Sachar Paulus Knihy

The Information Security Solutions Europe Conference (ISSE) was started in 1999 by EEMA and TeleTrusT with the support of the European COlnmission and the German Federal Minis try of Technology and Economics. Today the annual conference is a fixed event in every IT security professional's calendar. The aim of ISSE is to support the development of a European information security culture and especially a cross-border framework for trustworthy IT ap plications for citizens, industry and administration. Therefore, it is important to take into con sideration both international developments and European regulations and to allow for the in terdisciplinary character of the information security field. In the five years of its existence ISSE has thus helped shape the profile of this specialist area. The integration of security in IT applications was initially driven only by the actual security issues considered important by experts in the field; currently, however, the economic aspects of the corresponding solutions are the most important factor in deciding their success. ISSE offers a suitable podium for the discussion of the relationship between these considerations and for the presentation of the practical implementation of concepts with their technical, or ganisational and economic parameters.

EICAR, the European Institute for Computer Antivirus Research, has restarted its conference activities in 2016. The gap in conference activities was necessary because of the slight switch in strategy. EICAR moved from assuring actuality of anti-virus configuration and products towards assuring the trustworthiness of employed solutions – the so-called EICAR Trustworthiness Strategy. Using this momentum, EICAR has again organized a conference. The results are documented in this proceedings book. The papers included here reflect the change in strategy: there are some publications on anti-virus and security, but also papers on how to assess and / or certify the trustworthiness of software in general and papers on legal aspects of trustworthiness. The conference was co-located with the it-sa fair in Germany. This allowed to include additional business presentations from security companies in the conference, but these presentations did not make it in this proceedings book.

Sichere Software zeichnet sich dadurch aus, dass sie jedem möglichen Angriff standhalten können muss. Jeder Beteiligte im Softwareentwicklungsprozess sollte bewusst auf die Schaffung dieser Eigenschaft einer Software hinarbeiten, denn sie stellt sich leider selten>>automatisch<<ein. Dieses Buch vermittelt, welche Aspekte es dabei zu berücksichtigen gilt, wie man also einen möglichst hohen Grad an Sicherheit bei einer zu entwickelnden Software erreichen kann. Dabei werden alle wichtigen Bereiche der Softwareentwicklung angesprochen und aufgezeigt, was jeweils für Sicherheit getan werden kann - und muss. Aus dem Inhalt: - Die Sicht des Kunden und des Angreifers - Methodologien für sichere Software - Sicherheitsanforderungen - Bedrohungsmodellierung - Sicherer Softwareentwurf - Sicheres Programmieren - Software auf Sicherheit testen - Sichere Auslieferung und Einrichtung - Umgang mit Schwachstellen - Metriken für Sicherheit - Codeschutz Das Buch deckt den Lehrplan zum>>CPSSE<<(Certified Professional for Secure Software Engineering) nach ISSECO-Standard (International Secure Software Engineering Council) ab und eignet sich zum Selbststudium sowie als Begleitliteratur zu Schulungen. Im Anhang befinden sich u.a. Testfragen sowie ein umfangreiches Glossar mit Übersetzungen der englischen Begriffe aus dem ISSECO-Syllabus. (Quelle: www.dpunktl.de)