VSEBINA PREDAVANJ 2023

 

Accelerate to Cloud

Mehrina Ahmed
AUGMEN GROUP UK LTD
Torek, 05.09.2023
14:45 - 15:15
O predavatelju

Ali vse poti vodijo v RIM? Ne, temveč v Operativni center kibernetske varnosti!

Dalibor Vukovič
TELEKOM SLOVENIJE d.d.
Torek, 05.09.2023
09:00 - 09:30
O predavatelju

Attacks on Blockchain in the Last Year

Over the past year, there have been a large number of attacks on crypto exchanges and various blockchain solutions, and the target was very often cross-chain bridges. Blockchain is more secure than other protocols/systems/applications, but… What happens when it is not implemented well, when there are vulnerabilities and when endpoints are not sufficiently secure as the technology itself? During the presentation, we will go through the various attack techniques that have most affected the blockchain network and see which protection measures are desirable to apply.

Luka Milinković
Symphony
Sreda, 06.09.2023
09:45 - 10:15
O predavatelju

Automotive Cybersecurity

Andrew Gecse
Sreda, 06.09.2023
11:45 - 12:15
O predavatelju

Bypassing Anti-Virus using BadUSB

During this presentation, we will take a look over how we can bypass most Anti-Virus detection using a payload embedded on a BadUSB device, resulting in a silver bullet for gaining initial access inside a victim network. Demo will be also included during the presentation.
Agenda for the presentation:
- AMSI Bypass Development
- Execution Policy Bypass
- Payload Runner Development
- Deploying Attack using BadUSB
- Post-Exploitation Persistence
- DEMO
- Prevention

Cristian Cornea
Zerotak
Sreda, 06.09.2023
13:15 - 13:45
O predavatelju

Cloud Forensics investigations in Azure

When a security incident is detected on the Azure cloud platform, forensic investigators must examine the log data collected from various sources. If a virtual machine is found to be affected, it is important to take a snapshot of the OS disk of the VM for further investigation. This session discusses the forensic acquisition methodology of an Azure VM and discusses an assumed DFIR scenario to divide the whole process into multiple steps using different forensic tools.

Uroš Babić
NIS a.d. Novi Sad
Sreda, 06.09.2023
10:15 - 10:45
O predavatelju

Creating a Resilient Red Team Infrastructure using Terraform

As organizations continue to strengthen their security defenses, red teamers are facing increasingly difficult challenges in performing successful assessments. Building a resilient infrastructure that can withstand detection and disruption has become a top priority for red teamers. In this presentation, I will share my insights on how to create a resilient red team infrastructure using Terraform.
Throughout the presentation, we will discuss different approaches to challenges I faced during red team engagements and how I designed a cloud infrastructure to serve for phishing scenarios, C&C traffic as well as a file storage server. And the best part, I can destroy and rebuild a fresh new one in a matter of SECONDS!

Andrei Grigoras
Sreda, 06.09.2023
12:45 - 13:15
O predavatelju

Data Esfiltration – The new nightmare 30 minutes of terror about your data if you’ve been cracked

A dive into AlphV and Lockbit forums in deep web for showing where your data go when you get a ransomare, with real examples of file download and opening, how to control if you’ve been pwned and how to try to lock the data esfiltration process, that actually is the worst problem if you get a ransomware.

Alessandro Vannini
IT4YOU Networks & Systems
Sreda, 06.09.2023
09:15 - 09:45
O predavatelju

How my system got pwned: Lessons learned from CVE-2022-41352

In this, hopefully eye-opening lecture, we'll dive into how my system was compromised by exploiting CVE-2022-41352, a critical RCE that took me by surprise. I'll share my experience and how I learned
the hard way that "The cobbler's shoes are always the worst".
This incident reinforced the importance of taking layered security approach seriously and understanding that security is responsibility of the owner, even when using cloud services. Join me for an insightful
discussion on how to avoid making the same mistakes I did and keep your systems safe(r).

