Conference: "Practical IT Security"

Practical IT Security (previously called the Rhineland Convention on IT Security) is an annual industry and science conference on IT security, which Germany has hosted since 1991. The results of the conference (identified IT security issues and solution proposals) are used in science and policy making, and by industry. Scientific and policy implementation is handled by the specialist group Betrieb von Informations- und Kommunikationssystemen (BIK, Operation of Information and Communications Systems) of the Gesellschaft für Informatik (GI, Society for Information Processing). At the industrial end, the results are used by the makers of IT security hardware and software, with the objective of further optimizing their products.

The conference objective is to offer an integral view of IT security. During the convention, issues are identified and solution ideas from science and industrial users are introduced and discussed on different levels of abstraction. The delegates share experience and information from technical, legal and strategic viewpoints. Ultimately, the aim is that everyone involved in IT security takes home practical benefits for their everyday work.

Last year the 19th Practical IT Security Conference was organized by the Fraunhofer INT and Infodas GmbH, taking place on November 11/12, 2009. A total of 42 IT experts attended the event, which, as usual, focused on the exchange of IT security experience. The presentations addressed such issues as the protection of know-how, the threats to Internet use inherent in organized crime, and the security aspects of cloud computing and virtualization. On the premises of the Chamber of Industry and Commerce (IHK) in Neuss, keynote speakers and participants gave interesting insights into the practical implementation of IT security strategies, generating much follow-on discussion. During the opening phase, the Gesellschaft für Informatik (GI) and the user association Connect Deutschland (formerly DECUS) welcomed participants and provided a brief overview of their activities. In addition, the Organization Committee reported on the latest conference developments and placed strategies for the organization of the 20th Practical IT Security Conference on the agenda. The Ministry of the Interior of the German State of North-Rhine Westphalia addressed the subject of industrial espionage. Wilfried Karden gave the delegates an overview of the enormity of the threat for our business and research secrets and explained why more and more time and money needs to be spent to achieve a reasonable level of information security - independent of the cost of complying with statutory requirements. Introduced were findings from the communications sector (use of mobile phones, e-mail), data media (such as Notebooks, USB sticks, etc.), as well as new insights into the use of key loggers, malware and risks inherent in special procedures. Robert Jäger of the BKA (German Federal Criminal Police Office) reported on the threats that organized crime poses for the Internet. His report also covered hot button issues such as credit card abuse and online banking attacks.

Dr.Gerhard Weck (Infodas) explained how the BSI (German Federal Office for Information Security) interprets terms such as information security audits on the basis of fundamental IT protection and stated that periodic audits on this basis will become mandatory for the institutions of the Federal Administration. At the close of Day I, Sven Türpe (Fraunhofer SIT, Institute for Secure Information Technology) highlighted browser security. He explained the parameters that have to be set up for the most frequently-used browsers, to ensure that the browsers actually provide a minimum level of security. Mr. Türpe works in a testing laboratory at a Fraunhofer Institute and dampened our hopes for a truly secure Internet browser.

On the second day, various developments such as cloud computing, GRID computing and virtualization were analyzed. Mark-Philipp Kost (EMC) titled his presentation "From the virtualized data center to the private cloud - strategies and solutions for cloud computing of VMware, CISCO and EMC" , which highlighted EMC's stance on the matter. Benjamin Schmidt of Zimory provided a similar overview from the angle of a German research institution and Germany's largest software developer, T-Systems. Harald Speckbrock of RSA gave the presentation that had been announced the year before, on the topic of secure virtualization utilizing VMware. Reinhard Zimmer, of Syncsort, subsequently elaborated on the secure implementation of effective back-up in a virtual environment.

The final highlight was the presentation Information Security 2010 by Prof. Hartmut Pohl from the Bonn-Rhein-Sieg University of Applied Sciences. He demonstrated the technical aspects of the race between the discovery of a security gap (for instance in an operating system) and criminals taking advantage of such gaps, and the attempt to close this gap as expeditiously as possible. One of the major insights gained during the event was that while IT security breaches are performed by highly qualified and well trained specialists with superior insider knowledge, many less well trained hackers are indeed in a position to launch almost professional level attacks because of their access to easily obtainable tools. Given the wide variety of configuration and combination options that today's hacker tools offer, defense against these attacks proves to be extremely difficult. Cyber crime is unfortunately a field that allows perpetrators to earn so much money that the sometimes immense costs at the hackers' end appear to be worth it. Ultimately, it must be noted that IT security measures can never guarantee 100 % security, meaning that the confidential information of a company, which usually totals only about 5 % of the overall data volume, should either not be processed with information technology tools at all, or only in physically separated networks.

This conference was co-sponsored by

Innenministerium NRW - (Ministry of the Interior of North Rhine-Westphalia)

Bundeskriminalamt (BKA) (Federal Criminal Police Office)

Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security)

EMC Deutschland GmbH

Syncsort GmbH

Zimory GmbH

Hochschule für Telekommunikation Leipzig (HfTL) (Deutsche Telekom University of Applied Sciences

Fraunhofer SIT (Institute for Secure Information Technology)

Fraunhofer IAIS (Institute for Intelligent Analysis and Information Systems)

Fraunhofer INT (Institute for Technological Trend Analysis)

Connect Deutschland

Gesellschaft für Informatik e.V. (GI) - Fachgruppe BIK (Society for Information processing - specialist group Operation of Information and Communications Systems)

Lesezeichen setzen bei 

• Google
• delicious
• Webnews
• Linkarena
• Mr. Wong
• Stumbleupon
• Yigg