Home Mail Site Map
||||||||||
Prvi v Sloveniji certificirani po standardu ISO/IEC 27001

IT Slovenija
Webinarji
Foto Galerije

21.09 » Objavljen je program INFOSEK EXPO 2017

24.04 » ZAUH 2017 - Aktualna predavanja

24.04 » Medijska odmevnost konference HEK.SI 2017

Izobraževanja › Upravljanje varnosti › Konferenca

Konferenca INFOSEK 2017

Datum: 29.11.2017 | Nova Gorica

Konferenca INFOSEK 2017

V letu 2017 bomo obeležili jubilejnih 15 let, odkar naše podjetje Palsit d.o.o. svoje dogodke ob koncu leta sklene z največjo informacijsko-varnostno konferenco INFOSEK.

Seznanite se s trendi na področju informacijske varnosti in poiščite ustrezno varnostno rešitev zase in za svoje podjetje.

Vabljeni, da si že zdaj rezervirate termin od 29.11. do 1.12.2017 in se nam pridružite v mestu vrtnic, v Novi Gorici (hotel Perla).

Kotizacija se iz tedna v teden zvišuje za 2 %. Čim prej se prijavite in prihranite do 30% v primerjavi s ceno, ki bo veljala tik pred konferenco.
*Velja v primeru prijave in plačila kotizacije v skladu z našimi plačilnimi pogoji (tj. najkasneje 7 dni po prijavi).

 

LETOŠNJE VSEBINE:

  • Automotive security, Andrea Palanca, Politecnico di Milano
    Modern vehicles incorporate tens of electronic control units (ECUs), driven by as much as 100,000,000 lines of code. They are tightly interconnected via internal networks, mostly based on the CAN bus standard. Past research showed that, by obtaining physical access to the network or by remotely compromising a vulnerable ECU, an attacker could control even safety-critical inputs such as throttle, steering or brakes. In order to secure current CAN networks from cyberattacks, detection and prevention approaches based on the analysis of transmitted frames have been proposed, and are generally considered the most time- and cost-effective solution, to the point that companies have started promoting aftermarket products for existing vehicles.
    In this paper, we present a selective denial-of-service attack against the CAN standard which does not involve the transmission of any complete frames for its execution, and thus would be undetectable via frame-level analysis. As the attack is based on CAN protocol weaknesses, all CAN bus implementations by all manufacturers are vulnerable. In order to precisely investigate the time, money and expertise needed, we implement an experimental proof-of-concept against a modern, unmodified vehicle and prove that the barrier to entry is extremely low. Finally, we present a discussion of our threat analysis, and propose possible countermeasures for detecting and preventing such an attack.

  • Reducing resistance - Adopting Information Security in the Energy sector, Bozidar Spirovski, H4
    The energy sector is one of the last incumbent industries worldwide, with large profits, enormous resources and teams. This applies both to the energy companies as well as vendors in that industry. 
    Due to the isolated nature of such systems, the information security mindset is slowly penetrating the energy sector while the adversaries speed up - thus the risk profile becomes significant
    This talk discusses the experiences and practices from an operational perspective of improving the information security posture of an energy sector company.
  • Conflict of the GDPR alongside non-EU law - case study, Janko Šavnik, Addiko Bank d.d.
    Na predavanju bodo predstavljene organizacijske spremembe na nivoju bančne skupine Addiko, ki je prisotna v državah EU in izven, ter vpliv GDPR in druge regulative na tovrstne spremembe.

  • Zagotavljanje kibernetske varnosti na jedrskem področju, Samo Tomažič, Uprava RS za jedrsko varnost
    V predavanju bo predstavljena kibernetska varnost na jedrskem področju, in sicer:
    - zakonodaja in predpisi,
    - specifike digitalnih sistemov jedrskih objektov,
    - odzivanje na incidente in
    - dobre prakse.

  • We (micro-)patch 0days and so can you, Luka Treiber, Acros d.o.o.

