EUNIS InfoSec Workshop @University of Málaga

Name: EUNIS InfoSec Workshop @University of Málaga
Start: 2020-01-27T11:05:00+01:00
End: 2020-01-28T14:30:00+01:00
Location: University of Málaga

27.01.2020, 11:05 → 28.01.2020, 14:30 Europe/Berlin

Rectorado (University of Málaga)

Rectorado

University of Málaga

Avenida de Cervantes, 2 29016 Málaga, Spain

Asbjørn Reglund Thorsen (CISO, Unit, Oslo), Thorsten Küfer (CISO, University of Münster)

Beschreibung

Overview

This is a two day workshop taking place Monday, 27.01.2020 (13:00-17:00) and Tuesday, 28.01.2020 (09:00-13:00) at the University of Malagá in Spain. The venue for the meeting is the University of Málaga main building: Rectorado, located at Avenida de Cervantes, 2. See attached practical information below for more information.

Organized by the EUNIS InfoSec Special Interest Group it targets CIOs, CISOs and IT security related personnel in European higher education institutions.

Topics

Organisational information security
Setting up an ISMS (Information Security Management System)
Managing GDPR
Operational IT security
Setting up a CERT (Computer Emergency Response Team)
Best practices and tools for HEIs
University practice talks
Networking and discussions

Agenda

Please see the timetable for a detailed agenda.

Notes

The workshop is free for EUNIS members.
Reception and registration on Monday starting at 12:00.
Dinner on Monday at 19.00 on self-payer basis is planned.
Hotel rooms can be booked via the well-known portals.
Please register before 18.01.2020.

Thorsten Küfer

thorsten.kuefer@eunis.org

Montag, 27. Januar
- Mo., 27. Jan.
- Di., 28. Jan.
- 13:00 → 17:00
  Day 1: Organisational Part
  - 13:00
    
    Welcome 10m
    
    Introduction to EUNIS, the InfoSec workshop and its participants.
    
    Sprecher: Asbjørn Reglund Thorsen (CISO, Unit, Oslo), Thorsten Küfer (CISO, University of Münster), Victoriano Giralt (CIO, University of Malaga)
  - 13:10
    
    Introduction 20m
    
    Introduction by the host Victoriano Giralt, CIO of University of Malaga. Situation of Spanish universities regarding information security.
    
    Sprecher: Victoriano Giralt (CIO, University of Malaga)
  - 13:30
    
    Risk managing cybersecurity at modern universities 30m
    
    In his keynote Dr. Gaute Wangen will discuss key issues in risk managing cybersecurity at the modern university.
    
    Sprecher: Dr. Gaute Wangen (NTNU, Trondheim)
  - 14:00
    
    Bavarian information security program for higher education 30m
    
    As part of the "Digital Campus Bavaria" program, a cross-university advisory service on information security issues for all state universities and colleges in Bavaria was established at the computer center of the Augsburg University of Applied Sciences. This is financed by the Free State of Bavaria. Tasks are Information Security Inventory at Bavaria's universities, taking into account the requirements of research and teaching. Development of a model to establish and maintain structures and procedures to ensure information security as a model for the Bavarian higher education sector. Networking of IT/Information Security Officers of Bavarian colleges and universities. Scientific support and advice for Bavarian universities in the introduction and implementation of the developed model as well as in all information security relevant topics.
    
    Sprecher: Christian Fötinger (CISO, Higher Education Institutions Bavaria)
  - 14:30
    
    Experience Implementing Information Security Management System (ISMS) 20m
    
    After the merge of three IT service organizations, Unit - the Norwegian Directorate for ICT and Joint Services in Higher Education and Research was born. Unit are currently working to implement the national ISMS. We will share some experiences and lesson learned on our road to towards the finished implementation.
    
    Sprecher: Asbjørn Reglund Thorsen (CISO, Unit, Oslo)
  - 14:50
    
    Networking break 30m
  - 15:20
    
    GDPR in the everyday life of HEI in Norway 30m
    
    Talk focuses on GDPR in the everyday life of higher education insitutions in Norway. Achievements and challanges in 2019, as well as recommendations for the year 2020.
    
