INFOSEK 2007 - Nova Gorica
22. - 23. 11. 2007
Read the past conference participants opinions.

Pleasant ambient with plenty of useful informations.

Katarina Šubic, Lekarna Ljubljana



Protect, detect & respond - 3 key pillars of IT security, Zsolt Pótor, Softline
Successful businesses realize and leverage the power of mobility to support employee productivity and collaboration. Companies need to be prepared to mitigate the risks of providing freedom and space to the employees. IT needs to meet compliance and regulatory standards, maintain company security policies and requirements, and detect threats — all the while giving workers a better and more productive experience, so that they’re motivated to follow protocol. The 3 key pillars of IT security ensure management and protection across four key layers, users, device, app, and data – for employees, business partners, and customers while providing them access to everything they need from anywhere and any device.

SQL Server Encryption Everywhere, Tobiasz Janusz Koprowski, Shadowland Consulting 
One of the easiest ways to protect our data is by using encryption. A decade ago it was a very expensive process, we need to have enterprise licenses around us. Now - in the advent of AD 2019 - we only need to spend some time to implement it. Transparent Data Encryption, Dynamic Data Masking, Client Encrypted Connection, Always Encrypted and BitLocker - all of those features are available for free. So... Let's Encrypt Everything!

Resilience and crisis management, Roger Gomm, Roger Gomm Ltd. & Metropolitan police
Areas: What is a crisis? Processes that drive crisis management – situation – direction – action; application of Integrated Emergency Management (IEM); example of a cyber threat scenario ‘prepare’, respond, recovery.

NAT64 eksperimenti v Go6Lab-u in orodje NAT64Check, Jan Žorž, Go6 / Internet Society
As many mobile operators were moving to IPv6 only which is incompatible with IPv4 on the wire, it’s necessary to employ transition mechanisms such as 464XLAT or NAT64. The Go6lab NAT64/DNS64 testbed was therefore established so that operators, service providers, and hardware and software vendors can see how their solutions work in these environments.
This has already generated significant interest, and instructions on how to participate are available on the Go6lab website.
When using NAT64 there are many things that need to be checked to ensure they work correctly. NAT64check has therefore been developed to allow websites to be checked for consistency over IPv4, IPv6-only and NAT64, as well to compare responsiveness using the different protocols. This allows network and system administrators to easily identify anything is ‘broken’ and to pinpoint where the problems are occurring, thus allowing any non-IPv6 compatible elements on the website to be fixed. For example, even if a web server is not running IPv6 (why not?), hardcoded
IPv4 addresses can cause NAT64 to fail.

Industry 4.0 Under Attack: On the Security of Industrial Robot, Marcello Pogliani, Politecnico di Milano
The fourth industrial revolution calls for interconnected controlled manufacturing systems, from industrial robots, to 3D printers, and more.
Despite the obvious advantages of the Industry 4.0 paradigm, from the ease of maintenance to the increased productivity, the interconnection raises important (cyber)security concerns.
To shed a light on this topic, we recently analyzed the security of modern industrial robots: the most representative instance of a complex and automatically controlled industrial device.
In this talk, we cover the main aspects of our research, demonstrating how attackers can compromise industrial robots up to the point where they can alter the manufactured product, physically damage the robot, steal industry secrets, or injure humans. We will explain what makes these devices attractive for attackers, whether they are hard to compromise, and why it is challenging to improve their security.

4th Pillar, Tali Režun, 4th Pillar
4th Pillar is a technology infrastructure, where we are developing several projects – FOURdx, FOURid, and FOURhr. Up to now, nobody has created a DLT based multiple wallet and document management system that is capable of handling the professional needs of an organization and the individual. This framework connects companies, and employees, schools, and students, hospitals, and patients, even the state, and citizens. There are no limits. We offer the infrastructure with which you will be able to exchange digital assets in a safe and secure way directly, without intermediaries. We offer the ecosystem where individuals can create their digital self-sovereign identity as well as recruit based on verified work history.

“My malware” vs “Windows 10 security features” …see the outcome, Mane Piperevski, Piperevski & Associates
In martial arts, you always exploit your opponent’s weakness. We now know their weaknesses, as they know that they cannot make 100% security. But in Windows, the weakness changes all the
time so it’s ongoing cat and mouse game. See how XOR encoding, polymorphic code and other techniques fight Windows 10 security features.

