Dr.-Ing. Markus a Campo

  
I am an expert witness who is public appointed and inaugurated by IHK Aachen with the subject of „Systems and Applications of Information Technology, with  special regard  to IT-Security”.

My focus

• Webshops and web applications
• Smartphone security
• Cybercrime
• EC and credit cards
• Incident response and forensic analysis of computers and smartphones
• ISO 27001 and BSI baseline security
• Estimation of the market value of companies (e.g. for IPO)

My skills

• Consulting and expertises in the area of information security
• Security check/audit/review
• Security analysis of networks
• Forensic analysis of IT-systems (computer and smartphones)
• Security analysis of internet shops
• Concepts and accomplishment of penetration tests
• Use of cryptography
• Use of smartphones in companies (iPhone, BlaclBerry, Symbian, Android, Windows Mobile/Phone)
• Analysises according to the standards BSI Baseline Security, ISO 27001/27002
• Review of the rules of complex firewall systems
• Systems for electronic payment (EC-Card, credit cards, GiroPay)
• Professional training in all areas of information security

My projects 2012

Activities as expert witness

• Estimation of the value of the Brasilian online business of a company
• Estimation of the value of the Mexican online business of a company
• Estimation of the value of the Argentinian online business of a company
• Forensic analysis of a iPad
• Security of debit and credit cards

• Concept review of a remote access via Microsoft Remote Desktop
• Risk analysis of a digital archive
• Concept review/code review of the web portal of an assurance company

• Software Quick Check Security Audit (author and editor)
• Handbook Netzwerksicherheit (Network Security) (author and editor), WEKA Kissing, Subjects as author: Data storage und access management, secure configuration of IIS 7.5, Security checkt

• Certified Mobile Device Manager (Stuttgart)

My Projects 2011

Activities as expert witness

• Security of transactions on ATMs with EC- and VISA-Cards
• Possible misuse of a credit card
• Estimation of the value of a software in the aera of electrical power supply
• Estimation of the value of the online business of a company in preparation of the IPO
• Secure use of the search engine of SharePoint 2010
• Scope and value of accomplished work for a web application
• Possibilities of fraud detection in case of misuse of debit and credit cards
• Estimation of the value percentage of a scientific project within a software product
• Estimation of the value of the U.S. American online business of a company
• Estimation of the value of the Canadian online business of a company
• Security of iTAN plus and HBCI for online banking
• Secure usage of a Cisco PMX gateway

Activities as consultant

• Audit of an archive system
• Evaluation of the security of three webshops
• Forensic analysis of an iPhones
• Protect company data on smartphones, Interview at SearchSecurity.de
• How to use smartphones with Windows Phone 7
• Incident response of a hacked web application
• Audit of the computer center of an outsourcing provider
• Rewiev of a server and firewall concept
• Incident response after an intrusion via internet
• Concept review/code review of a web application
• Forensic analysis of a laptops, a USB-Stick, and a BlackBerry smartphone
• Forensic analysis of two harddiscs after a virus incident
• Security scan and concept review of an IIS installation
• Concept review for a connection of external devices to a corporate network using Microsoft Direct Access
• Malware threats for systems with Mac OS X
• Concept review of a solution for automatic provisioning of iPads for the connection to a corporate network
• Review of a configuration of laptops with Mac OS X for the secure connection to a corporate network
• Analysis of potential riskes based on cultural differences
• Concept review of VPN access of EEG generators

Activities as author

• Software Quick Check Security Audit (author and editor), WEKA Kissing, Subjects: BSI baseline security, ISO 27001, SAS70/IDW PS 951
• Handbook Netzwerksicherheit (Network Security) (author and editor), WEKA Kissing, Subjects as author: Hardening of BlackBerrys and iPhones, Smartphone forensics, Linux network backup, anti-virus systems, Internet Explorer 9, Firewalls, Incident Response, Usage of the McAfee tools
• How secure is the iPhone concerning chroot, encryption, and backup, Article in SearchSecurity.de
• How to use tools to secure iPhone against unwanted access, Article in SearchSecurity.de
• Blackberry OS from RIM – security concept and risks, Article in SearchSecurity.de
• Hints for a secure configuration of iPhones via enterprise software, Article in SearchSecurity.de
• Android - security concepts and risks within Google's smartphone OS, Article in SearchSecurity.de
• Secure integration of BlackBerry and Apple smartphones in corporate networks
• Security concept of SiMKo2 smartphones of BSI and German Telekom
• Smartphone Forensics, WEKA Kissing
• CompTIA Security+ - Preparation for the Examination SYO-301, mitp-Verlag Frechen

    
Activities as trainer

• IT Forensics, Tübingen (2x)
• Lecture: Forensic Expertises
• IT Forensics, Esslingen
• Secure Integration of Smartphones & Tablets in Corporate Networks, Düsseldorf (2x), Frankfurt/Main (3x), München (2x)
• Smartphones and Data Protection, Düsseldorf
• Smartphone Forensics, Köln
• Lecture: Forensics in Court
• Security of Mobile Devices
• Lecture with the Subject "Practical  IT Security with the Standards ISO 27001 and BSI Baseline Security"
• In Five Days to Certified Mobile Device Manager (Days Four and Five)