Tomislav Gotovac
CARNET – Croatian Academic and Research Network
Sreda, 06.09.2023
12:45 - 13:15
O predavatelju

Insight into the ransomware incidents of 2022

Analysis on the ransomware incidents in Hungary of the past year, highlighting the different attack techniques. Presenting statistics and mitigation strategies of the sectors.

Vivien Léránt
National Cyber Security Center Hungary
Sreda, 06.09.2023
13:15 - 13:45
O predavatelju

Kaj nam bo v 2024 prinesla implementacija NIS 2 direktive?

NIS 2 direktiva bo v Slovenski pravni red implementirana z novim Zakonom o informacijski varnosti, predvidoma v drugi polovici leta 2024. Direktiva NIS 2 je poenotila pristop k urejanju področja informacijske in kibernetske varnosti v Evropski uniji. Bistveno se bo povečal obseg zavezancev v Republiki Sloveniji, predpisane pa bodo nekatere dodatne varnostne zahteve za obvladovanje informacijskih in kibernetskih tveganj. Pogledali si bomo bistvene novosti in opravili primerjavo med sedanjo in prihodnjo ureditvijo področja.

Matjaž Mravljak
Urad Vlade Republike Slovenije za informacijsko varnost
Ponedeljek, 04.09.2023
14:30 - 15:00
O predavatelju

Kibernetsko varnostna mrežna arhitektura

"Kibernetsko varnostna mrežna arhitektura" je koncept, ki ga je predlagal Gartner kot smernice za gradnjo varne in zanesljive mrežne arhitekture. Ta koncept poudarja potrebo po celovitem pristopu k varnosti omrežij, ki vključuje tako tehnološke kot tudi organizacijske vidike. Pogledali si bomo, kako in zakaj bi te smernice želeli upoštevati.

Simon Kaučič
OUR SPACE APPLIANCES d.o.o.
Torek, 05.09.2023
14:45 - 15:15
O predavatelju

Kje je meja med kibernetsko varnostjo in odpornostjo?

Zagotavljanje kibernetske varnosti v poslovnih okoljih je vedno bolj prepleteno z varnostjo in odpornostjo vseh organizacij v dobavni verigi. Medtem ko za kibernetsko varnost poskrbimo z močnimi gesli, utrjevanjem nastavitev na varnostnih napravah in spremljanjem površine napada dobaviteljev, dejansko raven odpornosti preverimo s testiranjem omrežja na kibernetski napad. Pomen takšnega spremljanja kibernetske varnosti je opredeljen tudi v najnovejših regulativah na tem področju, kar nakazuje na kritičnost zagotavljanja kibernetske varnosti ne le v lokalnih okvirih, temveč globalno.

Matjaž Kosem
CARBONSEC d.o.o.
Torek, 05.09.2023
11:15 - 11:45
O predavatelju

Klasičen, najet ali hibriden?

Gorazd Rolih
INFORMATIKA d.o.o.
Torek, 05.09.2023
15:15 - 15:45
O predavatelju

Microsoft 365: Attack simulation training

Božidar Radosavljević
PowerBML
Sreda, 06.09.2023
09:15 - 09:45
O predavatelju

Naslavljanje tveganj z rešitvami ArcSight

V predstavitvi bomo predstavili različna orodja iz družine Arcsight, ki nam lahko olajšajo življenje pri načrtovanju zaznave incidentov ter njihove odprave. Dotaknili se bomo pregleda znanih groženj, ki je na voljo vsem uporabnikom, ter rabi orodij, ki pomagajo oz. omogočajo hiter odziv na morebitne incidente ter njihovo omilitev.

Simon Simčič
SRC d.o.o.
Torek, 05.09.2023
12:45 - 13:15
O predavatelju

PERFORM IT d.o.o.

