The Snowden Leaks triggered a worldwide scandal. The public interest and discussions focus on the mass surveillance of internet users by secret services. But another even more severe aspect that was revealed by Snowden is the total compromise of nearly everything that is important for IT security: crypto products and standards, worldwide spread masses of infiltrated Internet servers ready for botnet misuse, manipulation of hardware and software components partly with knowledge or collaboration of producers and vendors. The underlying trust model as a whole has to be reviewed and checked from the scratch. This has to lead to huge consequences on companies' IT security strategies that (if at all) are just partly realized by decision makers on senior management level. Therefore most of the needed and important consequences are still pending. Our talk gives an overview on the requirements und some first step recommendations for companies' IT security strategies considering the change of the IT security game triggered by the Snowden Leaks.
Sylvia Johnigk (secucat) started as an IT Security researcher in GMD (now part of Fraunhofer) and worked several years as an Information Security Officer in a big financial institute. Since 2009 she works self employed as an IT security consultant for large companies.
She also works for FIfF e.V., a non profit NGO of IT professionals enganging for peace and social responsibility issues raised from the IT business and technologies, that is amongst others: information warfare, privacy/surveilllance and security aspects.
Kai Nothdurft works as Information Security Officer at Allianz Deutschland AG which includes information security management, security awareness trainings for employees and consulting IT projects of the company.
He also works for FIfF e.V., a non profit NGO of IT professionals engaging for peace and social responsibility issues raised from the IT business and technologies, that is amongst others: information warfare, privacy/surveillance and security aspects.