Evernote Openbook: General InfoSec Stuff

Ziel der Veranstaltung ist es, eine interdisziplinäre Übersicht zum aktuellen Stand der IT-Sicherheit in Industrie, Dienstleistung, Verwaltung und Wissenschaft in Deutschland, Österreich und der Schweiz zu geben. Insbesondere sollen Aspekte aus den Bereichen Forschung und Entwicklung, Lehre, Aus- und Weiterbildung vorgestellt, relevante Anwendungen aufgezeigt sowie neue Technologien und daraus resultierende Produktentwicklungen konzeptionell dargestellt werden. Da IT-Sicherheit integrierter Bestandteil nahezu aller informationstechnischer Anwendungen und Prozesse ist, sind auch Beiträge zu rechtlichen Rahmenbedingungen und wirtschaftlichen Faktoren gewünscht.

Themen dieser Arbeitskonferenz

Risiko- und Sicherheitsmanagement
Incident Handling und Business Continuity
Sichere elektronische Geschäftsprozesse
Multimedia und On-Demand-Dienste
Identitäts- und Rechtemanagement
Digitale Signaturen und Archivierung
Biometrische Verfahren und Anwendungen
Computerkriminalität und Gegenmaßnahmen
Botnetze, Spam und Phishing
Trusted Computing und DRM
Security Awareness
Secure Embedded Systems
Sicherheitsrelevante Anwendungen
WLAN, Mobilfunk und mobile Endgeräte

eGovernment, eHealth und eCommerce
Kritische Infrastrukturen
Sichere Webservices
Intrusion Detection und Computer-Forensik
Verfügbarkeit und Notfallsplanung
Sicherheitsinfrastrukturen und PKI
Authentifikation und Single-Sign-On
Protokollierung und Überwachung
Sicherheitstoken, Smartcards und RFID
Pervasive und Ubiquitous Computing
Netzwerklösungen, VPN und Remote Access
Privacy, Datenschutz und Rechtsfragen
Best Practice und Fallstudien
Folgen, Akzeptanz, Perspektiven

infosec ideas

Sat, 18 Oct 2008 14:50:27 GMT

Bot net grid & cloud computing

Sources Shortlist

Fri, 10 Oct 2008 09:15:04 GMT

Sources Shortlist

[Sc03] Schoemaker, Michiel: Identity in Flexible Organizations: Experiences in Dutch Organizations. In: Creativity and Innovation Management, Vol. 12, No. 4, 2003; 191 - 201.

[HG92] Hirschhorn, L.; Gilmore, T.: The new boundaries of the "boundaryless" company. In: Harvard Business Review, Vol. 70 No. 3, 1992; 104-15.

[RS99] Robbins, Stephanie S.; Stylianou, Antonis C.: Post-merger systems integration: the impact on IS capabilities. In: Information & Management, Vol. 36, No. 4, October 1999; 205-212

[BS06] Bhargav-Spantzel, A.; Squicciarini, A. C.; Bertino, E.: Establishing and protecting digital identity in federation systems. In: Journal of Computer Security, Vol. 14, No. 3, 2006; 269-300

[HR05] Hommel, Wolfgang; Reiser, Helmut: Federated Identity Management: Die Notwendigkeit zentraler Koordinationsdienste. KiVS Kurzbeiträge und Workshop, 2005; 65-72

[PW03] Pfitzmann, Birgit; Waidner, Michael: Federated Identity-Management Protocols — Where User Authentication Protocols May Go. 11th Cambridge International Workshop on Security Protocols, 2003; 174

Identity Federation Quellen

Thu, 09 Oct 2008 17:51:18 GMT

Version:1.0 StartHTML:0000000149 EndHTML:0000010889 StartFragment:0000000199 EndFragment:0000010855 StartSelection:0000000199 EndSelection:0000010855 Building flexible organizations for fast-moving markets

http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V6K-3SWVHX5-2&_user=10&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=dc64e2b8ecf6726fc853b226bf106413

Betwixt and between: Temporary Employees as Liminal Subjects in Flexible Organizations

http://oss.sagepub.com/cgi/content/abstract/20/4/601

Flexible Organizations Through Object-oriented

and Transaction-oriented Information Systems

http://pbfb5www.uni-paderborn.de/www/WI/WI2/wi2_lit.nsf/663247270b635985c1256bc900519bef/24a84acfefd09784412564e3003b5f74/$FILE/BB37.pdf

Identity in Flexible Organizations: Experiences in Dutch Organizations

http://www3.interscience.wiley.com/journal/118890767/abstract?CRETRY=1&SRETRY=0

The flexible firm and the flexible coworker

http://www.ingentaconnect.com/content/mcb/086/2000/00000012/00000004/art00004

The new boundaries of the "boundaryless" company.

http://www.ncbi.nlm.nih.gov/pubmed/10117998

On Adaptive Identity Management: The Next Generation of Identity Management Technologies

http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.4.4957

Planning for post-merger integration—eight lessons for merger success

http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V6K-45K071G-4M&_user=10&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=57407f7a7b69ebb137e8d92b2473ed09

The Drivers of Success in Post-Merger Integration

http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6W6S-4C0V36H-6&_user=10&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=3525cb639fc3b69702f50ba957993f8b

Post-merger systems integration: the impact on IS capabilities

http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6VD0-3X8327D-2&_user=10&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C0000502...

subway hack comment

Sun, 10 Aug 2008 03:46:57 GMT

Here is the presentation:

http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf

Mirrors:

http://www.evernote.com/pub/ssulistyo/InfoSecStuff#07ff6ce9-1aa9-45e9-8bd2-10ce0805e534

https://dl.getdropbox.com/u/77164/anatomy%20of%20a%20subway%20hack.pdf

Also, a vulnerability assessment report:

http://blog.wired.com/27bstroke6/files/vulnerability_assessment_of_the_mtba_system.pdf

anatomy of a subway hack

Sun, 10 Aug 2008 03:16:23 GMT

Press Release

Mon, 09 Jun 2008 11:29:33 GMT

Press Release
3 June 2008
http://www.enisa.europa.eu

Printing – the ‘forgotten’ security link to safeguard business assets. EU Agency ENISA launches report on ‘Secure Printing’ ENISA, the EU Agency for European Network and Information Security, launches its report on “Secure Printing’ with recommendations to business on secure printing and copying of confidential data. Printing/copying devices can be penetrated and hijacked for fraud so that sensitive data or identity is easily stolen. But 350 surveyed European organisations have little awareness of the costs and risks of uncontrolled printing, the Agency report shows.

New printing techniques provide ways for companies to improve customer relations, cutspending and streamline business processes but, at the sametime, expose organisations to security threats. For example, in December 2007, a UK government body reported missing a data cartridge containing the pension details of 6,500 persons. When a draft of this press release was printed in a hotel, the reverse side showed the hotel bill of a guest, with minibar and other private expenses listed, proving the point in case.

Only 53% of companies use authentication for printing, such as smart cards, biometric identification, or PIN codes. ENISA therefore recommends business to adopt secure printing strategies to protect business assets and confidential customer data.

Printers produce key business documents, such as invoices, forms, tickets, statements, employee and customer data. But how is data treated in the printing process? Sensitive data is most vulnerable when in transit, where printing is a weak, ‘forgotten link’ in the security chain. Protecting confidential data in printing devices has both security and financial benefits, as top management recognise that office print expenditure can be reduced by 10-30% through the implementation of secure printing practices (Source: Gartner, 2008). And yet, awareness of secure printing strategies is lowamong more than 350 French, German and UK organisations, according ...