Emil Širič
PERFORM IT d.o.o.
Torek, 05.09.2023
15:15 - 15:45
O predavatelju

Pogled v drobovje kibernetskega napada

Nekaj let nazaj je bilo iluzorno pričakovati, da bodo kibernetski kriminalci ponujali programsko opremo in izsiljevalske viruse, kot storitev in platformo. Danes smo priča čedalje bolj organiziranemu kibernetskemu kriminalu, ki se lahko za rast in razvoj zahvali uspešnim in odmevnim kibernetskim napadom z velikimi zaslužki. Kibernetski kriminalci se prilagajajo. Da bi se dovolj hitro in dovolj dobro lahko prilagajali tudi mi, moramo zelo dobro poznati anatomijo kibernetskega napada.

Danijel Grah
NIL d.o.o.
Torek, 05.09.2023
12:45 - 13:15
O predavatelju

Post-quantum digital signature scheme using Verkle construction

In October 2019, Google made a controversial claim of achieving quantum supremacy. However, considering the race among tech giants to develop the first quantum computers, and their progress in doing so, the world may be on the cusp of a new era.
Google's current chip design could increase memory capacity from 100 to 1000 qubits, while IBM aims to build a quantum processor with over 1,000 qubits and between 10 to 50 logical qubits by the end of 2023.
In 2021, Chinese scientists announced the development of a new quantum computer that surpasses its predecessors in strength. As a result, they have taken the lead in the quantum computing race. The scientists claim that their 66-qubit quantum CPU, called "Zuchongzhi 2," completed the same task as Google's computer one million times faster. This CPU was created by a team of researchers from the Chinese Academy of Sciences Center for Excellence in Quantum Information and Quantum Physics, in collaboration with the Shanghai Institute of Technical Physics and the Shanghai Institute of Microsystem and Information Technology.
Quantum computers have the potential to break the cryptographic codes currently used to secure communications and financial transactions. Therefore, quantum-resistant cryptography should be adopted as the current digital signature systems are vulnerable to attacks from quantum computers. The security of current digital signature systems relies on the difficulty of calculating discrete logarithms and factoring large numbers. Although some cryptosystems, such as RSA with four thousand-bit keys, are resistant to attacks from classical computers, they are ineffective against attacks from quantum computers.
At INFOSEK 2023 Maksim Iavich will offer the model of the new post-quantum digital signature scheme using the novel technology - Verkle tree. The offered signature is much more efficient than the existing hash based digital signatures.

Maksim Iavich
Scientific Cyber Security Association - SCSA /Caucasus University
Sreda, 06.09.2023
11:15 - 11:45
O predavatelju

Potovanje se nadaljuje. Vidnost na robu omrežja.

Lani smo začeli s spremembo paradigme in s stikali ArubaOS-CX 10000 preselili funkcijo požarnega zidu v samo infrastrukturo omrežja. Zdaj nadaljujemo potovanje. Stikalom na robu omrežja smo dodali možnost pregleda prometa vse do aplikacijskega nivoja (layer 7).

Gorazd Kikelj
SELECTIUM ADRIATICS d.o.o.
Torek, 05.09.2023
11:15 - 11:45
O predavatelju

Pozdravni govor

Aleksander Šinigoj
PALSIT d.o.o.
Ponedeljek, 04.09.2023
13:50 - 14:00
O predavatelju

Pozdravni govor

Aleksander Šinigoj
PALSIT d.o.o.
Torek, 05.09.2023
08:00 - 08:30
O predavatelju

Predavanje v pripravi

Janko Šavnik
Addiko Bank d.d.
Ponedeljek, 04.09.2023
14:00 - 14:30
O predavatelju

Predavanje v pripravi

Lino Antonio Buono
Sreda, 06.09.2023
10:15 - 10:45
O predavatelju

Predavanje v pripravi

Holger Spohn
NATO
Sreda, 06.09.2023
10:15 - 10:45
O predavatelju

Predavanje v pripravi

Rachel Okoji
Sreda, 06.09.2023
11:15 - 11:45
O predavatelju

Predavanje v pripravi

Peter Pavlin
Ministrstvo za pravosodje
Sreda, 06.09.2023
12:15 - 12:45
O predavatelju

Predavanje v pripravi

Peter Pavlin
Ministrstvo za pravosodje
Sreda, 06.09.2023
12:45 - 13:15
O predavatelju

