Last week (25th – 27th April), I attended the “Sicherheit 2018” in Konstanz which is the annual meeting of the security community of the Gesellschaft für Informatik e.V. (GI) in Germany. The conference is in equal proportions attended by researchers and people of the industry working in security-related disciplines which lead to lively and pleasant discussions conversations.
The topics discussed were contentual wide-reaching, so there were very technical talks like Sebastian Banescu who was the winner and one of two candidates nominated for the best PhD thesis award presenting about “Characterizing the Strength of Software Obfuscation Against Automated Attacks”, as well as conceptual presentations such as Sabrina Krausz elucidated her bachelor thesis about an integrated procedure model for planning and implementing an ISMS on the example of the pharmaceutical production.
The first day started with a keynote by Prof. Dr. Marc Strittmatter about the General Data Protection Regulation (GDPR) and its IT security requirements. Sessions covered talks about privacy, privacy-enhancing technologies, tools for automatic analysis of data gathered from identity data leaks as well as proper anonymization and pseudonymization of personally identifiable information. The day was closed after the awarding of the CAST/GI PhD award.
The second and third day covered many other interesting topics, but I would like to present one talk I personally enjoyed because it faced the problem of the users’ policy compliance in work environments with restrictive security technologies. The talk was named “On the possible impact of security technology design on policy adherent user behavior – Results from a controlled empirical experiment”. The main findings comprised of the fact that the users showed a large willingness to protect the customer data and used more work-intensive workarounds even when they could have broken the security policy to reduce their personal pressure and frustration. This opportunity was taken by the participants at the end of the experiment. The authors state that these policy violations stem from bad working conditions worsened by security technology. They argue that the users’ role must be reconsidered in design stages to provide effective and secure working environments with reduced policy violations.
Thanks for having me!