The Value of (Missing) Security
A Report on the IT Security Community Exchange (IT-SECX) at the St. Pölten UAS
After being forced by the pandemic to take a break last year, the St. Pölten University of Applied Sciences once again held its conference IT Security Community Exchange (IT-SECX) last Friday and invited experts and other interested persons from the research and business sectors.
Under the motto “Security Risk Economics: The Value of (Missing) Security”, the conference was dedicated to the topic of IT systems’ resilience against attacks.
Expanding the Limits
In his keynote on the topic “Security Risk Economics: The Value of (Missing) Security”, Éireann Leverett, Senior Scientist at AIRBUS Cyber Innovations and Senior Risk Researcher at the University of Cambridge, addressed the costs incurred by neglecting IT security.
Leverett said about the IT-SECX: “This conference is a place to discuss academic ideas and push the limits of what’s possible in computer security research. After a decade of confusion, we are slowly arriving at the point where we have enough data but we also have to be disciplined when examining these data. The cyber risk is an exciting field of work, partly because we are still facing so many unsolved problems.”
IT Security: More than Technology
Philipp Reisinger of SBA Research held a lecture on “Risk Perception and Human (Ir)Rationality”. “We have well-known and clear technical approaches to many security problems and risks but these approaches are only insufficiently followed through – or not at all – due to systemic, social and economic factors as well as (the wrong) incentives. Security experts should therefore think outside the security box and see the bigger picture by developing an understanding of these systemic factors This helps them to effectively promote security in their own company in a target-oriented manner”, states Reisinger.
“Carrying out successful projects in the field of security requires not only technical know-how but also commitment on the part of the staff. In other words, it is also important to take a step back and not only focus on the latest tools and technologies but also promote and harness the individual talents of the team in order to achieve long-term results”, emphasises Madita Führer of the auditing and consulting firm KPMG.
Teaching, Research, Business
“In addition to current research topics, our conference points out ways to put this knowledge into practice. Many of our regular visitors appreciate not only the presentations but also and particularly the opportunity for informal networking and communicating with industry experts”, says Thomas Brandstetter, lecturer at the Department of Computer Science and Security and long-time head of the programme committee of the IT-SECX.
Alongside business representatives, speakers at the IT-SECX include researchers and lecturers. For example, the speech “Security Aspects of Home Automation Systems: Risks for Austrian Households” presented the results of a research project of the St. Pölten UAS. Another lecture presented findings of the Josef Ressel Center for Blockchain Technologies & Security Management at the UAS.
The lectures held at the IT-SECX 2021 have been recorded and will be available for viewing here.