Predavanje v pripravi

Peter Pavlin
Ministrstvo za pravosodje
Sreda, 06.09.2023
13:15 - 13:45
O predavatelju

Premik k proaktivni varnosti v IT in OT okolju

Vam upravljanje varnostnih tveganj v IT in OT okolju, kljub velikim investicijam v kibernetsko varnost, še vedno predstavlja »črno luknjo«?
V pogovoru z Andrejem Vnukom, vodilnim inženirjem iz Smart Coma, boste izvedeli, kako lahko ukrepate in s proaktivnim pristopom povečate kibernetsko odpornost na napredne varnostne grožnje.

Andrej Vnuk
SMART COM d.o.o.
Torek, 05.09.2023
12:15 - 12:45
O predavatelju

Security strategy development

  • What should be the initial strategy ideas?
  • What should be the expected output?
  • Major focuses
  • What? Why? How?
  • How to define requirements?
  • Action plans / projects
Aleksandar Mirković
Sreda, 06.09.2023
12:15 - 12:45
O predavatelju

Skrivnosti tantre v poslu

Anna Paynich
pisateljica, coach za poslanstvo
Sreda, 06.09.2023
09:00 - 09:15
O predavatelju

SLOVESNA PODELITEV NAGRAD S PODROČJA INFORMACIJSKE VARNOSTI

Torek, 05.09.2023
16:45 - 17:45
O predavatelju

SPAN d.o.o. Ljubljana

Torek, 05.09.2023
15:45 - 16:15
O predavatelju

Standard ISO/IEC 27001:2022 – njegov pomen in novosti

  • Kaj v osnovi standard/certifikat organizaciji daje?
  • Ključne spremembe v primerjavi s prejšnjim standardom?
  • Kako poteka prehod na certificiranje po novi izdaji standarda?
  • Kaj pri nas dobijo v obliki znanj in veščin?
Peter Dolinar
SIQ Ljubljana
Torek, 05.09.2023
08:30 - 09:00
O predavatelju

State of Cybersecurity in Italy

Luca Moroni
Via Virtuosa
Sreda, 06.09.2023
09:45 - 10:15
O predavatelju

Stormshield, the European choice for cybersecurity!

Marko Kašič
A1 SLOVENIJA d.d.
Torek, 05.09.2023
11:45 - 12:15
O predavatelju

The Dangers of delusional AI

LLMs such as ChatGPT are at the peak of their hype wave, and showw no signs of slowing down. Claims are being made that they will replace search engines and jobs, with little to no evidence. Many people have fallen into the trap of believing that LLMs are true AI rather than language models, and implicitly trust outputs as true and factual.
We are already in the midst of a disinformation crisis. Does the widespread use of these technologies just push us further into the problem?

James Bore
Bores Group Ltd.
Sreda, 06.09.2023
09:45 - 10:15
O predavatelju

The Three Pillars. A business analysis approach to managing major existential threats to minor vulnerabilities.

Backed with the latest research data, the session focuses on employing a "security perspective" and citing how major threats, including the low probability, impact our organisations, projects, and stakeholders. The Three Pillars help the audience to realise, reorient, and reinforce information assets.
In this session, attendees recognise the importance of raising awareness around intangible threats while focusing on tangible risks and opportunities to protect their organisation’s data, network, and systems. They learn how businesses must reorient and reinforce to remain nimble in the face of existential threats whilst securing as we move from a global pandemic and natural disasters to nuclear threats.

Bindu Channaveerappa
IIBA UK London
Sreda, 06.09.2023
12:15 - 12:45
O predavatelju

Threat modeling

"Threat modeling" označuje niz metod za obravnavanje in zmanjševanje groženj in ranljivosti programske opreme ali sistema. S pomočjo threat modelinga lahko identificiramo grožnje že zgodaj v življenjskem ciklu razvoja programske opreme (SDLC), preden se napiše kakršnakoli koda. Ta dejavnost bistveno zmanjša tveganja in predvsem stroške za odpravljanje groženj v kasnejših fazah razvoja programske opreme.