What’s Missing in Your Digital Transformation Plan?, Tomislav Tucibat, Fortinet
What do we call DX? We are struggling to encapsulate what is probably the biggest revolution of our time. It affects everything, everywhere… and that is not easy to comprehend. It touches and impacts everyone of us here in almost every aspect of our lives – professional, personal and social. While the adaptation to digital transformation (DX) to enable data-driven decision business models is necessary for successful business today, there are 4 key pillars of security that must be addressed to mitigate threats from entering the network.

Emerging threats by SANS Internet Storm Center, Bojan Ždrnja, Infigo IS d.o.o.
In last couple of years we have witnessed some sophisticated (and some less sophisticated) attacks that severely impacted businesses around the world, causing millions of EUR in damage.
SANS Internet Storm Center has been following and analyzing various attacks for more than 2 decades. In this presentation, Bojan Zdrnja, senior SANS Internet Storm Center handler will introduce the Internet Storm Center and will talk about 3 new emerging threats that are slowly becoming prevalent.

Automotive security, Stefano Longari, Politecnico di Milano
The automotive industry is finally starting to put focus on the security of vehicles and networks, accepting the dangerousness of cyberattacks even in a field that up until some years ago was not really related to computer science. Still, being it a new field in continuous development, a lot of tools for the development of secure infrastructures and networks are yet to be proposed. We propose a methodology, and alongside it a tool, to help analysts while designing and assessing the security of vehicle on-board networks. The tool proposes first a set of values to the analyst that help understanding the strong and weak points of a given architecture and then through those values proposes multiple countermeasures against the most dangerous attacks.

Regaining Lost Visibility, Emir Arslanagic, Qualys GmbH
Qualys new groundbreaking Global IT Asset Inventory solution, is always up to date with two-way CMDBs synchronization, which enables large and small enterprises to regain full visibility across all assets, regardless if they are on-premises, or in cloud(s), are they mobile or stationary including OT/IOT environments.
See how in a single-pane view, you can benefit from real-time analysis of your security and compliance posture, identify in seconds assets that are vulnerable to zero-day attacks, or that have been compromised or are suspicious.


GDPR: A strategic approach to data protection compliance, Paolo Balboni, ICT Legal Consulting
In this presentation Prof. Dr. Paolo Balboni will explain how companies can strategically address compliance with the EU Regulation (General Data Protection Regulation - GDPR) in order to increasingly extract value from their datasets, reduce the legal risk and be more competitive at the international level.
Many companies approach compliance activities with the European General Data Protection Regulation (EU) 2016/679 (GDPR) as a purely legal matter. This is very shortsighted. Compliance with the GDPR is becoming a necessary business requirement. Only companies that will be able to reassure business partners and consumers regarding their alignment to the new EU Regulation will stay competitive in the digital market. Moreover, if performed in a strategic way, compliance with the GDPR enables businesses to process personal data in manifold ways and thus to extract meaningful information from them in order to better serve actual and future customers, as well as to improve efficiency. During the presentation Prof. Dr. Paolo Balboni will present a strategic approach to GDPR compliance aimed at mitigating the legal risk and maximising the benefits of data processing activities.
The audience will learn:
• the key new provisions of the GDPR
• how to structure an effective corporate data protection compliance programme in compliance with the GDPR;
• how to turn data protection compliance in a corporate asset in order to obtain a Return of Investment (ROI).
More precisely, Prof. Dr. Paolo Balboni will explain that it is important to have a strategic and accurate approach to data protection compliance in order to collect personal data from the start in a way that enables further lawful processing activities. The difference for a company between dying buried under personal data and harnessing their value is directly related to privacy compliance management. A strategic and accurate approach to data protection can generate a significant ROI.


Improve security skills for your IT Forse (almost for free), Tobiasz Janusz Koprowski, Shadowland Consulting 
As IT Managers we have responsibility. When we will face a data breach or sophisticated vector attack, we could say that it's a mistake of our employee. But, it really isn't. We can blame the Information Technology Team Only when we know that they should know. Otherwise, we can blame ourselves. But we can help them and our organization to embrace our security together. In this session, I would like to show all the interesting places where out IT Department can improve their security skills for free (or almost free). So reserve your time to look at this, then reserve their time to learn.