  • Nevarna raba kibernetskega prostora - načini in vzroki za samozaščito uporabnikov, Igor Bernik, Fakulteta za varnostne vede
  • Prednosti in pasti profiliranja po GDPR, Mojca Prelesnik, Informacijska pooblaščenka Republike Slovenije
    Profiliranje kot oblika avtomatizirane obdelave osebnih podatkov se danes uporablja v različnih sektorjih - od marketinga, oglaševanja, zavarovalništva in drugje. Prednosti profiliranja so za gospodarstvo in družbo seveda številne, saj omogočajo boljše marketinško segmentiranje, večjo učinkovitost, posameznikom bolj prilagojene storitve in produkte. Obenem pa profiliranje pomeni velik poseg v posameznikovo zasebnost. Ljudje pogosto niti ne vedo, da so predmet profiliranja, obenem pa postajajo ujeti v zaprte kategorije, in s tem omejeni v izbiri. GDPR namreč definira oblikovanje profilov kot avtomatizirano obdelavo osebnih podatkov zlasti za analizo ali predvidevanje posameznikove uspešnosti pri delu, ekonomskega položaja, zdravja, osebnega okusa, interesov, zanesljivosti, vedenja, lokacije ali gibanja. Gre torej tako za analizo kot predvidevanje. Pri tem "razosebljenem odločanju" pa je za posameznike ključno, da jim GDPR omogoča ustrezno pravno varstvo.

  • GDPR - A Hacker Goldmine, Michael Stout, Nemsec
    By now, executives in every European business should be aware of General Data Protection Regulation (GDPR) and that it comes into full force on the 25th of May, 2018. As organizations diligently focus their efforts to comply and prepare for GDPR, sinister elements are also preparing themselves for the potential goldmine GDPR offers.
    Cyber criminals plot and refine attack vectors to exploit systems and organizations who are less prepared to meet their GDPR obligations. In this session, you will gain a comprehensive understanding of GDPR, the challenges, risks, and the threats hackers will pose to organizations large and small.
    The Clock is Ticking...Are You Prepared?

  • Z digitalizacijo v varno prihodnost, Robert Serec, Pomurske mlekarne d.d.

  • Ransomware evolved into AI, Mane Piperevski, Piperevski & Associates
    We cannot assume that ransomware becomes clever than ever, it’s a fact now. Attempts to deploy machine learning, a form of artificial intelligence, is what defending side do today in fight against malware. But make no mistake that malware authors that develop ransomware code are following that step becoming more intuitive and smarter, always one step in front of defense. We all face the challenge of AI and tend to make it work - A Never Ending Story.

  • Easiest way to get to GDPR compliance, Mane Piperevski, Piperevski & Associates
    It is obvious that we face challenge ahead that will come fast and hard. Even the biggest and mature companies will confirm big weight on this burden. But fear not, we accept the challenge and boldly make it work by optimizing approach and resources that introduce the easiest way for GDPR compliance.

  • Upravljanje kibernetske varnosti, Robert Stražišar, NLB d.d.
    Kibernetsko tveganje je uvrščeno med 10 oziroma 5 največjih globalnih ekonomskih tveganj. Predavanje bo odgovorilo na vprašanja, kako postaviti sistem upravljanja kibernetske varnosti, kakšne kontrole postaviti, kako meriti zrelost ter napredek vzpostavljenega sistema kibernetske varnosti in kako postaviti ključne indikatorje tveganja. Na področju kibernetske varnosti ni mogoče zagotoviti absolutne varnosti. Lahko pa vodstvo organizacije izkaže, da je storilo vse kar je komercialno razumno, za zaznavo in preprečitev napada ter zmanjšanje škode in čimprejšnjo obnovitev poslovanja. V primeru negativnega vpliva kibernetskega napada pa bo to moral ustrezno upoštevati tudi inšpekcijski organ (GDPR, NIS) in sodišče ter javnost.

  • Human firewall, Gorazd Rolih, Slovenska vojska
    Informacijska tehnologija je danes z nami praktično povsod. Precej nam je olajšala življenje, po drugi strani pa nas tudi ogroža. Kakšno vlogo imamo pri tem ljudje, bo poskušal ugotoviti major Slovenske vojske Gorazd Rolih, ki že vrsto let dela na področju informacijske varnosti in ga med drugim zanima tudi psihološki vidik.

  • Internet of Things - Opportunities and Threads complying GDPR, Stefan Klaming, IoT40 Systems GmbH

  • Privacy Impact Assessment (GDPR), Goran Chamurovski, INTEGRA Solution
    Privacy Impact Assessment (PIA) is a process that enables privacy risk to be identified and managed. But for controllers PIA is a tool for objective assessment of privacy risk, and is crucial because it offers a chance for scalable and proportionate approach to compliance and appreciation of privacy by design principle. Potential of professionally conducted PIA exercise is in business orientation, technological sophistication and cost effectiveness of identified measures for risk mitigation and management, taking into consideration well established data protection rights and principles that should be protected.

