When we talk about IT security and listen to different organizations about their main priorities, the term "compliance" has clearly made it to the top. However after 8 years of PCI DSS being in place and despite growing investments in security we still read about a growing number of data breaches and significant financial losses resulting from those. | ||
This raises a few questions: | ||
- Are we overemphasizing the focus on compliance in the interest of getting a compliance certificate? |
||
- Is compliance not bringing the effectiveness, we are expecting? | ||
- Are there gaps we are not aware of? | ||
- What should we know about HP Nonstop specifically? | ||
Get answers to these questions and join an interesting session about weaknesses, you should be aware of, in order to protect your organization, your customers' data, and finally yourself. | ||
The security workshop is intended to discuss these questions in 3 parts: | ||
1. | A different view to compliance in the example of PCI DSS (30 minutes) | |
- key learning’s from data breaches and how to use them to improve security - procedural weaknesses you should be aware of and how to avoid them affecting you - the Nonstop obscurity myth |
||
Thomas Leeb, CSP - Computer Security Product | ||
2. | How to break into a Tandem system - and how to prevent it (150 minutes) System vulnerabilities will be explained, demoed, and their prevention shown. This is a ‘show and tell’ session with life demos on a system. |
|
Carl Weber, GreenHouse | ||
3. | How to control IP connections (30 minutes) Bank-Verlag has developed a monitoring toolbox for NonStop. Part of this toolbox is the near real-time analysis of security events, especially finding out the source of invalid logon requests. This is done for all connections requiring a logon. In addition we are able to check the actual state of TCP/IP connections and find missing connections as well as superfluous connections. |
|
Wolfgang Breidbach, Bankverlag |