[sage-hamburg] TUHH-Vorträge in ITSRM-Vorlesung und Oberseminar
Dieter Klünter
dieter at dkluenter.de
Mi Jun 4 21:32:26 CEST 2014
Hallo Dirk,
Am Wed, 4 Jun 2014 21:18:47 +0200
schrieb Dirk Wetter <dirk.wetter at guug.de>:
> Hi,
>
> ich muss noch die Ankündigung für den 13.6. schreiben (siehe
> www.guug.de/lokal/hamburg). Diese Mail lungerte noch seit einiger
> Zeit in meiner Inbox herum (sorry+danke, Sven)
Muss ich das verstehen?
In deiner Ankündigung für den 13.6. wird OpenNebula angekündigt, in der
E-Mail von Sven wird ein Vorlesungsreihe der TUHH angekündigt. Wer hat
schon Zeit und Lust morgens um 10:00 in Harburg zu sein?
Was gilt denn nun?
Gruß
Dieter
>
> BG, Dirk
>
> ----- Forwarded message from Sven Übelacker <uebelacker at tuhh.de> -----
>
> Subject: TUHH-Vorträge in ITSRM-Vorlesung und Oberseminar
> From: Sven Übelacker <uebelacker at tuhh.de>
> Organization: TUHH
> To: Sven Übelacker <uebelacker at tuhh.de>
> Date: Wed, 28 May 2014 16:30:21 +0200
> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101
> Thunderbird/24.5.0
>
> FYI und zum Weiterleiten.
>
> Danke,
> Sven.
>
> (ITSRM = IT Security Risk Management)
>
>
>
> = ITSRM =
> Wednesday, 2014-06-04, 10:00-12:00
> TUHH Building A, Schwarzenbergstr. 93, room A1.16
> Christoph Gerber, Uni Hamburg
> "Collaborative Security Management based on BSI IT Baseline
> Protection"
>
> Abstract:
> """
> Security management supports the selection of on the one hand needed
> and on the other hand economically reasonable safeguards. Security
> management helps with its acknowledged standards like the IT Baseline
> Protection Standard from the German Federal Office for Information
> Security (BSI) or the ISO/IEC 27000 series to obtain a structured
> protection of the company-wide IT systems by applying a so-called
> information security management system (ISMS). Each ISMS is based on a
> information security process (IS process) which allows for continuous
> checking and improving the security aspects of business processes as
> well as IT systems. This talk first describes how a security concept
> can be created using the IT Baseline Protection methodology described
> in BSI 100-2 and BSI 100-3. Afterwards, it is shown how data
> protection officers from different companies can benefit from an
> inter-organizational data exchange in the field of security management
> and how such a data exchange can be realized. Therefore two
> applications are described that allow for collaborative security
> management. """
>
>
>
> Wednesday, 2014-06-18, 10:00-12:00
> TUHH Building A, Schwarzenbergstr. 93, room A1.16
> Gernot Ladstätter, AIRBUS
> "Taking ITSRM to the Sky"
>
>
>
>
> Wednesday, 2014-06-25, 10:00-12:00
> TUHH Building A, Schwarzenbergstr. 93, room A1.16
> Dr Barbara Kordy, Uni Luxemburg
> "Security modeling and analysis with attack-defense trees"
>
> Abstract:
> """
> Graphical security models provide useful methods to analyze security
> scenarios and examine vulnerabilities of systems and organizations.
> The great advantage of graphical models lies in combining intuitive,
> visual representation with sound formal foundations. This lecture
> will give a general overview of the attack-defense tree methodology.
> Attack-defense trees extend the well-known model of attack trees by
> allowing for modeling of security scenarios involving an attacker,
> whose goal is to compromise a system, and a defender trying to
> protect against an attack. We will show how to model security
> scenarios using attack-defense trees, present formal foundations
> underlying the model, and explain how to perform quantitative
> analysis with attack-defense trees. The ADTool software for creation
> and analysis of attack-defense trees will also be presented and
> typical mistakes to be avoided while using the attack tree-based
> formalisms will be discussed. """
>
>
>
> Wednesday, 2014-07-09, 10:00-12:00
> TUHH Building A, Schwarzenbergstr. 93, room A1.16
> Dr Christan Paulsen, DFN-CERT
> "OCTAVE and the ADORA tool"
>
> Abtract:
> """
> The Operationally Critical Threat, Asset, and Vulnerability Evaluation
> (OCTAVE) approach defines a risk-based strategic assessment and
> planning technique for security. OCTAVE is a self-directed approach,
> meaning that people from an organization assume responsibility for
> setting the organization’s security strategy. The analysis is led by
> a small, interdisciplinary team (three to five people) of an
> organization’s personnel who gather and analyze information,
> producing a protection strategy and mitigation plans based on the
> organization’s unique operational security risks. The DFN-CERT
> translated, shortened and adopted OCTAVE to fit into German
> requirements, IT-Grundschutz (Baseline Protection Manual) and ISO
> 27001. The software tool ADORA was developed to support the analysis
> team. """
>
>
>
> = Oberseminar =
> Tuesday, 2014-06-24, 18:15-19:45
> Uni Hamburg, RRZ, Schlüterstr. 70, Raum 304
> Dr Barbara Kordy, Uni Luxemburg
> "On optimistic multi-party contract signing protocols"
>
> Abstract:
> """
> Multi-party contract signing (MPCS) protocols specify how a number of
> signers can cooperate in achieving a fully signed contract, even in
> the presence of dishonest signers. Here we consider optimistic MPCS
> protocols, where we assume presence of a trusted third party which is
> contacted only in case of a conflict.
>
> The presentation discusses a connection between optimistic MPCS
> protocols and the combinatorial problem of constructing sequences
> which contain all permutations of a set as subsequences. We provide an
> explicit and general construction for MPCS protocols which converts a
> sequence over a finite set of signers into a protocol specification
> for the signers. Furthermore, we give tight conditions under which the
> resulting protocols satisfy fairness and timeliness.
> """
>
>
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E