  • SIEMs as proactive approach through the GDPR, Darko Mihajlovski, HALKBANK AD Skopje
    The security information and event management system is a tool that every Information Security Officer should use on regular basis. But it can be used smartly or more smartly. This presentation covers tracking Access, Sharing on File Servers, SharePoint portals, Administrator activities on server through Windows Event Collection. Besides Active Directory monitoring, Database monitoring can be included without any additional tool and also, Mitigating the Risks of VPN-to-Cloud and Cloud Application Gateways can be considered.
    Building Advanced Filters for Windows Event Collection, Top Files and Directories to Monitor in Linux to Catch Attackers Confirmation, and Correlating Vulnerability Scans with Network Path Analysis to Find and Remediate the Biggest Risks to Your Network and Avoid Wasting Time on the Little Ones.

     

     

Več informacij najdete na spletni strani www.infosek.net

Lepo vabljeni v našo družbo!

 

Maša Arčon
masa.arcon@palsit.com
05 338 48 59

 

 

* Kosilo in vsi prigrizki so vključeni v ceno programa.

  

ZLATI SPONZORJI

    Infigo      Unistar  

     NIL     S&T     

 A1 


BRONASTI SPONZOR

  SIQ       CREA  

Mikrocop

    SoftNet 

MEDIJSKI SPONZORJI

Računalniške novice             Moja Občina

Svet mahatronike

V SODELOVANJU Z

mASTERMIND AKADEMIJA    Planet e učenja      Microsoft  

   Adriatic slovenica

Stališča, ki so predstavljena v prezentacijah, so stališča avtorja in ne organizacije, iz katere avtor prihaja niti organizacije, ki dogodek organizira.



Predavatelji

Andrea PalancaAndrea Palanca, Politecnico di Milano
Andrea Palanca is an Information Security Engineer currently employed at Secure Network S.r.l. . He obtained a M.Sc. cum Laude in Computer Engineering at Politecnico di Milano, by developing and publishing ("A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks", in proceedings of DIMVA 2017) a novel typology of denial-of-service attacks against Controller Area Network (CAN) buses, which resulted in the ICS-ALERT-17-209-01 ("CAN Bus Standard Vulnerability") published by the US Gov. ICS-CERT on July 28, 2017.
Deeply fond of cars and motor means of transport, his interests are primarily focused on the emerging topic of computer security in the automotive and transportation universe.

bozidar spirovskiBozidar Spirovski, H4
Spirovski Bozidar is the Chief Information Security Officer of H4. Mr. Spirovski has worked in information technology and information security since 1999. His has contributed his knowledge and experience in the Telco, Finance and Energy industries as manager of systems and security, consultant and information security officer.
He is the founder and main author of several blogs and portals which strive to assist IT professionals in improving their operational posture and improve security of operations.
Mr. Spirovski is also involved as a speaker at regional conferences on issues of information security and IT management. Mr. Spirovski also publishes articles on Information Management in relevant publications

Janko ŠavnikJanko Šavnik, Addiko Bank d.d.
Janko Šavnik, specialist informacijske varnosti, je trenutno zaposlen kot Vodja informacijske in fizične varnosti ter Pooblaščenec za varstvo podatkov v Addiko Bank d.d., v Ljubljani. Njegovo delo večinoma obsega upravljanje sistema varovanja informacij, vodenje varnostnih projektov, svetovanje, izobraževanje in ozaveščanje zaposlenih, kakor tudi neprestano skrb za varstvo osebnih podatkov.
Od leta 2009 ima naziv CCE (Certified Compuer Examiner) in sodni izvedenec za informacijsko varnost in računalniško forenziko. V letu 2013 je pridobil naziv CISM (Certified Information Security Manager), v letu 2016 pa še naziv CISA (Certified Information Systems Auditor). Preden se je poklicno pričel ukvarjati z navedenimi področji je bil 11 let pripadnik policije.
Poleg zelo dobrega poznavanja informacijske tehnologije in računalniške forenzike, dobro pozna slovenske in EU regulatorne zahteve, ki se nanašajo na informacijsko varnost, varstvo osebnih podatkov, varnost internetnih plačil, varnost plačilnih kartic in podobno.
V zadnjih letih je na navedene teme pripravil veliko člankov in predavanj, med njimi tudi na slovenskih fakultetah in Inštitutu za revizijo.