Blaž Gvajc
SICEH
Ponedeljek, 04.09.2023
14:00 - 14:30
O predavatelju

TIBER-EU, the shift is here

The shift is here. As the time for testing in cyber security is not frozen, we need to be knowledgeable for what’s next generation penetration testing services. In that context we welcome TIBER-EU (European framework for threat intelligence-based ethical red-teaming) as the first EU-wide guide on how authorities, entities and threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack. We did some study and find a way for implementing this framework by identifying its pros and cons. Join us for fast shift track to get into new era of testing in cyber security.

Mane Piperevski
Piperevski & Associates
Sreda, 06.09.2023
11:45 - 12:15
O predavatelju

Trendi na trgu kibernetskih varnostnih rešitev

Miha Lavrič
CREAplus d.o.o.
Torek, 05.09.2023
11:15 - 11:45
O predavatelju

Tri linije obrambe. Kdo je napadalec, kdo vezni igralec in kdo vratar?

Ali se vaša organizacija zaveda, da zagotavljanje varnosti v informacijsko-komunikacijski tehnologiji (IKT) in IT varnosti zahteva celostni pristop? Še posebej, ko gre za zaščito pred vedno bolj iznajdljivimi spletnimi grožnjami? S predstavitvijo treh ključnih linij obrambe, vam bomo pomagali razumeti, kako lahko vaša organizacija učinkovito zagotovi varnost in delovanje varnostnih mehanizmov, upravlja tveganja in skladnost z zakonodajo, ter zagotavlja celovit nadzor nad celotnim varnostnim sistemom. Ne dovolite, da vaša organizacija postane žrtev spletnih napadov, pridružite se nam na predavanju, kjer bomo razkrili ključne strategije za zagotavljanje varnosti v IKT in IT.

Boris Vardjan
Nova KBM d.d.
Sreda, 06.09.2023
11:45 - 12:15
O predavatelju
Domen Hribar
Nova KBM d.d.
O predavatelju

Using RPA to Simulate Insider Threats

Insider threats continue to be a top concern for organizations across various industries. These threats can come wittingly or unwittingly from employees, contractors or other trusted individuals who have access to sensitive data and systems.
While most organizations have security measures in place to prevent insider threats, it is often hard to validate that the rules in place do actually work and it is even more difficult to ensure that they cover the wide range of constantly changing scenarios. At the same time, many attack simulation platforms have difficulties in emulating the entire scenario as coming from a legitimate, real human entity.
This is where Robotic Process Automation (RPA) comes in. In this project, we propose using RPA to simulate real human/insider threat scenarios in a controlled environment to test and improve an organization's security measures. We’ll be clicking and browsing, slacking and emailing, just like a real user, while we’ll gather and exfil information. And all of those will be wrapped in a repeatable, adaptable and extensible RPA approach!

Andrei Cotaie
UiPath
Sreda, 06.09.2023
09:15 - 09:45
O predavatelju
Cristian Miron
UiPath
O predavatelju

Zavarovanje kibernetske zaščite

Kibernetsko tveganje predstavlja vse večjo skrb za institucije, gospodarske družbe, posameznike in finančne trge. Vedno večje število kibernetskih incidentov, nadaljnja digitalna preobrazba in nove regulativne pobude v EU povečujejo tveganja za vsako podjetje, še posebej priljubljene tarče so mala in srednja podjetja, ki kibernetski varnosti običajno namenjajo manj sredstev. Z uvedbo uredbe GDPR (General Data Protection Regulation) in novega Zakona o varstvu osebnih podatkov (ZVOP – 2) te nevarnosti zaradi finančnih kazni in vseh finančnih posledic kibernetskega incidenta lahko predstavljajo visoke dodatne nepredvidene stroške podjetja.
Z varnostnimi ukrepi sicer lahko zmanjšamo verjetnost kibernetskega napada, nikakor pa ga ne moremo preprečiti. Zavarovalnica Triglav zato zlasti malim in srednjim podjetjem, ki so v večini primerov tarča kibernetskih napadov, nudi zavarovanje kibernetske zaščite. Zavarovanje poleg asistenčne pomoči krije odziv na incident, stroške ponovne vzpostavitve sistema, odgovornost za kršitev zaupnosti in zasebnosti ter odgovornost za omrežno varnost. Dodatno je možno dogovoriti še kritje za obratovalni zastoj, kibernetsko izsiljevanje in kibernetski kriminal.

