[sage-hamburg] TUHH-Vorträge in ITSRM-Vorlesung und Oberseminar

Dirk Wetter dirk.wetter at guug.de
Mi Jun 4 21:18:47 CEST 2014 

Hi,

ich muss noch die Ankündigung für den 13.6. schreiben (siehe
www.guug.de/lokal/hamburg). Diese Mail lungerte noch seit einiger Zeit 
in meiner Inbox herum (sorry+danke, Sven)

BG, Dirk

----- Forwarded message from Sven Übelacker <uebelacker at tuhh.de> -----

Subject: TUHH-Vorträge in ITSRM-Vorlesung und Oberseminar
From: Sven Übelacker <uebelacker at tuhh.de>
Organization: TUHH
To: Sven Übelacker <uebelacker at tuhh.de>
Date: Wed, 28 May 2014 16:30:21 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

FYI und zum Weiterleiten.

Danke,
Sven.

(ITSRM = IT Security Risk Management)



= ITSRM =
Wednesday, 2014-06-04, 10:00-12:00
TUHH Building A, Schwarzenbergstr. 93, room A1.16
Christoph Gerber, Uni Hamburg
"Collaborative Security Management based on BSI IT Baseline Protection"

Abstract:
"""
Security management supports the selection of on the one hand needed and
on the other hand economically reasonable safeguards. Security
management helps with its acknowledged standards like the IT Baseline
Protection Standard from the German Federal Office for Information
Security (BSI) or the ISO/IEC 27000 series to obtain a structured
protection of the company-wide IT systems by applying a so-called
information security management system (ISMS). Each ISMS is based on a
information security process (IS process) which allows for continuous
checking and improving the security aspects of business processes as
well as IT systems. This talk first describes how a security concept can
be created using the IT Baseline Protection methodology described in BSI
100-2 and BSI 100-3. Afterwards, it is shown how data protection
officers from different companies can benefit from an
inter-organizational data exchange in the field of security management
and how such a data exchange can be realized. Therefore two applications
are described that allow for collaborative security management.
"""



Wednesday, 2014-06-18, 10:00-12:00
TUHH Building A, Schwarzenbergstr. 93, room A1.16
Gernot Ladstätter, AIRBUS
"Taking ITSRM to the Sky"




Wednesday, 2014-06-25, 10:00-12:00
TUHH Building A, Schwarzenbergstr. 93, room A1.16
Dr Barbara Kordy, Uni Luxemburg
"Security modeling and analysis with attack-defense trees"

Abstract:
"""
Graphical security models provide useful methods to analyze security
scenarios and examine vulnerabilities of systems and organizations. The
great advantage of graphical models lies in combining intuitive, visual
representation with sound formal foundations. This lecture will give a
general overview of the attack-defense tree methodology. Attack-defense
trees extend the well-known model of attack trees by allowing for
modeling of security scenarios involving an attacker, whose goal is to
compromise a system, and a defender trying to protect against an attack.
We will show how to model security scenarios using attack-defense trees,
present formal foundations underlying the model, and explain how to
perform quantitative analysis with attack-defense trees. The ADTool
software for creation and analysis of attack-defense trees will also be
presented and typical mistakes to be avoided while using the attack
tree-based formalisms will be discussed.
"""



Wednesday, 2014-07-09, 10:00-12:00
TUHH Building A, Schwarzenbergstr. 93, room A1.16
Dr Christan Paulsen, DFN-CERT
"OCTAVE and the ADORA tool"

Abtract:
"""
The Operationally Critical Threat, Asset, and Vulnerability Evaluation
(OCTAVE) approach defines a risk-based strategic assessment and planning
technique for security. OCTAVE is a self-directed approach, meaning that
people from an organization assume responsibility for setting the
organization’s security strategy. The analysis is led by a small,
interdisciplinary team (three to five people) of an organization’s
personnel who gather and analyze information, producing a protection
strategy and mitigation plans based on the organization’s unique
operational security risks. The DFN-CERT translated, shortened and
adopted OCTAVE to fit into German requirements, IT-Grundschutz (Baseline
Protection Manual) and ISO 27001. The software tool ADORA was developed
to support the analysis team.
"""



= Oberseminar =
Tuesday, 2014-06-24, 18:15-19:45
Uni Hamburg, RRZ, Schlüterstr. 70, Raum 304
Dr Barbara Kordy, Uni Luxemburg
"On optimistic multi-party contract signing protocols"

Abstract:
"""
Multi-party contract signing (MPCS) protocols specify how a number of
signers can cooperate in achieving a fully signed contract, even in the
presence of dishonest signers. Here we consider optimistic MPCS
protocols, where we assume presence of a trusted third party which is
contacted only in case of a conflict.

The presentation discusses a connection between optimistic MPCS
protocols and the combinatorial problem of constructing sequences which
contain all permutations of a set as subsequences. We provide an
explicit and general construction for MPCS protocols which converts a
sequence over a finite set of signers into a protocol specification for
the signers. Furthermore, we give tight conditions under which the
resulting protocols satisfy fairness and timeliness.
"""


-- 
Dipl.-Math.oec. Sven Uebelacker <uebelacker at tuhh.de>
Hamburg University of Technology, Security in Distributed Applications
https://www.sva.tuhh.de/
PGP: 0x9FF34ACF fp: 4C45 413E 9A51 0E61 17C8 4841 5201 D358 9FF3 4ACF




----- End forwarded message -----