Samo TomažičSamo Tomažič, Uprava RS za jedrsko varnost
Samo Tomažič je končal študij I. in II. stopnje iz informacijske varnosti na Fakulteti za organizacijske vede v Kranju. Trenutno piše doktorsko nalogo na Fakulteti za varnostne vede v Ljubljani na temo odzivanja na kibernetske napade v jedrskih objektih. Pred 14 leti se je zaposlil na Upravi Republike Slovenije za jedrsko varnost kot sistemski administrator, kmalu za tem pa postal vodja skupine za informacijske tehnologije. V zadnjih letih je tako na nacionalnem kot mednarodnem področju postal priznan strokovnjak iz kibernetske varnosti v jedrskih objektih, sodeluje na raznih mednarodnih misijah, posvetovalnih sestankih, predava na področju ocenjevanja digitalnih sistemov ter odzivanja na incidente na kibernetske napade. Je ustanovitelj in predsednik nacionalne skupine za kibernetsko varnost v jedrskih objektih. V zadnjem letu je na Upravi Republike Slovenije za jedrsko varnost postal vodja Oddelka za monitoring radioaktivnosti, kjer svoja znanja iz informacijskih tehnologij aplicira še na to področje.

Igor BernikIgor Bernik, Fakulteta za varnostne vede, Univerza v Mariboru
Dr. Igor Bernik, izredni profesor za informacijsko varnost, predstojnik Katedre za informacijsko varnost na Fakulteti za varnostne vede Univerze v Mariboru.

 

 

 

Mojca prelesnikMojca Prelesnik, Informacijski pooblaščenec Republike Slovenije
Mojca Prelesnik je univerzitetna diplomirana pravnica s pravosodnim izpitom.
Avtorica strokovnih člankov in soavtorica knjig s področja dostopa do informacij javnega značaja, varstva zasebnosti in osebnih podatkov, predavateljica na številnih izobraževanjih, usposabljanjih in strokovnih konferencah ter srečanjih (s področja širše javne uprave, delovnega prava, inšpekcijskih postopkov, zdravstva, šolstva, arhivov, gospodarstva, itd.).
Poleg pravnega znanja ima tudi izkušnje na področju zakonodajnega postopka, managerskega dela, vodstvene in organizacijske sposobnosti s področja dela javne uprave, vodenja in finančnega poslovanja.
Z dostopom do informacij javnega značaja se je začela ukvarjati že leta 2002 na Ministrstvu za informacijsko družbo, kjer je sodelovala pri pripravi predloga zakona o dostopu do informacij javnega značaja in bila v času zaposlitve tudi uradna oseba po ZDIJZ.
Področje varstva osebnih podatkov je postalo njeno delovno področje leta 2006, ko se je Pooblaščenec za dostop do informacij javnega značaja preoblikoval v Informacijskega pooblaščenca in pridobil pristojnost dotedanjega Inšpektorata za varstvo osebnih podatkov pri Ministrstvu za pravosodje.
Znanje in izkušnje, pridobljeno v času zaposlitve, najprej na Ministrstvu za informacijsko družbo in nato pri Informacijskem pooblaščencu, je kot generalna sekretarka Državnega zbora lahko še dodatno nadgrajevala v praksi in dobila vpogled v poslovanje kot predstojnica upravljavca številnih zbirk osebnih podatkov in zavezanca za dostop do informacij javnega značaja. Iz letnih poročil po ZDIJZ izhaja, da je Državni zbor v obdobju 2008-2014 izkazal visoko stopnjo dostopnosti do informacij javnega značaja in transparentnega poslovanja. Kot upravljavec zbirk osebnih podatkov je Državni zbor v istem obdobju bistveno izpopolnil in izboljšal zavarovanje zbirk in zaščito osebnih podatkov.
Na predlog predsednika republike Boruta Pahorja jo je Državni zbor 4. 7. 2014 izvolil za informacijsko pooblaščenko. Petletni mandat je informacijska pooblaščenka začela 17. 7. 2014.

