Secure coding is no longer new in software development. It has also been established for a long time, you can find a wealth of information about it, there are courses, tutorials, and everything is well documented. All developers should therefore be using it by now. Unfortunately, developing secure software does not start with a simple [...]
On November 22, 2018, Manfred Scholz will lead a seminar entitled "IT Security in Industry" at the Institute for Internal Auditing Austria in Vienna. Special focus will be the IEC 62443 series of standards defining the state of the art in industry. Terms such as Industry 4.0 or IoT stand for the dawn of a [...]
For 15 years now, the Hagenberg Circle has been organizing the Security Forum, the annual ICT security conference in Hagenberg, directly on the campus of the Hagenberg University of Applied Sciences. The approximately 200 participants from all over Austria, Germany and Switzerland appreciate the high quality of the presentations and the professional atmosphere of the [...]
Date 6: Audit approaches to demonstrate accountability. In preparation for the General Data Protection Regulation, SEC4YOU is offering a series of events that focus on the what and how. In the last workshop of the event series, we look at the upcoming audit approaches to demonstrate accountability. In our workshops, defined results of the [...]
Encryption on the World Wide Web has a long history, which explains the abbreviations used today. It started back in 1993 with Secure Sockets Programming as a prototype. Netscape subsequently completed Secure Sockets Layer (SSL). SSL version 1 was never published. Version 2 dates back to 1995. Version 3 was published in 1996 as a [...]
Follow the recommendation of experts: perform an infrastructure penetration test at least once a year. When performing penetration tests, we pay attention to a structured approach. To this end, we divide our technical audits into phases according to the recommendation of the German Federal Office for Information Security (BSI): Preparation Information gathering and automatic [...]
Date 5: Risk analysis as a preliminary step to data protection impact assessment. In preparation for the General Data Protection Regulation, SEC4YOU offers a series of events that focus on the what and how. This time, we look at risk analysis as a precursor to data protection impact assessment (DPIA). In workshops, defined results [...]
More and more often we are asked how to train data protection and the requirements of the GDPR. For internal data protection officers (DPOs) or, if you don't have a DPO, for the internal data protection contact person, there are numerous training courses and courses for further training in the GDPR requirements. However, familiarization [...]
The security of data must be guaranteed by appropriate technical and organizational measures. Important objectives include protection against unauthorized access, data loss and manipulation. This principle refers to a wealth of technical and organizational measures that must be taken when storing and processing personal data. Since the terms pseudonymization and encryption are mentioned several times [...]
Personal data must be deleted, for example, after the purpose of the processing no longer applies and the necessary retention periods have expired. It is therefore not permissible to retain personal data for an unlimited period of time. This principle can be implemented most easily by means of a company-wide deletion concept. Here, the different [...]
