INFOSEK 2007 - Nova Gorica
22. - 23. 11. 2007
Read the past conference participants opinions.

All themes of security presented in one day on the same place. Also very good and careful selected lecturers.

Andrej Feldin, Cetis d.d.



Lectures in English language:

Claus Oliver Eckel (CISA, CISM), CEO, BWIN

Electronic Payments - The everlasting controversy between risk and opportunity. From the first payment transaction to the latest payment trends. A review of the development of the industry and the criminal activities in this industry

Systemic Security Management - How to manage security with a holistic view on systems, processes, people and organizations. You cannot resolve your security exposures with organizational measures, technical tools, processes, or experts alone, only the combination of all four of them will lead you to success

Bharat Thakrar, British Telekom  

Bharat ThakrarMaking the Business Case for Security Investments
The new disruptive landscape – how the game has changed.
Making the case for security investments and connecting to business objectives.
Taking a strategic approach to security using Envisioning.

Using the New GLOBAL standard ISO22301 for effective BCM
Why introduce another new BCM standard? What’s so good about ISO22301?
The process of achieving Certification and difference from previous standards.
The key Challenges and how to overcome them and lessons learnt from those who have done it.

Marek Deml, Deloitte

Implementing security operating centre (SOC) in 'Follow-the-Sun' model
Aim of Marek Deml’s presentation is to share audience with experience how to get business sponsor, how to kick off such kind of project, how to implement it, how to manage it and get value from its operation. It includes all necessary actions needed concerning technologies, people and processes. Final target is to show value added to the business, and get confirmation from the business they see and experience this added value.

Security Watch – proactive management of threats and vulnerabilities
Objectives of the presentation are to share Marek Deml’s experience with running proactive security watch process which helps the company to:

- Ensure all security related alerts monitored and received by the Security team from any sources are handled in an established, documented, and consistent manner.
- Ensure each Alert sent from Security Watch is consistent with an established, easily recognizable format.
- Provide clear guidance to any personnel utilizing this alerting mechanism on behalf of the security team.
- Formalize, publish, and communicate the process in worldwide based organization.
- Ensure that released alerts by Security Watch are delivered to the audience in time and quality.
- Ensure that alerts are easily archived and accessible to the audience in online library.
- Providing guidance in implementing actions specified in alerts.
- Monitor that actions advised in alerts were implemented worldwide.

Krzysztof Pulkiewicz, BCMLogic

How to measure your business resiliency- define the KPI’s/KRI’s and scorecards to control your security and business continuity capabilities
Business Continuity Management is the process, not just a one-time project activity. In order to control the alignment between the BC plans and business as usual as well as synchronize the changes, it is required to setup the scorecard based measurement process. The set of KPI's and KRI's is aimed to visualize the maturity of BCM, risk vs. lost metrics and level of protection mechanisms against the business requirement. I will present the business resiliency scorecard framework with special focus on the methods of data gathering and integration with IT infrastructure landscape.

How to streamline the critical communication for effective security and continuity incident management
Communication with teams, decision makers, customers and business partners is the crucial element of effective incident response. Presentation will cover the major elements of building effective incident response and communication plan, including the ad-hoc impact analysis, communication with stakeholders and automated call tree procedures. I will present the overview and comparison of different incident handling and communication strategies as well as practical guidelines how to build, test and use it in organization. I will present in in real time how to use the automated notification tools- real life presentation.

Gloria Marcoccio, GLORY.IT

Gloria MarcoccioCloud computing vs data protection & privacy regulations: the WP 29 sets the clock

Cloud Computing success strongly depends, among other factors, on the adoption of a structured approach to fulfill the requirements from different national data protection & privacy legislations.

In this context a primary input in driving the choice of adequate security measures is now given by the 5/2012 Opinion on Cloud Computing issued by the group of the European Data Protection

Although the Opinion is not a regulation however it represents the authoritative position of the Authorities able to influence the national legislations concerned and provides an overview of main
privacy issues of Cloud Computing as well as concrete guide for a systematic approach in addressing the risks associated, with indication of security measures and precautions at technical/organizational and contractual level.

Dalibor Baškovč, Zavod e-Oblak

KC CLASS – Slovene national cloud research project - facts, objectives and current results
The goal of national project KC Class is a development of services and products in the area of cloud computing. With the development of competences in this area it is possible to increase the competitiveness of cooperating partners in the project as well as – with the help of access to the newest technologies and knowledge in this area – competitiveness of Slovene economy in general. The development of KC will be based on: international breakthrough of services and products, scientific excellence and long-term development in building of the consortium. The key component for achieving the objectives is an effective knowledge flow from research institutions to the companies and back. With this we enable transfer of knowledge gained in research to innovative services and products with a high added value. Through standardized activities the consortium will support open interfaces and protocols.