MILAN HAŠEK
Milan Hašek is a graduate of the Technical College of Mechanical Engineering in Liberec (now the Technical University). He has worked in various positions at Česká spořitelna, since 1992. Throughout his career, he has focused on process management, information security, and information systems and technologies. He is currently the director of IS/IT security at Česká spořitelna.
JIŘÍ KAPLICKÝ
Jiří Kaplický is a graduate of the Institute of Information Studies and Librarianship of the Charles University Faculty of Arts. He has worked at Logica as a member of a group which focuses on IS/IT security since 2005. As part of this group, he mainly works on the issues of application and data security, security monitoring and risk analysis. He is currently the System Architect for Logica.
A COMPREHENSIVE CONCEPT FOR IMPLEMENTING SECURITY MONITORING SOLUTIONS
The case study in this presentation represents the comprehensive security monitoring solution at Česká spořitelna. The implementation of security monitoring is one of the basic requirements of the market regulator (the Czech National Bank) and therefore Česká spořitelna also complied as part of a group project being realized by EBG group. The project’s main objective was to standardize local implementation systems and central reporting at the group level. The local implementation of the system at Česká spořitelna involved not only the actual technical implementation of the specific technology and its considerable customization to the client’s standards and requirements, but also the design and implementation of further procedures and processes related to security monitoring, which also included the creation of knowledge bases and integration with the trouble ticketing solution. Another significant characteristic of this implementation was also the concentration on “non-technical” events which had a considerable impact on the business side, where the company’s own solution was implemented which made it possible to monitor and assess the risk levels of business operations performed by uses and the bank’s employees, with practically no interference with existing applications.
