Menu

Tuesday, 09 April 2024AHS 2|24 - After Microsoft key theft from crash dump - new IT audit topic: IT diagnostic data

It's hard to believe what netzwoche reported on 11 September 2023: A master key from a crash dump was stolen directly from a Microsoft lab in the USA. The hackers from the Chinese Storm-0558 group used this Azure Cloud Signing Key for the Azure Active Directory to attack 25 organisations, including the US government, from May 2023. They captured around 60,000 emails from ten accounts and extensive email address lists of the US authorities.

This hack can happen to all software manufacturers worldwide in the same way. It is a fundamental IT security and data protection risk when customers upload their IT diagnostic data to a manufacturer's support centre as part of problem management. This is because most dumps, logs and traces are gigabytes in size and contain keys, passwords, user IDs, IP addresses, bank and company secrets or even personal data. This sensitive data is freely accessible to the manufacturer and its support staff and developers. Nobody really knows exactly what happens to IT diagnostic data, who accesses it, when it is deleted and what "special utilisation" takes place. If employees' accounts are then compromised by external hackers, they also have direct access to the sensitive data. This is what happened in the Microsoft case.

For the IT audit, this security and data protection gap means a new audit topic for the next audit of IT operations. The aim is to prevent damage to the company. After all, IT diagnostic files are in need of protection. The large volumes of sensitive data should be anonymised before being uploaded to the manufacturer, for example.

This presentation sheds light on the new audit topic of IT diagnostic data for IT audits and IT auditing and provides specific information on the relevant issues in the audit catalogues.

Speakers

Dr. Stephen Fedtke

Dr. Stephen Fedtke, CTO, ENTERPRISE-ITSECURITY.COM, Dr. Stephen Fedtke System Software, Zug

Dr Stephen Fedtke is Chief Technology Officer (CTO) of ENTERPRISE-IT-SECURITY.COM, a service division of the Swiss company Dr Stephen Fedtke System Software, based in Zug, specialising in IT security and compliance solutions.
As co-founder of this IT solution provider, he has been responsible for the development and implementation of highly innovative and reliable technologies for 20 years. Dr Stephen Fedtke is an industrial engineer specialising in electrical engineering. He is the author and editor of numerous specialised books in the field of information technology published by Springer Vieweg Verlag.

Location Map

Event Properties

Event Date 09. Apr 2024 16:40
Event End Date 09. Apr 2024 17:40
Capacity Unlimited
Individual Price free
Sprache / Language Deutsch
CPE Hours 1
Location Hybrid Event - Detecon (Schweiz), Zurich AG
We are no longer accept registrations for this event

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.