21. - 22. 3. 2024
HackStop + INFOSEK 2024
750 €
(1. dan) 
0 €
Prices do not include VAT


Gunnar Porada, EX-HACKER and Senior IT-Security Consultant, Germany/Switzerland

Gunnar PoradaHow to hack the Fingerprints in the Passports of EU, Visa-Request of USA?
How several bank accounts could be hacked?

“…shows live how to attack the biometric fingerprint like it’s used in million of EU-Passports and USA-Visa. Additionally shows how Webserver could be hacked just with the webbrowser.”

Presentation will be the first day of the conference 19th of November, 2009.

CV Gunnar Porada

Sasa Aksentijevic, Saipem Croatia (ENI), Croatia 

Intricacies of integral security in upstream oil and gas sector

Saša AksentijevičIn this lecture special emphasis will be given on project nature of upstream oil and gas sector resulting in challenges to structured integral security function. Main traits of such projects are execution in difficult areas under erratic conditions, always interchanging project hierarchy and matrix structures, need to balance between capex and opex expenditures of business units and project cost centers and fast track projects. Major factors contributing to activities of disaster recovery, business continuity and technical security measures will be outlined with proposal for creation of a consistent integral security mode and explanation and proper positioning of role of CSO (Chief Security Officer) within organization`s structure.

Forensic computer crime proceedings of ICT court experts and legislative requirements - Croatian experience

The procedure of forensic computer investigation Criminal and other legal proceedings involving computer forensics and investigation in front of court of law will be explained in details along with the role of police, investigation center, court and judge in charge and their relation to ICT court expert activities. Furthermore, a new legislation regulating the work of court experts, passed in summer of 2008, that nominates also involvement of ICT court experts from EU will be explained along with details about education path along with major difficulties and problems ICT court experts experience in their daily work.

CV Saša Aksentijevič

Daniel J Blander, Infosecuritylab Inc., California, USA

Daniel J. BlanderSecurity Governance - current trends in management and oversight

The evolution of Security and Risk Management has progressed considerably since the days when a “Firewall” was considered Security. Today’s trends involve a greater focus on Risk Management as a corporate function that extends well beyond computers and IT, and extends into the Board Room, into business operations, and is inclusive in its needs. This talk will discuss new models of governance and oversight, new roles that have been taken up by Chief Security Officers, how the process of inclusion has raised awareness and participation in the Security and Risk Management process, and how new operational models have strengthened company’s resilience.

The talk will discuss new models of governance that include stakeholders from multiple areas of the business, approaches to awareness that create higher levels of participation and success, methods to improve efficiencies in security operations, and organizational structures that include key risk management personnel in the process.

How to Promote Security Awareness at Your Company

You have tried to convince management that Security Awareness is important but they do not seem to listen, and your budget is always being cut.  How do you overcome these problems?  Is Security Awareness important?  What can you do to make your company Security Aware?

This presentation will discuss different techniques and approaches to help you succeed in convincing management that Security Awareness should be an important part of your Information Security Management System.  It will discuss ways to overcome the objections and hurdles you face in establishing your program.  It will also teach you ways to make your Security Awareness program a success with your employees.

Leveraging Managed Security Services for Cost and Operational Efficiency

Imagine: Your security team is available to design new controls, work with your development teams to develop security requirements, and can still provide twenty-four hour a day monitoring of your network and systems security. 

Imagine: Your security team can go on holiday, and you still feel secure.

Managed Security Services will allow you to maintain a key element of your Information Security Management System – your ability to detect, analyze and respond to security incidents.  Like an armed guard at your gate, this service helps protect you by monitoring and analyzing logs, firewalls, and intrusion detection systems twenty-four hours a day, three-hundred-sixty-five days a year.  The service also analyzes and prioritize incidents for you through advanced correlation techniques, and provides a periodic report of incidents and potential weaknesses.  This service provides these capabilities at a cost that is significantly less than the cost of maintaining a twenty-four hour a day security team, and frees your exhausted security team from the tedious and time consuming task of log analysis and reporting. 

During this talk we will show examples of how this service works, what types of information and reporting you would see, and examples of how this service has saved time and money for companies around the world.

