11:00 | Presentation of workshops 1 to 3 then parallel: Workshop 1: Current developments in basic IT protection Moderation: Isabell Münch, Federal Office for Information Security (BSI), Bonn IT basic protection is a standard that is often used in authorities and companies because of its breadth. Isabel Münch from the BSI will hold a workshop on the ideas that the BSI is pursuing to make it easier to identify the areas of basic IT protection that are relevant to the development, operation and certification of the standard. After a short overview of security management with IT basic protection, this workshop will present various areas in which the IT basic protection catalogues are to be restructured. These are, among others, the areas of audit questions, elementary hazards and golden rules. Workshop 2: Social engineering - the easy way to data theft Moderation: Kai Wittenburg, managing director, neam IT-Services GmbH, Paderborn The workshop shows at which points employees run the risk of unknowingly passing on sensitive business data and how companies can identify and remedy security gaps. Workshop 3: The new identity card: better than its reputation! Moderation: Juniorprofessor Dr. Christoph Sorge, Paderborn University The "new identity card" offers some innovations in addition to the functions of classic identity documents: For example, it can be used as "ID card for the web" and can be used to confirm the holder's address, but it can also generate pseudonyms to prevent tracking of ID card holders. In addition, as a so-called secure signature creation device, the ID card can also generate qualified electronic signatures if the user procures a corresponding certificate. However, the new ID card is also being criticised, both for its cost and for security and data protection concerns. The workshop is intended to clarify what to think of the technology of the ID card and how it can be used sensibly. |
14:00 | Presentation of workshops 4 to 6 then parallel: Workshop 4: Security and compliance in virtual infrastructures Moderation: Dipl.-Ing. (FH) David Haase, Janz IT AG, Paderborn Virtualization, especially server or desktop virtualization, is still one of the most attractive topics in IT. Especially in the field of cloud computing, where complex applications and services are abstracted from hardware and software and made available across the Internet, virtualization is one of the most fundamentally important technologies. In the course of virtualization projects, however, critical points such as security and compliance are often not taken into account or only superficially considered. One of the most common mistakes is the exclusive transfer of physical security concepts to the virtual world. David Haase, Senior IT-Consultant at Janz IT AG, discusses the differences between security and compliance and focuses on the new challenges regarding IT security in virtual infrastructures. Practical examples from the field will be taken up and new solution approaches will be presented. Workshop 5: Physical and environmental security in data centers Moderation: Dipl.-Ing. Alfons Marx, Dipl.-Ing. Roland Broch, eco – Verband der deutschen Internetwirtshaft e. V., Cologne The workshop focuses on issues of physical security such as security in the server room, availability and redundancies of the building infrastructure up to the secure workplace. They will be compared with the goals and requirements from the perspective of integrated management systems (quality, information security, processes). Workshop 6: Data protection in the workplace - the new employee data protection law Moderation: Carola Sieling, lawyer and specialist lawyer for information technology law, Law Office Sieling, Paderborn For decades there has been a debate about the need for legal regulations for the data protection of employees in companies. Case-by-case jurisdiction is risky for all parties involved, which is why explicit codification is a major advance. Following the first amendment in 2009 - the introduction of Section 32 BDSG - the legislator has now tackled a more comprehensive amendment to employee data protection law. This workshop will provide you with an overview of the future data protection requirements in the employment relationship as well as when taking up and ending employment. In particular, the focus is on the new regulations on Internet and e-mail communication at the workplace, video surveillance and data reconciliation, as well as on the possibility for works councils and employees to give their consent. |