Projects 2010

Activities as expert witness

• Evaluation of the appropriateness of a method for data backup
• Evaluation of the authenticity of e-mails
• Possibilities of unauthorised money drawing from ATMs with an EC-Card and a credit card
• Confiscation of a database of an internet shop due to the suspicion of unauthorised copying of the content of a competitor
• Estimation of the market value of a company due to the IPO
• Possibilities of unauthorised money drawing from an ATM with an EC-Card
• Examination of two external harddiscs with defects
• Evaluation of the security of webshops
• Evaluation of test and approval of a webshop

Activities as consultant

• Organisation and realisation of a security workshop
• Analysis of the security of iPhones and elaboration of solutions for the use in a company
• Analysis of the security of a webshop (code analyse, input validation)
• Review of the backup concept of a company
• Concept for an Exchange audit with the Microsoft Audit Collection Services (ACS)
• Review of the rulesets of a firewall cluster

Activities as author

• Software Quick Check Security Audit (author and editor), WEKA Kissing, Subjects: BSI baseline security, ISO 27001
• Handbook Netzwerksicherheit (Network Security) (author and editor), WEKA Kissing, Subjects as author: Smartphone security (iPhone, Blackberry, Android, Symbian, WebOS), Intrusion detection with Snort, remote administration, Microsoft System Center Mobile Device Manager, Hardening of BlackBerry Smartphones and iPhones via restrictive configuration of policies, Backup for Linux
• Windows Kompendium, WEKA Kissing, Subjects: Cloud computing with Microsoft Azure, Secure use of Exchange Server 2010
• Encryption in Theory und Practice, WEKA Kissing
• Security Audit for SME – Part 1: IT-Security According to the Standards ISO 27001 and BSI Baseline Security, Article in SearchSecurity.de
• Security Audit for SME – Part 2: How to combine the Standards ISO 27001 and BSI Baseline Security? Article in SearchSecurity.de
• Security Audit for SME – Part 3: Example audit: Access copntrol according to ISO 27001 and BSI Baseline Security, Article in SearchSecurity.de
• The best Security Apps for the Apple iPhone, Article in SearchSecurity.de
• Intrusion-Detection with Snort and additional toolss, WEKA Kissing

Activities as trainer

• IT Forensics, Tübingen
• IT Forensics for expert witnesses, Köln
• IT Forensics, Walldorf

Projects 2009

Activities as expert witness

• Evaluation of the functions and the degree of realisation of diagnosis systems for cars
• Inspection of a computer center and evaluation of the security measurements including the services
• Possibilities of access to a database of a hospital
• Possibilities of unauthorised money drawing from an ATM with credit cards (two cases)
• Analysis of an confiscated database of an internet shop regarding content which was unautorised copied from a competitor
• Private use of an business PC
• Expertise concerning freelancing or commercial services in the area of IT
• Analysis of a Navision database to find hints for the misuse of a license
• Analyses of the concept for data backup of a company
• Evaluation of the encryption software TrueCrypt for the use in a company
• Evaluation of the encryption software McAfee Endpoint Encryption for Mobile for the use in a company

Activities as consultant

• Analysis of computer systems for backdoors
• Evaluation of the patch management in a Windows-Forest environment
• Analysis of security guidelines, realisation of a workshops for the evaluation and completion of the guidelines
• Audit of a web application, search for security holes
• Monitoring of administrative tasks in MS Exchange

Activities as author

• CISSP, Mike Meyers and Shon Harris, German translation, MITP-Verlag Bonn, revision of the book for the 3rd edition
• Rootkits und SPAM, WEKA Kissing
• Security-Base/Security-Newsletter, WEKA Kissing
• Software Quick Check Security Audit (author and editor), WEKA Kissing
• Handbook Netzwerksicherheit (Network Security), WEKA Kissing
• Handbook Windows Security Administration, WEKA Kissing

Activities as trainer

• Security Workshop Ljubljana/Slowenia
• Security Workshop Belgrade/Serbia
• Security Workshop Bucharest/Romania
• IT forensic with open source software, Brühl/Germany
• Lecture about information security and data protection - risks and responsibilities

Projects 2008

Activities as expert witness

• Inspection of a computer center and evaluation of the security measurements including the services
• Possibilities of unauthorised money drawing from an ATM
• Inspection of an ATM
• Forensic analysis of a hard disc, search for malware
• Possibilities of misuse of downloads (liable to pay costs) for mobile phones
• Analysis of accesses to a Windows-PC over dial-in connection
• Analysis and evaluation of a WLAN-concept for a company (two projects)

Activities as consultant

• Audit of a web application, search for security holes
• Possibilities of e-mail protection against internal attacks
• Audit of an Unix environment, search for security holes
• Audit of a SAP environment, search for security holes
• Concept for the secure handling of log data in a company
• Concept and researchs for products for the encryption of external e-mails in a company (webmailer/PKI)
• Concept and researchs for products for the secure use of USB sticks in a company
• Review of the rules of a firewall
• Analysis and evaluation of the secrurity of a Citrix environment
• Review of a VoIP environment under security aspects
• Forensic collection of evidences in the network of a company

Activities as author

• Sichere Nutzung des Internet Explorers (Secure Use of Internet Explorer), WEKA Kissing
• Security-Base/Security-Newsletter, WEKA Kissing
• Software Quick Check Security Audit (author and editor), WEKA Kissing
• Handbook Netzwerksicherheit (Network Security), WEKA Kissing
• Handbook Windows Security Administration, WEKA Kissing

Activities as trainer

• Security Workshop Bucharest/Romania (two events)
• Security Workshop Nürnberg