Workshops 1 to 3 parallel:
 
Workshop 1:
Emergency management and high availability
Moderation: Thomas Biere, Federal Office for Information Security (BSI), Bonn
The workshop will deal with the topic of securing critical business processes through emergency management, with special emphasis on the aspect of high availability. In addition to technical components, the BSI believes that an important focus will be on service processes, which will be discussed with the participants.
 
Workshop 2:
EU data protection basic regulation - the new data protection law
Moderation: Carola Sieling, lawyer and specialist lawyer for information technology law, Law Office Sieling, Paderborn
Goodbye BDSG, hello DSGVO! The new basic data protection regulation will come into force from 25.05.2018. The speaker will be available for questions and answers. In this workshop, an overview of the new data protection law and its effects on business practice will be given. In exchange with the participants, a to-do list will be created to better prepare your company for the amendment.
 
Workshop 3:
Ransomware - What to do when malware encrypts important data?
Moderation: Gerd Conrad, baramundi Software AG, Augsburg 
In the workshop the phenomenon, the type and the basics of the attack are explained as an introduction. Subsequently, protective measures are presented and options for action as well as damage limitation in case of a successful attack are developed. All topics are discussed and worked out interactively with the participants.
 

Workshops 4 to 6 parallel:
 
Workshop 4:
Threat and risk management: sensible prioritisation of IT security measures
Moderation: Professor Dr. Eric Bodden, Paderborn University
The principle of Security by Design states that security should be considered in all phases of the development cycle of a product. This includes a wide range of measures and is not least a significant cost driver. Therefore, you may also be asking yourself how you can prioritize IT security measures in a sensible way. We will first introduce you to current methods and tools for threat analysis and risk management. Using an example scenario, we will then playfully try out the presented measures with you, so that you get a better feeling for the methods.
 
Workshop 5:
Procedure directory - everything new with DSGVO?
Moderation: Manfred Schneider, pro DS Data protection and data security consulting, Paderborn
The basic data protection regulation, to be applied from May 2018, extends the requirements for data protection documentation. An important component is the list of processing activities (Art. 30 DSGVO). From May 2018 also applies: no directory => fine
What needs to be documented and to what extent, what information is mandatory, what exceptions are there and what is the role of the data protection officer?
In the workshop, information on the procedure will be exchanged with those present and tips for implementing this DSGVO requirement will be developed.
 
Workshop 6:
SIEM - Security Information and Event Management: How do I get control of my data?
Moderation: Katharine Brylski, iT-CUBE SYSTEMS AG, Munich
Every second, operating systems, applications and network devices in a company generate logs. These logs record a variety of events, such as the creation of a new user, the transfer of a file, or the deactivation of a system service. A central analysis of this log data enables, among other things:
 

• Detection of security incidents
• Detection of data theft (IP loss)
• Real-time monitoring of business critical systems
• Adherence to compliance requirements
• Cross-System Troubleshooting

The workshop will first give an introduction to the topic SIEM. Afterwards, use cases will be developed together with the participants to uncover security incidents in the company.