Michael StoutMichael Stout, Nemsec
Growing up in Northern California, Michael Stout began hacking computers in the 1980's. Actually, he started hacking much younger after experimenting with his parent's push button telephone. After a successful career as a board-level IT advisor, he moved to Europe during the Dotcom boom where he held several senior technology advisory roles. For close to twenty years, he has established himself as an international focused information security and cyberwarfare consultant. Michael is passionate about information security. He works in close collaboration with stakeholders to raise security awareness in their organizations while empowering them to take the lead in protecting their systems and information assets from being directly attacked or becoming collateral damage in someone else's conflict.

Mane PiperevskiMane Piperevski, Piperevski&Associates
M-r Mane Piperevski is security expert with over 10 years of experience and expertise in field of Ethical Hacking/Penetration Testing and ICT Forensics. He works currently as CEO and IT Security Consultant at Piperevski&Associates and he is also contributor to open software security community as OWASP Chapter Leader for Macedonia. Recently published white papers “Hacker Attacks - Undetectable attacks from trojans with reverse communication” and “Hacking Attacks - Security Threats in IPv6 networks”. Holder of numerous security certifications (C|EH, E|CSA, C|HFI, E|CIH, E|CSP .NET, MCSA, MCSE, MCITP, C|EI, MCT) and Europe highly ranged Cyber Crime instructor and trainer.

Robert StražišarRobert Stražišar, NLB d.d.
Robert Stražišar ima dolgoletne izkušnje s področja informatike. Od leta 2004 v notranji reviziji NLB d.d. opravlja revizije s področja informacijske tehnologije in varnosti. Je diplomirani inženir elektrotehnike, smer avtomatika in specialist poslovne informatike. Je nosilec naziva CISA (Certified Information Sytems Auditor) in PRIS (Preizkušeni revizor informacijskih sistemov), opravljen pa ima tudi tečaj in izpit za vodilnega presojevalca za standard ISO/IEC 27001:2013.

 

Gorazd RolihGorazd Rolih, Slovenska vojska
Major Gorazd Rolih na Poveljstvu sil Slovenske vojske vodi odsek za kibernetsko delovanje. Večino svoje kariere v Slovenski vojski se ukvarja z informacijsko tehnologijo, zadnjih 10 let, vmes tri leta v Natu, pa z managementom informacijske varnosti.

 

 

 

 

Goran ChamuroskiGoran Chamuroski, INTEGRA Solution
MBA, CISA, CRISC, PMP, Privacy LI
Managing Director of INTEGRA Solution
Highly experienced and educated professional with balanced skill-set, ranging from business and managerial to risk and technical, leveraged for sustainable change through projects and building credibility with executive teams and staff. Solution oriented capability for determining and articulating business and technical solutions that bridges the compliance gap between business and technology. Strong track record of successfully managing complex data protection and security projects for 20+ years in different regulated industries (banking, insurance, telecom, government) where digital risk management is must.

Darko MihajlovskiDarko Mihajlovski, HALKBANK AD Skopje
With his 4 years’ experience as an IT Systems Engineer, and more than 6 years hands-on experience in the field of Information Security, besides CISO’s operations and governance in the Bank, currently working as responsible for PCI DSS implementation and maintenance in the Bank’s Card-Holder-Data-Environment, as well.
Darko’s educational status is Master of Science with Master thesis in the field of Industrial Information Security (SCADA Environment). His professional background is accompanied with several certifications in the field of information security, such as: Certified Ethical Hacker (CEH), Certified ISO27001:2013 Lead/External Auditor; Certified ISMS Implementer (ISO/IEC 27001), Microsoft Certified Professional (MCP), HP Accredited Platform Specialist (APS); Certified Linux Administrator (Linux Server Professional Certification); Information Technology Infrastructure Library (ITIL), Qualys Certified Specialist (Policy Compliance, Vulnerability Management, Web Application Scanning, Threat Protection).

 

 

KOTIZACIJA IN PRIJAVA
Cena: 720,00 EUR + 22% DDV
Kotizacijo prosim poravnajte najkasneje 7 dni po prijavi na TRR: 02241-0090950979. Brez poravnane kotizacije v celoti vstop v dvorano ne bo mogoč. Skrajni rok za morebitno (pisno) odpoved je 14 dni pred izobraževanjem. Če se boste odjavili po tem roku, vam bomo zaračunali administrativne stroške (70% kotizacije), za odjavo teden dni pred dogodkom pa kotizacija zapade v celoti.

 

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete tukaj.