Archive

Q2 2011

IT Security Lecture Series

In June and July 2011, plan42 IT security experts contributed lectures to a number of conferences across Germany.
The series included the following lectures:

• 21 June 2011: Lecture on “External Penetration Tests – Practical Tips for Internal Revisors and Auditors” at Bankers Campus 2011 in Potsdam
  Speaker: Marc Heinzmann
• 29 June 2011: Lecture on “Penetration Tests and Weak-Point Analyses in Saving Banks” at the IT security management conference organized by Sparkassenakademie in Neuhausen near Stuttgart
  Speaker: Christian Lotz
• 6 July 2011: Lecture on “iPhone, Network and System Security: Practical Tipps for Audits” at the IT security conference organized by Sparkassenakademie in Münster
  Speaker: Christian Lotz

Q1 2011

Case Study: IT Security vs. Usability

Reconciling IT security and usability can be a major challenge - especially when it comes to protecting highly sensitive, personal data. Combining a security audit and a usability test, plan42 auditors developed strategies for the German pension provider Bayerische Versorgungskammer to improve their web portal usability without impairing security. Our case study summarises the procedure and results of the project.

Presentation at Auditors Conference 2011

plan42 contributed a presentation to this year’s auditors conference organized by the German Federal Office for Information Security (BSI) on 19 January in Bonn. Marc Heinzmann, security consultant and ISO 27001 auditor, described certification procedures for both ISO 27001 “Native” and ISO 27001 on the basis of IT-Grundschutz, the latter being the BSI framework. Input to this presentation was Mr. Heinzmann’s experience in both areas: He has not only completed several ISO 27001 certification audits on the basis of IT-Grundschutz, but was also involved in a “native” certification project as a consultant. The presentation contrasted these two procedures.

ITIL Presentation at Leibniz-Rechenzentrum

As part of the lecture series “Professional IT operations” at Leibniz-Rechenzentrum in Munich (LRZ), Christian Lotz, ITIL Service Manager at plan42, discussed Version 3 of the de-facto standard ITIL. Given the title “ITIL V3 between ambition and reality”, the presentation focused on the paradigm shift from processes to services that the introduction of ITIL V3 resulted in. The lecture took place on 13 January 2011. Download a PDF copy of the presentation for free (German only).

Q4 2010

IT Security Consulting and Audit Certification

A certification procedure developed by the German Federal Office for Information Security (BSI) allows IS professionals to earn the title of an “IS-Revisor”, an IT security consulting and audit expert. In November 2010, plan42 consultants have earned this title as an official proof of their competence to support government agencies with the creation and implementation of security concepts and the completion of IT security audits according to the guidelines for IT security audits based on IT-Grundschutz (IT Baseline Protection).

10 Years of plan42 GmbH

It is time to celebrate: this November marks the 10th anniversary of plan42. We would like to take this opportunity to thank all our clients for placing their trust in our company. Within the past decade we have kept rising to new challenges in order to meet our clients’ expectations and to establish ourselves as a strong partner. Professional consulting services tailored to your specific needs remains our commitment for the next 10 years – we are looking forward to them!

Q3 2010

Online Tax Return Form Surveillance Audit - Clearing House Düsseldorf

In 2010, the German online tax return form ELSTER was obliged to not only have their Munich clearing house re-certified compliant with ISO 27001(see following news entry), but also to have a surveillance audit of the Düsseldorf clearing house carried out in order to keep their ISO 27001 certificate based on IT-Grundschutz for another year. plan42 performed the audit in July 2010; based on our report, the validity of ELSTER's certificate was officially confirmed in September.

To view the certificate and learn more about ELSTER and ISO 27001, please go to the ELSTER website.

Re-Certification of Online Tax Return Form

Having successfully completed the ISO 27001 initial ceritifaction of Germany's online tax return form "ELSTER" back in 2008, plan42 has now re-audited the Munich clearing house. The new ISO 27001 certificate based on IT-Grundschutz was issued in August 2010 and is valid for 3 years.

Please refer to the ELSTER website to view the new certificate and for more information on the topic.

Q1 2010

PGP Universal Server 3.0

PGP Universal Server provides multiple encryption solutions managed from a single console. Since March 2010, version 3.0 has been available. This new major release comes with a number of improvements including new user management, expanded directory syncronisation as well as new clustering and key management functionalities. For more detailed information please refer to symantec.com.

OSSIM 2.2

Improved usability, upgraded software, new data sources, and a new vulnerability management user interface: These are some of the innovations in OSSIM 2.2, which was released on 20 February 2010.

Visit the AlienVault website for more information about OSSIM.

Q4 2009

it-sa 2009 Presentations

plan42 was represented at the Nuremberg 2009 IT security expo it-sa with two presentations:

• Data Leakage Prevention by means of enteprise data encryption (in German)

  This presentation is an introduction to Data Leakage Prevention (DLP) approaches and products. A real-life scenario is used to describe the introduction process from asset analysis to implementation.

• The Amendment to the German Federal Data Protection Act and legal compliance by means of encryption (in German)

  This presentation deals with the modifications to the German Federal Data Protection Act (BDSG) introduced with the 2nd Amendment and describes the main changes, the consequences for companies and public institutions as well as approaches using encryption techniques.

You can download the video of the Data Leakage Prevention presentation (in German) for free.

Q3 2009

White Paper on Data Protection Act Amendment

In response to the various recent data protection scandals, the 2nd Amendment to the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) came into force on 1 September 2009. But what are the specific changes that were made, and which new requirements for your company do they imply? In an effort to answer these questions, Marc Heinzmann, IT security consultant at plan42, and Dr. Alexander Niethammer, laywer at HEISSE KURSAWE EVERSHEDS, published a White Paper on the new legal situation.

Download a PDF copy of the White Paper (in German) for free.

Q2 2009

Study by the University of Zagreb: Nessus vs. OpenVAS

Recent years have seen the development of the free security software OpenVAS in an effort to create an open-source alternative to the well-known vulnerability scanner Nessus. Taking this as an occasion, the LS&S (Laboratory for Systems and Signals) of the University of Zagreb compared the two scanners in a test, the results of which were published in an April 2009 study.

Download a PDF copy of the study from the LS&S website.

Q3 2008

Certificates for Online Tax Return Form

The ISO 27001 auditors at plan42 are able to look back at a number of successfully completed certification audits at various organisations. Here, they have gained experience for our clients to benefit from during future certification projects. One example of our activities so far is the certification of the German online tax return form "ELSTER". In this project, our auditors were responsible for the audits regarding the ISO 27001 certificates on the basis of IT-Grundschutz issued for the ELSTER clearing houses in Munich and Düsseldorf in 2008.