. We will first examine the threat posed by the respective type of data processing. Subsequently, we will present possible solutions.
 

 

16:00-16:30 Reports of the working groups in plenary
 
16:30-16:45 Summary, farewell