Marc Heinzmann: Praxisbericht von Sicherheitsprüfungen in der Wirtschaft

(IT security audits in industry)

plan42 GmbH

Abstract:

IT security vulnerabilities should be identified as part of a security audit. This lecture utilizes concrete examples to explain how technical security audits are performed and what type of vulnerabilities are uncovered in real IT environments.

Profile

Marc Heinzmann is Senior IT Security Consultant at Munich-basednplan42 GmbH. He studied computer science at TUM and has focused on the area of information security since 1995. Prior to founding plan42 GmbH, Marc Heinzmann was a systems engineer at a security software company where he was involved in firewalls, IDs and encryption. He currently consults in the field of information security and is active in areas such as the development of management systems for information security, IT risk management, preparation for security certifications such as ISO 27001, security audits and penetration tests. He is a licensed ISO 27001 auditor based on the BSI IT Grundschutz catalog and a certified IS revisions and IS consulting specialist. Both of the ELSTER clearing houses operated by the German finance authorities were initially certified by Marc Heinzmann in accordance with ISO 27001/BSI IT Grundschutz catalog in 2008, monitored each year and re-certified every three years.

Thomas Neeff: Datenschutz und IT-Sicherheit fängt bei mir an: Was kann ich selbst tun?

(Data protection and IT security start with me. What can I do on my own? )

TEN Consult

Abstract

This lecture takes a pointed and entertaining look at data protection and IT security awareness and provides food-for-thought and practical behavior tips on how we can increase our own personal level of data protection and IT security on a daily basis.

Thomas Neeff describes his own experiences as a consultant for IT Service, Security & Data Privacy Management und illustrates aspects that are not perceived as data protection or IT security measures at first glance.

Profile

Thomas Neeff is a free-lance IT auditor and IT management consultant who specializes in IT service management, data protection and IT security management. He received a degree in information management from the University of Mannheim and worked for well-known industrial companies prior to launching his freelance career. His activities focus on the development of IT management systems and auditing, as well as the implementation of regulatory requirements in IT organization processes.

Wilfried Reiners: Datenschutz in der Cloud

PRW Rechtsanwälte 

Abstract:

Cloud computing allows companies to make software, storage capacity and computing services available via the Internet on a customer-specific basis, thus offering needs-based, flexible usage billed in accordance with the range of functions, usage duration and number of users. Location-independent access is enabled through various end user devices such as laptops, tablet PCs and smartphones, so that access to the required information (e-mails, business applications) is possible nearly around-the-clock. This allows IT operators to create new business models. Although the entire German industry should profit from the advantages of cloud computing, there is one thing the advantages of cloud computing views with a certain level of skepticism: data protection. This lecture explains whether a new technology is rightly being condemned and whether this judgment is premature.

Profile

Wilfried Reiners (MBA) studied law and business sciences in Munich and San Diego. After a successful career at an international consulting firm, in 1989 he founded the PRW Law Office to focus on IT law. Mr Reiners specializes in developing and negotiating project contracts, in addition to data management, outsourcing and cloud computing. The law office works on behalf of manufacturers and their partners. Mr Reiners lectures on international e-business and compliance at the Munich Business School, a private European university.

Florian Seitner: Cyberspionage in Wissenschaft und Forschung

(Cyber espionage in science and research)

Cyber-Allianz-Zentrum Bayern des bayerischen Landesamt für Verfassungsschutz

Abstract

Industrial espionage has always been a focal point of foreign intelligence agency activities around the world. In the information age this especially includes cyber espionage. The Bavarian government created the Bavarian Cyber Alliance Center in July 2013 and made it part of the Bavarian State Office for the Protection of the Constitution in response to this constantly-growing threat. The center, which advises companies, research institutes and operators of critical infrastructures on how to prevent and clarify targeted cyber attacks, serves as a confidential point of contact and centralized government control and coordination point in the area of cyber espionage and cyber sabotage. Without getting into the bits and bytes, this lecture sheds light on the various methods and approaches used by foreign intelligence agencies to conduct cyber espionage while reflecting the experiences of the day-to-day activities of the Cyber Alliance Center.

Profile

Florian Seitner studied business and law and was active in international business prior to joining the Cyber Alliance Center. In his current function, he advises companies, trade associations, operators of critical infrastructures and research institutes on ways to prevent and clarify cyber attacks.

Rüdiger Trost: Cybercrime & Cyberwar

F-Secure GmbH

Abstract

Is so much of the Internet really free? A glance at the terms and conditions often explains how we pay for services: with data. This lecture delves into this trend through several examples and provides an outlook on the risks associated with the Internet of Things, which could impact not only the manufacturing industry, but all of us as individuals as well.

Profile:

As a security consultant, Rüdiger Trost advises and helps companies develop and implement comprehensive security concepts and solutions. Mr Trost developed his in-depth knowledge about content security through various technical positions at well-known system houses and manufacturers.

Steffen Ullrich: Realitätscheck - was leisten Firewalls und Virenscanner wirklich (Theoretische und praktische Limitierungen üblicher Sicherheitstechnologien)

(Reality check – What firewalls and virus scans really contribute (the theoretical and practical limitations of security technologies))

genua GmbH

Abstract

This lecture provides an overview of the underlying firewall and virus scanner technologies and shows their limitations. This includes theoretical limitations that arise when selecting the technology, plus other practical limitations that are due to performance or price requirements. Mr Ullrich uses concrete examples to show easy it is to circumvent security technologies. The lecture aims to give users the tools to critically analyze the manufacturer's promises and more realistically assess the risks.

Profile

Steffen Ullrich joined genua GmbH in 2001 and was significantly involved in the development of the high-resistance "genugate" firewall product. Over the past few years he has focused his work on research projects related to Web 2.0 security and defending targeted cyber attacks.

Tobias Schrödel: Ich glaube, es h@ckt - IT Sicherheit mal anders & für Jedermann

(I think I've been h@cked - A new take on IT security for the common man)

www.ich-glaube-es-hackt.de, www.comedyhacker.de

Abstract:

Tobias Schrödel brings you closer to the world of the hacker and together with you, peeks into the information technology "poison cabinet." In his entertaining lectures, he reveals computer and mobile phone vulnerabilities that affect all of us.

Profile

Tobias Schrödel is Germany's first "IT comedian, as the CHIP magazine once described him. Mr Schrödel does in fact have a knack for explaining system vulnerabilities and contexts for the average guy in an amusing way. The computer specialist was a consultant at a large global information and communications service provider for many years, and thus knows what he's talking about. For the past three years he has appeared regularly on the German television show "stern TV" whenever the subject of computers and IT security is discussed.