11:00 | Presentation of workshops 1 to 3 then parallel: Workshop 1: Security aspects in the introduction of server and SAN virtualization - a practical report Moderation: Ralph Grieser, SHE Informationstechnologie AG, Ludwigshafen Workshop 2: Smartcard - wonder weapon against security problems!? Moderation: Dr. Volker Krummel, Matthias Runowski, WINCOR NIXDORF International GmbH, Paderborn Modern smart cards are fully-fledged computers in credit card format, whose performance has improved enormously in recent years. This improvement and their hardware-based protection mechanisms make them an interesting platform for security-relevant applications in various areas. For example, smartcards have become indispensable in the field of access control, user authentication, etc. But also the protection of userless terminals and automats can be realized with the help of smart cards as a security-relevant component. For example, encryption and authentication of data lines can be realized with the help of smart cards. In this workshop, possibilities are shown how security functionalities can be realized with the current state of the art of smart card technology. The focus is on the technical implementation as well as the accompanying processes and measures that require such an implementation during operation. This includes on the one hand the adaptation of smart cards to individual requirements regarding the cryptographic algorithms and key lengths used, but also the integration into existing infrastructures. It is discussed how key management within a public key infrastructure (PKI) and the associated personalization processes can be realized. Furthermore, it will be explained how smart cards can be personalized with certificates based on existing standards and how these can be used to exchange authenticated keys between different devices. Workshop 3: Effects of the new data protection act Moderation: Manfred Scheider, pro DS Data protection and data security consulting, Paderborn The legislator has amended the Federal Data Protection Act in several stages. Companies must now adapt their data protection organisation to the changed or newly added regulations. Aim of the workshop: make changes transparent and show their effects. |
14:00 | Presentation of the working groups 4 to 6 then parallel: Workshop 4: Emergency management Moderation: Dr. Benedikt Schmidt, Restart Gesellschaft für Back-up Systeme mbH, Hannover / Anton Schäfers, TELiT - Telekommunikation und IT GmbH, Paderborn Fires, explosions, substance leaks, accidents or negligently or intentionally caused actions can have serious effects on the production capability of a company and permanently damage people, the environment, fixed assets and image. Emergency precautions include, among other things, measures aimed at restoring operational capability after an IT system has failed. IT, telephone, LAN (incl. W-LAN) and WAN are nowadays very closely linked and must be considered as a whole. The first steps in planning and design are the identification of threat scenarios and a risk assessment. Important assessment criteria are the survival time of the company without communication technology and the losses (turnover, profit) due to the IT failure. In the workshop different approaches and procedures will be presented and discussed with the participants. A rough framework for an emergency manual is thus developed together. Workshop 5: Trusted Computing: requirements and applications Moderation: Ronald Petrlic, Paderborn University "Trusted Computing", usually associated with Digital Rights Management (DRM), was a much discussed and highly controversial topic at the beginning of this century. An operating system announced by Microsoft at that time, which was to make full use of this technology, has not yet been launched on the market - only "BitLocker", a system for drive encryption, was developed in this context and was introduced with Windows Vista. In recent years, there has been a lot of silence about trusted computing. Nevertheless, today, one is prepared for a broad use through a wide distribution of so-called "Trusted Platform Modules" (TPMs), which are the basis for Trusted Computing. Even more so in the business sector, where this technology can provide new solutions for many IT security problems, than in the private sector, where DRM in particular will be used. With more than 250 million TPMs sold and installed in most (business) notebooks (source: IDC), it will be interesting to see which application can give this technology the necessary boost and thus help it to achieve a final breakthrough. At the beginning of the workshop, the basics of Trusted Computing will be briefly discussed, followed by an overview of the functionality of TPMs. The presenter will especially focus on some practical application areas where Trusted Computing is already in use today and where the chances (and risks) of its use may lie in the future. Workshop 6: New requirements for commissioned data processing Moderation: Carola Sieling, lawyer and specialist lawyer for information technology law, Law Office Sieling, Paderborn Since 1.9.2009 the new § 11 BDSG has been in force. The amendment is a reaction to the shortcomings previously identified in practice in the award of contracts. Deficiencies in the award of contracts and the waiving of controls can now also be punished by a fine. The conditions to be specified in the contract are listed enumeratively. This results in a specific process sequence for the award of the contract, which is the subject of the workshop in addition to the development of model clauses. |