11:30 | Workshops 1 to 3 parallel: Workshop 1: HV-Benchmark - an approach to self-assessment Moderation: Thomas Biere, Federal Office for Information Security (BSI), Bonn Workshop 2: Employee data protection - employee data in the hands of employer Moderation: Carola Sieling, lawyer and specialist lawyer for information technology law, Law Office Sieling, Paderborn Employee data are classically processed in the human resources and IT departments, but third parties are also frequently involved. What does the employer know about his employee? What is he allowed to know? The data processing of employees in companies has its limits. This workshop gives an overview of the bodies that process employee data and shows the legal requirements for permissible data processing. By means of a large number of practical examples, it will be shown that these requirements are often, intentionally or unintentionally, not met. Workshop 3: PREVENT - How can data centers be better protected against operational risks in the future? Moderation: Carsten Keller, Wincor Nixdorf International GmbH How can weaknesses in the system be identified by simulating case studies and how can the information obtained be processed in a way that is suitable for management as a basis for decisions on risk minimization? In this context, the joint project PREVENT, which was launched in January 2015 with partners from industry, research, services and the banking sector, is looking at the current situation and some problems in bank computer centres. In the area of conflict between compliance with legal regulations, heterogeneous IT infrastructures that have grown over the years, outsourcing of (financial) services and a constantly increasing risk situation caused by internal and external attackers, the stable operation of these data centres must be maintained and business processes kept alive. Based on some international incidents of the last years, we will name the problem causes identified in the joint project and discuss possible solutions. |
14:15 | Workshops 4 to 6 parallel: Workshop 4: ISIS12 - ISMS for medium-sized companies and organizations Moderation: Alfons Marx, Materna GmbH Information security affects everyone - private, public, small or large organizations. The reasons for this are customer or compliance requirements, legal regulations or strong competitive pressure. As a result, the need for sustainable protection of information is increasingly coming to the fore. ISIS12 (Information Security Management System in 12 Steps) offers medium-sized companies and organizations a process model that is specially tailored to their needs and easy to implement in order to successfully meet the increasing challenges such as industrial espionage, data protection and the need for high IT availability. ISIS12 is on the one hand a simple and cost-effective alternative to the established standard procedures IT-Grundschutz or ISO/IEC 27001, certified by DQS, and on the other hand it serves as a preparation for a desired certification according to these standard procedures. In the workshop the method with its advantages and application scenarios will be presented and discussed. Workshop 5: Self audit data protection Moderation: Manfred Schneider, pro DS Data protection and data security consulting, Paderborn What about data protection in the company? Is everything really "in order" or just "paper is patient"? During the workshop, a checklist will be developed with the participants, which can be used to check the current level of data protection in your own company. Workshop 6: Mobile Security - use mobility, minimize risks Moderation: Dr. Simon Oberthür, Paderborn University; Kai Wittenburg, Neam IT-Service GmbH; Elias Koutsonas, aXon Gesellschaft für Informationssysteme mbH Mobility and flexibility ensure more efficiency and higher productivity in business. Because mobile devices facilitate access to company data and business processes. Therefore, the change to a mobile enterprise is indispensable for many companies for competitive reasons. The market penetration of smartphones has increased dramatically in recent years - especially in the private sector. More and more employees also want to use these technologies in their everyday work, often 'on their own' (shadow IT) in the absence of operational support. What about the protection of company assets and private data on these mobile devices in the context of Mobile Enterprise? What happens, for example, if devices are lost or stolen? The workshop will look into these questions and show the risks of the mobile working world in addition to the possibilities. The importance and cornerstones of a good mobile security concept for companies will be discussed as well as which technologies can be used to implement this concept. |