CV Daniel J Blander

Alexandru Gherman, IBM Internet Security Systems, Romania

Alex GhermanSecurity management - ISMS - ISO27001 Why implement? How to prepare to sustain a successfull audit implementation

Some day maybe we all will need to comply with ISO27001 - Information Security Management System. Which would be the advantages of a good implementation of a such information security management system, and what would Auditors look for when you will call them to register your certification.
I'll be presenting easily and concise, all the necessary mandatory requirements we will need to fulfill in order to pursue a certification, putting all the pieces of the puzzle together.

In Hacking - latest threats, stats, and an ethical hacking show

Presenting latest trends of threats and attacks, statistics about most spread attacks and techniques which are tried recently in order to reach the users. In the end live exploits will be presented, from the Blackhat point of view and how could some network/host controls could prevent these attacks happening.
Very interesting we'll be seeing too how to implement a virtual honeypot lab in order to analyze and monitor malware behavior. 

CV Alexandru Gherman

Zubair Khan, Tranchulas, Pakistan

Zubair KhanBiometrics and Privacy Invasion

Biometric authentication systems solve some of the problems with passwords by using physical biological features of a person to identify them (e.g., fingerprint, eye/retina scan, facial recognition, etc.).

This talk will explain security mechanisms in biometric systems. The speaker will discuss security problems in different biometrics and identify why biometrics are not a fool-proof solution to reduce identity theft. At the end we'll demonstrate some of the discussed attacks.

Social Engineering

Most people believe that gaining un-authorized access to a computer system is entirely technical. But exploiting vulnerabilities in human nature often helps an attacker to bypass well-planned security measures.

In this talk we will discuss how to identify and combat social engineering attacks. We’ll also talk about psychology of different people in an organization and how it impacts the security. Also we’ll take a look at how social engineering facilitates industrial espionage.

CV Zubair Khan

Kjell Kalmelid, Expert in Awareness Raising, European Network and Information Security Agency (ENISA), EU

Kjell KalmelidThe ENISA Awareness Raising Community

The AR Community is a subscription-free community open to experts who have an interest in engaging in raising information security awareness within their organisations. The AR Community was launched in February 2008 and is designed to engage with the AR Section of ENISA in its mission to foster a culture of information security, with the aim of supporting the section in its activities.

At the same time, adding value to members is of course an important goal. Up till now, the creation of the AR Community has proved to be a success both for ENISA and the members in this respect. Outcome and activities of the AR Community will be presented in more detail.

CV Kjell Kalmelid

Sanjin Turic, Zira Ltd., Bosnia and Hercegovina

Sanjin TuričRegional IT Security awareness (Bosnian experience)

In times like these, where cyberspace is part of our everyday lives, IT Security is getting more and more important, not just for enterprises, but for small and medium businesses, and also individuals.

When you ask your management for a budgetshare for security, don't you get the same answer over and over "We have our firewall, it is enough!" or "Noone will attack us, we are not interesting to hackers!". This is the way people look at IT security in the region,
until an attack becomes reality, and money is lost.

In this presentation, we will talk about ways to raise the IT Security awareness in companies, how to show possible impacts of low security levels, how to convert those impacts into cost statistics, and how to find the best cost/efficiency relation within the security budget.


Secure infrastructure design

When it comes to infrastructure design, most of the implementations fail on security. To design a IT infrastructure, does not just mean "Let's just design it to make it work", it means more than that: An IT infrastructure has to be functional in first place, but there are many considerations to be taken when designing:

"How scalable, how fast and how stable will my infrastructure design be? How to implement security and still have all benefits of a fast, scalable and stable infrastructure?"

In this presentation we will talk about all things to be considered while designing a secure infrastructure, that is fast, scalable, efficient and most important - secure.


Richard Mayall, Acuity Risk Management LLP, United Kingdom 

Richard MayallOperational Risk – Measuring and reporting on risk across your business

Richard will look at how organisations can address the need to report effectively to senior management in a variety of operational risk areas, including corporate risks, information security risks, project and programme risks, health and safety, quality, etc.

This presentation is subtitled ‘Providing senior executives with the information that they need...’  Richard will explain how in terms of general business reporting, senior executives ARE generally provided with the key information that they need in order to make top-level decisions, and for top-level assurance purposes.  However, this is so often NOT the case with operational risk areas such as Information Security!

