„Law for Dummies” – IT Security Act, GDPR, Telecommunications Act and many more – a small excursion into the cyber world of jurists – Volker Kozok

This round table discusses the following questions:

• What are my experiences with inspections by supervisory authorities?
• How do I handle reporting obligations?
• How can I use my SIEM solution for data protection?
• What are the responsibilities of the CISO/CIO?
• How does “privacy by design” work?
• How can I explain IT (and IT-Defense) to a jurist?
• What do I have to observe for the evaluation of social media?
• What’s new about Ross Ulbricht?

Computer Security Metrics – Marcus Ranum – Marcus Ranum

Security practitioners often complain that management does not understand what they do. Usually, that's at least partly a result of security practitioners not being very good at tying "what we do" to 
"what the business does" and explaining the effects of changes in the business. In this presentation, we will outline how to produce and present metrics.

DNS Security – Carsten Strotmann

DNS (Domain Name System) is one of the very fundamental protocols of the Internet. Almost no application will work without DNS name resolution. But the classic DNS protocol is frighteningly insecure: no authentication, no integrity checks, data sent in clear text and easy to spoof. Existing security extensions, such as DNSSEC, spread very slowly.

The Internet Engineering Task Force (IETF) is now, after many years of stagnation, working full force to upgrade this veteran protocol: transport security using TLS, HTTPS or QUIC, mitigation of denial-of-service attacks using DNSSEC/NSEC(3) and DNS cookies, automation of DNSSEC key management, and reducing DNS metadata leakage with QNAME minimization.

But not everyone is happy with the changes: developers of DNS software fear the rise of complexity as well as bug-filled and bloated software. Administrators lose control over DNS as a security tool, because DNS data will be encrypted. Privacy advocates fear DNS data leaks to large DNS resolver operators in the Internet.

This round table will discuss new security-related developments regarding the DNS protocol, their limits and issues. In the discussion you will learn how to deploy some of the new extensions with minimal additional risks for your own network, and without hitting known stumbling blocks along the way.

Educate - Empower - Enforce changing your employees to assets instead of liabilities! – Jayson E. Street

In this round table we will discuss together ways to educate users also ways to empower them to be invested into your security as well as ways to enforce your security polices in a way that builds up your workforce not tear them down. We will talk about how to do OSINT within parameters of GDPR. We will also talk about working within German privacy laws while educating users and enforcing policies.