Events
WEBINAR: Klassifizierung von Informationen — Methodik von SEC4YOU
Unternehmen, die ein ISMS nach 27001 aufbauen möchten, müssen die Klassifizierung von Informationen gemäß A.5.12 des Anhang A umzusetzen. In diesem Artikel zeigen wir den bewährten SEC4YOU Ansatz.
SEC4YOU am Security Forum 2024 in Hagenberg
Auf dem Security Forum 2024 geben wir Einblicke in unsere Implementierungsmethoden für ISO 27001, NIS2 und TISAX®. Wir zeigen die neue Version unseres ISMS Tools und CISOs können sich einen CISO-Hut und eine CISO-Tasse abholen.
IT-Security / Information Security (CPE 14)
Von 25. — 26.9.2024 findet an der Akademie Interne Revision in Wien das Seminar IT-Security / Information Security unter der Leitung von Manfred Scholz statt. Unter IT-Security werden sehr oft technische Maßnahmen verstanden, die punktuell bestimmte […]
Event Calender
Lectures + Seminars
Event calendar review
GDPR Workshop — The Directory of Processing Activities with Template
Due to the great demand of our customers and interested parties, SEC4YOU offered a GDPR workshop in November 2017, which specifically highlights the implementation of GDPR measures and offers affected companies the opportunity to start with the measures directly at the workshop or to support their own project with templates and decision-making bases.
The workshop was aimed at public and private companies from all sectors that process or store personal data. Contrary to the widespread opinion that the GDPR only applies to large companies, this question was answered conclusively by workshop leader Manfred Scholz as well as by two lawyers present:
The GDPR affects all companies that process personal data — regardless of company size and legal form — as of 25.5.2018!
After explaining the history of the GDPR and the position of Austria in the European vote, the participants agreed on the essential components of the GDPR implementation. As an important task within the GDPR measures, the new requirement of keeping a register of processing activities in Austria was discussed.
Directory of processing activities using software?
Contrary to the opinion of individual providers, a software tool for maintaining the directory of processing activities should not be at the forefront of a GDPR project, as the initial creation can usually be done in Excel or Word for small and medium-sized companies. In large companies, or if the maintenance effort for the management and regular control or revision of the directory is to be carried out by several employees or in distributed companies, the introduction of a special tool can also save costs.
The Directory of Processing Activities — DSGVO VV
As has been customary in German data protection for over 10 years as a “procedural directory” or “procedural overview”, the GDPR now also requires companies to maintain a directory of processing activities. Experts see a difference here to the DSG 2000 where in Austria a basic obligation to report certain data applications in the data protection register is required (until May 2018) or was required (from May 2018).
An important feature of a procedure directory is that the data-processing company processes are recorded and not the applications themselves.
=> What therefore does not belong in a directory of processing activities? e.g. MS CRM, Excel or Exchange.
The important contents of the directory of processing activities have been summarized.
In the role of the responsible person must be recorded:
- Name and contact details of the responsible person, if applicable jointly responsible person or a representative (EU).
- Name and contact details of the data protection officer
- Purpose of the processing
- Categories of data subjects
- Categories of personal data
- Categories of recipients
- Transfer to third countries (guarantees, if applicable)
- Deletion periods
- General description of technical and organizational measures (TOM according to Art 32 para.1).
On the other hand, processors have the following recording obligations:
- Name and contact details of the data controller, joint data controller or representative (EU), if applicable.
- Name and contact details of the data protection officer
- Categories of processing
- Transfer to third countries (guarantees, if applicable)
- General description of technical and organizational measures (TOM according to Art 32 para.1)
In the last part of the workshop, exemplary examples of how a directory of processing activities looks like were presented and the SEC4YOU template V1.1 of the directory of processing activities was presented.
DEEPSEC IN-DEPTH SECURITY CONFERENCE 2016
DEEPSEC In-Depth Security Conference 2016
DEEPSEC 2016 was a great success. As in previous years, the location The Imperial Riding School Vienna — A Renaissance Hotel was an excellent venue for the high quality presentations. Due to the international audience, all presentations were in English.
Especially convincing were workshops organized in small groups, here an excerpt:
- Hacking von Webanwendungen: Fallstudien über preisgekrönte Bugs in Google, Yahoo, Mozilla und mehr, Dawid Czagan (Silesia Security Lab)
- Do-It-Yourself-Patching: Schreiben Sie Ihren eigenen Micropatch, Mitja Kolsek (ACROS d.o.o.)
- Sichere Anwendungen mit TLS bereitstellen, Juraj Somorovsky (Hackmanit GmbH / Ruhr-Universität Bochum)
- Offensive iOS-Ausnutzung, Marco Lancini (MWR InfoSecurity)
- IoT-Hacking: Linux Embedded, Bluetooth Smart, KNX Heimautomatisierung, Slawomir Jasek (SecuRing)
- Hands on Hacking mit der WiFi Pineapple, USB Rubber Ducky und LAN Turtle, Darren Kitchen, Sebastian Kinne, Robin Wood (Hak5 LLC, Digininja)
- Offensive PowerShell für rote und blaue Teams, Nikhil Mittal (unabhängig)
- Grundlagen von Routing und Switching aus der Sicht von Blue und Red Teams, Paul Coggin (Selbstdarstellung)
- Penetrationstests für Menschen, Bethany Ward & Cyni Winegard (TraceSecurity)
- Sichere Web-Entwicklung, Marcus Niemietz (Hackmanit)
Many thanks to the Orga-Team Michael ‘MiKa’ Kafka & René ‘Lynx’ Pfeiffer for the excellent event, next year we will surely be there again!