Richard will show how the variety of data available on risk and compliance management can be practically aggregated and presented more effectively, so that senior management is better informed and better assured.

Information Security Management Systems – What REALLY are the key components of an effective Enterprise Assurance Management system?

An Information Security Management System provides the ‘Assurance’ framework to identify and appropriately secure organisational information assets from security breaches/incidents of confidentiality, integrity and availability.
Many organisations establish an ISMS to become compliant with ISO 27001, the International Standard for Information Security Management.
However, many more are looking simply to:
-  Identify their key information assets...the many forms taken by such information and the requirements for protection
-  Understand their critical information processing ‘infrastructure’...comprising info systems and networks, internal/external services, physical environments, personnel and third parties
-  Assess the key risks to information and supporting infrastructure...using a simple risk management process and risk assessment scheme which is meaningful to the business
-  Identify and deploy relevant controls and Standards that both provide an assurance framework and also help to mitigate the key information security risks
-  Plan and implement required improvements to controls, to mitigate information security risks
-  Provide meaningful risk and controls based reports to meet the needs of senior managers, auditors and other stakeholders.

In this presentation, Richard will highlight the key components of any Assurance Management System, and how these components need to integrate to achieve a complete and effective approach.

To illustrate the important assurance concepts, Richard will use examples from Acuity’s Enterprise Assurance Management solution STREAM.   See http://www.acuityrm.com/what-is-STREAM.php


Dave Venman, Sourcefire, England

How to slow down the security treadmill

Keeping up with the bad guys has become a full time job when it comes to security.  Every day, new vulnerabilities are reported, and even if your IPS solution is up to date, how do you protect against the 0-day, the virus, or the worm which strikes? This presentation will outline some of the basic problems with any IPS, and how they might be addressed to keep your organisation's IPS as
effective as possible without having to provide inordinate amounts of resource to keep it up to date and properly managed.


HackStop + INFOSEK 2024

Prices do not include VAT

HackStop (1. dan)

Prices do not include VAT



General sponsor

Event partner

Platinum sponsors

Golden sponsors

Bronze sponsors

Technology sponsors

Media sponsors

Obveščamo vas, da so bili naši pogoji poslovanja posodobljeni.
Sprememba se nanaša na člen »Odpoved ali sprememba dogodka s strani organizatorja«. Zaradi nepredvidenih dogodkov, kot je tudi trenutna epidemija koronavirusa, si pridržujemo pravico, da posamezna izobraževanja odpovemo ali spremenimo termin oz. način izvedbe (online izvedba).

Odpoved ali sprememba dogodka s strani organizatorja
Organizator si pridržuje pravico do odpovedi posameznega izobraževanja, delavnice, dogodka, seminarja ali spremembe terminov oz. načina izvedbe (namesto osebne izvedbe dogodka, izvedba dogodka preko spleta ali na drug način, pri čemer se ključna vsebina in obseg dogodka ne spreminjata oziroma se prilagodita glede na spremembo, npr. zamenjava predavatelja, prilagoditev urnika ipd., vendar se ohrani enakovredna kakovost izvedenega dogodka). Zavezuje se k obvestilu prijavljenim najkasneje en delovni dan pred predvidenim pričetkom izobraževanja oz. takoj, ko prejme novico o morebitnih izrednih dogodkih, ki so razlog za spremembo/odpoved. V primeru odpovedi izobraževanja s strani organizatorja, organizator, morebitno že vplačano kotizacijo, brezobrestno povrne v roku štirinajstih dni od obvestila o odpovedi ali pa omogoči stranki, da kotizacijo porabi za druge izdelke ali storitve. V primeru spremembe načina izvedbe ostanejo plačila v veljavi, v primeru spremembe termina pa ima udeleženec možnost odpovedati udeležbo iz utemeljenih razlogov po določbi Odpoved s strani udeleženca ali pa se odjaviti na način v rokih, ki jih predvideva določba Odjava udeleženca. 

Celotni pogoji poslovanja so dostopni tukaj: https://poslovanje.pogoji.si/tos/29xyi0o

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete in nastavitve tukaj.