What are the top information security conferences

The heise security conference - knowledge protects!

Panel discussion: The Emotet takedown - what is the state allowed to do?

Tilmann Werner: Hacker, botnet and security expert, Crowdstrike

Carsten Meywirth: Head of Cybercrime Department at the BKA




4. Patch, but do it right! - Lessons learned from current incidents - Dror-John Roecher, DCSO GmbH


A piquant aspect of the espionage attacks with Sunburst, Solarigate and Sunspot is that a component of Solarwinds Orion with a backdoor was distributed using the update function. Those who hadn't patched were suddenly better off than those who always kept their software up to date. The procedure is reminiscent of the distribution of NotPetya in summer 2017 via the update function of the Ukrainian control software MeDoc.
The lecture discusses what consequences these incidents have on classic patch management and shows whether and how one should trust the software supply chain. In addition, he provides assistance on how to make the decision to “patch”, “not patch” or “delay patch” and discuss sensible defense strategies against this type of state-controlled espionage.


- Sunburst, Solarigate, Sunspot and Co. - Background and causes

- Updates as a security risk - weak points in the software supply chain

- To patch or not to patch - Is that really the right question?

- Knew how! A roadmap to secure software updates




5. How to throw your money out the window - or how to use your security budget purposefully - Stefan Strobel


There are many ways to spend money on a security product or service whose cost is out of proportion to its benefits. This lecture picks out some of the most common bad investments, shows the background and explains how to avoid such situations. In addition, it shows how one can understandably derive the needs and benefits of investments in one's own institution and thus find those measures that really advance information security.


- Typical bad investments in security

- From goats and gardeners - Do's and don'ts of security measures

- Difficult cases - detection and response solutions and services

- Do you want to copy? - Hype topics and their practical relevance

- Planned to the goal - effectiveness considerations and risk analyzes




6. Cyber! Insurance! Do I really want this? - Linus Neumann


While more and more companies are reporting successful attacks on their IT, insurance companies are increasingly offering risk insurance against “cyber damage”. But do they really pay when it bangs? What's in the fine print? Which coverage is useful for whom? What do you have to pay attention to? The security expert Linus Neumann advised the General Association of German Insurers (GDV) on the conception of cyber insurance and explained what is important.


- Risk models and requirements

- The sticking points in the small print

- Paths to a structured decision-making process