Foredrag

Coordinated Vulnerability Disclosure and Bug Bounty Programs, benefits and pitfalls
- Julia Hermann, (ISACA Tyskland), Head of Security Architecture and Cyber Defense at Giesecke+Devrient

In the past, IT was driving the tools for the business. Today, “the IT” no longer exists. Tools are selected and implemented by business users. The main driver is digital transformation “”supported by widespread, cheap and ubiquitous technology. At the same time traditional security also is being “digitally transformed” as these new landscapes also expand cyberspace attack surfaces.

Ideally, companies have a well-established cyber defense; in reality, they are often reactive, slow and provide limited visibility of the attack surface, allowing hackers to be that one step ahead. That’s why companies should turn the tables and pay these hackers to challenge the security surrounding products and services. A bug bounty program supports this by opening a path for them to legally monetize their findings.

As Head of Information Security Architecture and Cyber Defense at Giesecke+Devrient GmbH, Julia Hermann is responsible for all technical aspects of IT security within the group. This includes the evaluation of new technologies, the conception of security solutions as well as the technical management of the global Cyber Defense Center with focus on Threat Intelligence, Cyber Resilience and Security Incident Management.

 She has more than 15 years of experience in IT and information security management and has worked as a consultant for a major German telecommunications group and as an information security manager for a European authority. As a certified CISSP, CCSP, CISM and CDPSE she is not only Vice President of the ISACA Chapter Germany e.V. but also a founding member of the (ISC)2 Chapter Germany e.V.

Passordangrep: når selv ikke 2-faktor autentisering er nok - Per Thorsteim

Stortinget ble hacket denne høsten, og det nevnes både dårlige passord og manglende 2-faktor autentisering. Med utgangspunkt i hendelsen vil jeg gi en forklaring av ulike typer passordangrep, hvordan de kan oppdages og begrenses. Videre vil jeg forklare ulike sikkerhetsnivåer av 2-faktor autentisering og hvordan disse kan "hackes" og forbigås. Sist men ikke minst vil jeg forklare risiko-basert autentisering (RBA), og hvordan dette brukes for å få en vektet balanse mellom brukervennlighet og sikkerhet. Og ja, passord alene er som oftest ikke nok.

Per Thorsheim er kjent for å være litt over snittet interessert i passord og digital autentisering. Siden starten i 2010 har han drevet konferansen PasswordsCon, verdens første og eneste konferanse om disse temaene. Han samarbeider med universiteter, myndigheter og bedrifter over hele verden, og bidrar aktivt innen forskning og utvikling. Han jobber nå som Sikkerhetsevangelist i Secure Practice AS, hvor han utvikler e-læringskurs, og jobber med selskapets produkter innen mailsikkerhet, simulert phishing og måling av sikkerhetskultur.

Would your company survive a cyber attack? - Per Morten Sandstad

mnemonic will share insight and cases from the current threat landscape, together with the critical steps for responding to a cyberattack. They will also discuss what measures can be taken to reduce these risks.

As we are becoming more digital, we are opening ourselves up to more and more types of a cyberattack. In recent weeks, many corporations have been put to the test of handling advanced cyberattacks, be it cyber fraud or business email compromise, ransomware, IP theft – or nation-state threat actors using cyber espionage to gain access to sensitive information. Cybercriminals have become highly professional and will do anything to make money and steal valuable information.

Join us in our webinar to gain insight into what is the current cyber threats, what you should do when your company becomes a victim of a cyberattack, and how you best can protect your organization from becoming a victim.