Nika Prhaj
ZAVAROVALNICA TRIGLAV d.d.
Torek, 05.09.2023
12:15 - 12:45
O predavatelju

 

CIO FORUM

 

 

COACHING KONFERENCA

 

26.5.2023
NETWORKING

4.-6.9.2023
Nova Gorica

Izkoristite posebno ceno, ki velja samo še do 14.4.2023

1 dan
370€
370€
2 dni
530€
530€
3 dni
800€
800€
PRIJAVI SE

Cena velja za konference INFOSEK, GDPR (ZVOP-2) in CIO FORUM. Za NLP konferenco in delavnice so cene fiksne.

Izkoristite posebno ceno, ki velja samo še do 14.4.2023

1 konferenčni dan
370€
370€

Cena velja za konference INFOSEK, GDPR (ZVOP-2) in CIO FORUM. Za NLP konferenco in delavnice so cene fiksne.

2 konferenčna dneva
530€
530€

Cena velja za konference INFOSEK, GDPR (ZVOP-2) in CIO FORUM. Za NLP konferenco in delavnice so cene fiksne.

3 konferenčni dnevi
800€
800€

Cena velja za konference INFOSEK, GDPR (ZVOP-2) in CIO FORUM. Za NLP konferenco in delavnice so cene fiksne.

Sponzorji

Platinasti sponzorji

Platinasti partnerji

Zlati partnerji

Zlati sponzorji

Bronasti sponzorji

Sponzorji tehnologije

Medijski sponzorji

Obveščamo vas, da so bili naši pogoji poslovanja posodobljeni.
Sprememba se nanaša na člen »Odpoved ali sprememba dogodka s strani organizatorja«. Zaradi nepredvidenih dogodkov, kot je tudi trenutna epidemija koronavirusa, si pridržujemo pravico, da posamezna izobraževanja odpovemo ali spremenimo termin oz. način izvedbe (online izvedba).

Odpoved ali sprememba dogodka s strani organizatorja
Organizator si pridržuje pravico do odpovedi posameznega izobraževanja, delavnice, dogodka, seminarja ali spremembe terminov oz. načina izvedbe (namesto osebne izvedbe dogodka, izvedba dogodka preko spleta ali na drug način, pri čemer se ključna vsebina in obseg dogodka ne spreminjata oziroma se prilagodita glede na spremembo, npr. zamenjava predavatelja, prilagoditev urnika ipd., vendar se ohrani enakovredna kakovost izvedenega dogodka). Zavezuje se k obvestilu prijavljenim najkasneje en delovni dan pred predvidenim pričetkom izobraževanja oz. takoj, ko prejme novico o morebitnih izrednih dogodkih, ki so razlog za spremembo/odpoved. V primeru odpovedi izobraževanja s strani organizatorja, organizator, morebitno že vplačano kotizacijo, brezobrestno povrne v roku štirinajstih dni od obvestila o odpovedi ali pa omogoči stranki, da kotizacijo porabi za druge izdelke ali storitve. V primeru spremembe načina izvedbe ostanejo plačila v veljavi, v primeru spremembe termina pa ima udeleženec možnost odpovedati udeležbo iz utemeljenih razlogov po določbi Odpoved s strani udeleženca ali pa se odjaviti na način v rokih, ki jih predvideva določba Odjava udeleženca. 

Celotni pogoji poslovanja so dostopni tukaj: https://poslovanje.pogoji.si/tos/29xyi0o

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete in nastavitve tukaj.