    Sprecher: Agnethe Sidselrud (Unit, Oslo)
  - 15:50
    
    Possibilities, limits and alternatives of consent 20m
    
    Art. 7 GDPR describes conditions for consent. Recital 43 describes especially the Freely Given Consent. Many IT systems have a problem with forced consent during registration that can be avoided.
    
    Sprecher: Martin Neldner (Technische Universität Ilmenau)
  - 16:10
    
    On the safe side 20m
    
    Sikresiden.no (on the safe side in English) is a web page used by a lot of different insitutions in Norway which offers training and guidance on what to do in emergency situations.
    
    Sprecher: Christine Holm Berntzen (OsloMet)
  - 16:30
    
    Discussion 20m
    
    Discussion on differences, benefits, solutions to challenges.
    
    Sprecher: Asbjørn Reglund Thorsen (CISO, Unit, Oslo)
  - 16:50
    
    Conclusion 10m
    
    Conclusion to first day and looking at dinner and second day.
    
    Sprecher: Asbjørn Reglund Thorsen (CISO, Unit, Oslo)
Dienstag, 28. Januar
- Mo., 27. Jan.
- Di., 28. Jan.
- 09:00 → 13:00
  Day 2: Practical Part
  - 09:00
    
    Introduction 15m
    
    Reflection on first day and introduction to second day with practical IT security topics.
    
    Sprecher: Thorsten Küfer (CISO, University of Münster)
  - 09:15
    
    SIM3 and the Open CSIRT Foundation 40m
    
    Information and services offered by the Open CSIRT Foundation (OCF). Introduction to Security Incident Management Maturity Model (SIM3) and its new online tool.
    
    Sprecher: Don Stikvoort (Open CSIRT Foundation)
  - 09:55
    
    An API for Management to check on production-readiness! 20m
    
    Wouldn't it be great if management would have an automated checking mechanism to determine if a service is ready to go operational? A tool that checks if the new system or service has performed risk assessment, has a data processing agreement, performed successful penetration test et cetera. We have made such an API and we are now testing it, aiming for taking it in production in January 2020. Would you like a demonstration?
    
    Sprecher: Asbjørn Reglund Thorsen (CISO, Unit, Oslo)
  - 10:15
    
    Vulnerability management at University of Münster 20m
    
    Presentation on how vulnerability management is organized and implemented with OpenVAS at University of Münster. Which prerequisites are required? What are the results?
    
    Sprecher: Thorsten Küfer (CISO, University of Münster)
  - 10:35
    
    CERT Services for German HEIs 10m
    
    DFN-CERT is the computer emergency response team of German NREN DFN. Presentation of the IT security related services offered by DFN-CERT for its constituents.
    
    Sprecher: Thorsten Küfer (CISO, University of Münster)
  - 10:45
    
    Networking break 30m
  - 11:15
    
    Physical access. Live hacking 45m
    
    Three live demos that show how a hacker can compromise a PC when having physical access to it. Get ready for some live hacking.
    
    Sprecher: Asbjørn Reglund Thorsen (CISO, Unit, Oslo)
  - 12:00
    
    Group discussion 30m
    
    Preperation and mitigation of Emotet threat.
    
    Further discussion in groups of 5-7 on the most pressing challenges that came up so far.
    
    Sprecher: Asbjørn Reglund Thorsen (CISO, Unit, Oslo)
  - 12:30
    
    Discussion results 15m
    
    Discussion feedback and results
    
    Sprecher: Thorsten Küfer (CISO, University of Münster)
  - 12:45
    
    Conclusion 15m
    
    Conclusion and wrap up. Publication of workshop results. Next meeting as pre-congress workshop at annual EUNIS conference in Helsinki (June, 08.-12.2020).
    
    Sprecher: Thorsten Küfer (CISO, University of Münster)