9th Pader­born Day of IT Se­cur­ity, 27 March 2014

Programme

09:00 Get together
 
09:30 Welcome
Professor Dr. Gregor Engels, Paderborn University, Paderborn Forum "Industry meets Computer Science"
 
09:40 Keynote lecture
Challenges to IT security in the 21st century
Prof. Dr. Norbert Pohlmann, Westfälische Hochschule, Gelsenkirchen
 
10:30 Break
 
11:00 Presentation of the workshops
 
11:30

Workshops 1 to 3 parallel:
 
Workshop 1:
Emergency management according to BSI standard 100-4
Moderation: Thomas Biere, Federal Office for Information Security (BSI), Bonn
Emergency management, also known as "business continuity", is becoming increasingly important in the networked world. First of all, the workshop will provide an introduction to the problem, especially to the integration and systematics of the standard. In addition, points of contact and delimitations with regard to IS management will be pointed out. Subsequently, problems associated with the introduction of emergency management will be discussed with the workshop participants.

 
Workshop 2:
How safe is "safe"? - How much does the NSA know and can do?
Moderation: Prof. Dr. Johannes Blömer / Jun.-Prof. Dr. Christoph Sorge, Paderborn University
The debate on the extent of the interception activities of NSAs and other intelligence agencies once again reminds us of the importance of IT security measures. However, confidence in these measures themselves has also been shaken - after all, there are indications of security loopholes that have been deliberately smuggled into products by the NSA. But how far does this influence extend? Are the standards on which security solutions are built worldwide also affected? In the workshop we will try to find answers to these questions and discuss possible reactions to Edward Snowden's revelations.

 
Workshop 3:
Data protection and marketing

Moderation: Carola Sieling, lawyer and specialist lawyer for information technology law, Law Office Sieling, Paderborn
How to design (electronic) communication with the customer in a way that complies with data protection regulations? Where are the limits of user tracking, web analysis, Facebook, e-mail and newsletter marketing? What are the consequences if you do not take them into account? In this workshop, the permissible handling of customer data will be explained to you on the basis of current judgements and many examples.
 

 

13:30 Lunch break with snack
  
14:15

Workshops 4 to 6 parallel:
 
Workshop 4:
Secure IT operation in medium-sized businesses - wish, reality and ways using the example of an SAP system

Moderation: Christian Micus, Lynx-Consulting GmbH, Bielefeld
In this lecture, safety-critical topics that may currently pose a threat to business application systems will be highlighted. Standard software is often based on supposedly secure applications that only require appropriate user and authorization maintenance. However, there are numerous open flanks that allow an attacker to access systems in an application landscape. The example of an SAP system shows where these open edges are found and what can be done to ensure secure operation.
 
Workshop 5:
E-mail encryption: communication without readers in practice
Moderation: Stefan Cink, Net at Work GmbH, Paderborn
The workshop explains how e-mail encryption works in general and presents alternative solutions from freelancers to large companies. In a practical part, e-mail encryption will be demonstrated with common e-mail software for PCs, smartphones and on the basis of a gateway for corporate use. The lecture takes up the current discussion about the security of keys and presents alternative, pragmatic procedures for more data protection.
 
Workshop 6:
Management of mobile devices: technical and data protection requirements for mixed operation private/professional
Moderation: Prof. Dr. Gudrun Oevel, Paderborn University; Manfred Schneider, pro DS Data protection and data security consulting, Paderborn
The aim of the workshop is to present and discuss basic functionalities of Mobile Device Management systems against the background of requirements, application scenarios and data protection issues.
 

16:15 Reports of the working groups in plenary
 
16:30 Summary, closing words
 
16:45 End of the event