4th Pader­born Day of IT Se­cur­ity, 26 March 2009

Programme

09:00 Get together, visit of the exhibition
 
09:30 Welcome
Professor Dr. Gregor Engels, Paderborn University, Paderborn Forum "Industry meets Computer Science"
 
09:40 Plenary lecture
 
Challenges and trends in e-ID solutions
Dr. Walter Fumy, Bundesdruckerei GmbH, Berlin
 
10:30 Break
 
11:00

Presentation of workshops 1 to 3
then parallel:
 
Workshop 1: New security standards for sovereign documents
Speakers: Holger Funke, Olga Käthler, HJP Consulting GmbH
In this workshop, the security standards of the contactless chip card technology used will be demonstrated on the basis of the passport (ePassport), which was already published in 2005, and the identity card (ePA), which will be published in 2010. The two speakers will explain which security functions are used in the ePassport and which new functions will be used in the future ePA. A practical part will demonstrate how to read the data of the passport with freely available software.
 
Workshop 2: Industrial espionage in Web 2.0 - how critical information flows out of the company through social networks and Web 2.0 applications and what can be done against it
Speaker: Jürgen Krammer, Arenga GmbH
Under the keyword "Web 2.0", new communication and marketing structures have emerged on the Internet. But what does this mean for companies and organisations? The focus of the presentation will be on the risks involved.
Under the title "industrial espionage in the Web 2,0" Jürgen Krammer, managing director of the Arenga GmbH with seat in Rhine brook, will report from practice.
The audience will learn how information flows out of companies through Web 2.0 applications and social networks, what damage is caused by this and how entrepreneurs can take countermeasures.
The specialist for information networks will use sample websites such as XING, StudiVZ and ICQ to give a live demonstration of how confidential information can reach unauthorized persons.
Krammer will show which seemingly unimportant information allows concrete conclusions to be drawn about the state of a company and how employees are unconsciously made the accomplices of espionage attacks using the simplest of methods.
The lecture will end with concrete tips for managers and entrepreneurs.
 
Workshop 3: Security in service-oriented architectures
Speakers: Dr. Gudrun Oevel, Stefan Sauer, IMT / s-lab, Paderborn University
Service-oriented architectures (SOA) are an approach to the realization of complex IT systems in order to flexibly map the business processes of companies to services. Security must be considered both at the design level and during implementation.
The workshop gives a general introduction to service-oriented architectures and addresses basic security aspects and protective measures.
 
 

13:00 Lunch break with snack, visit of the exhibition
 
14:00

Presentation of workshops 4 to 6
then parallel:
 
Workshop 4: Security in virtualization environments
Speaker: Ralph Grieser, SHE Informationstechnologie AG, Bonn
The adoption of virtualization technologies in data centers is advancing rapidly in terms of cost savings for many companies, combined with the ease of deploying high availability solutions.
The use of virtualization takes into account not only the server worlds, but increasingly also the area of workstation PCs. Virtualization is thus a component that is no longer reserved exclusively for administrators in data centers. Rather, the use of virtualization technologies in the area of workstation PCs represents a new component for the user as well.
Also against the background of the associated higher penetration of virtualization in companies, it is evident that increased security requirements exist for the use of corresponding solutions. This concerns both the protection of the systems against viruses and Trojans, as well as for example the unauthorized takeover of the systems by hackers with the aim of information outflow. Other issues to be considered when planning and operating virtualisation solutions include:
 

  • What is the current risk situation?
  • Which safety aspects must be taken into account in planning?
  • What is necessary for a safe operation of virtualization environments?
  • Where are the possibilities and limits of virtualization?

You will get answers to these and similar questions in the workshop "Security in virtualization environments".
 
Workshop 5: IT basic protection - the basis for information security
Speaker: Gaby Scheer-Gumm, Federal Office for Information Security (BSI), Bonn
The processing of data without the support of information and communication technology is hardly conceivable today. The protection of these processing systems and the environment is therefore becoming increasingly important. If disruptions occur around the IT, this can quickly have far-reaching consequences. Especially if important information is lost, high losses can occur. In order to maintain business processes as trouble-free as possible and to avert damage, factors such as availability, confidentiality and integrity of information are of great importance.
Due to these constantly growing requirements, many users ask themselves how they can achieve more security as quickly as possible and by what means. The use of basic IT protection offers very good solutions to this problem.
It shows a simple method to identify typical security gaps and to implement appropriate security measures based on the state of the art. For this purpose, the BSI provides a variety of tools with which an appropriate security level can be achieved. In addition to the IT basic protection catalogues, these include the various BSI standards and the GSTOOL. The lecture will introduce the IT basic protection method and present current news from this area.
 
Workshop 6: Data protection as an advertising advantage
Speaker: Carola Sieling, lawyer and specialist lawyer for information technology law, Law Office Sieling, Paderborn-Hamburg
Practically every company is also present on the Internet. What used to be considered an annoying obligation to avoid fines is now regarded as a figurehead for the handling of customer data. The workshop shows that data protection should be used by companies as an advertising advantage rather than being seen by companies as a stumbling block for online marketing and gives participants concrete advice on how to design data protection notices.
 

16:00 Reports of the working groups in plenary
 
16:30 Summary, closing words
 
17:00 End of the event