Main topic: Information security management system.
6 / INTERVIEW ON IMPLEMENTATION OF SECURITY IN SKANSKA CS WITH A SECURITY MANAGER OF THE COMPANY
Mgr. Vladimír Tichý graduated from Pedagogická fakulta of Charles University, specialization pedagogy of physics and technical basics. He joined Skanska CS at 1995, being security manager from 2004. He was interviewed at his Prague office by editor-in-chief of DSM Jaroslav Dočkal.
10 / LEGAL COLUMN – EXPERTS FROM LEGAL FIRM ROWAN LEGAL RESPOND
We will learn whether there are legal limits for connection of monitoring devices at the client’s provider. If the information system contains programs from more providers, what is the liability of each of them caused by an error in the system? What guarantees an author or vendor of a protection system or firewall that forms part of the system?
12 / HOW TO MANAGE INFORMATION SECURITY?
The article describes implementation of information security management system (ISMS) according to ISO 27001:2005. It analyzes the most important phases of the project (setting the goal and scope, risk evaluation and decision on risk management, creation of security policy, implementation of security measures), problems encountered and their solution. The objective was to demonstrate the whole process on a practical example.
18 / MEASUREMENT OF EFFICIENCY OF SECURITY MEASURES
Feedback that monitors functioning of a system and can highlight potential weaknesses plays an irreplaceable part in information security management system. In addition to a standard form of feedback (in a form of controls or audits) more emphasis is currently placed on measurement of efficiency of security measures. The article describes incorporation of indicators into the management system and experience with their use.
22 / DATA PRIVACY AND PROFILING
MAREK KUMPOŠT, VÁCLAV MATYÁŠ
This article first introduces the issue of data protection and formulates the problem of measurability for information privacy or data protection. The article then focuses on the information on user behavior in a monitored system – co-called user (behavior) profiles. The authors then show ways of processing such data and also their exploitation.
26 / EDI ARCHIVE ACCORDING TO EAL2 – PART I
DAVID C. HÁJÍČEK, ZDENĚK SEEMAN, PAVEL VONDRUŠKA
First in a series of articles describes a process of creation of an EDI archive. It focuses on an analysis of requirements and legislative restrictions, definition of security requirements and description of development of EDI archive according to the level EAL2 of the standard ČSN ISO/IEC 15408. The article does not describe the technical aspects of EDI archive, although it discusses some interesting selected ones.
32 / MOTIVATION OF PEOPLE WHEN CHANGING IT PROCESSES
Relying on tools and processes and ignoring people issues is quite often the cause of failure of change of IT processes. The article summarizes practical experience and demonstrates how to get quickly to the first results and how to motivate employees at various levels during the project.
36 / QUO VADIS ITIL – PART IX. ADVANTAGES OF IMPLEMENTATION OF ITIL AND ROI
The article summarizes the main benefits of ITIL implementation and discusses them from the point of view of individual participants. It further discusses selected areas, for example government organizations. Last but not least it comments on ROI for ITIL and gives an example case.
42 / MAN IN THE BROWSER
LUDĚK RAŠEK, JIŘÍ KAPLICKÝ, VLADIMÍR PÁRAL
The authors draw an attention to a threat to web applications called “Man in The Browser”. The substance of this attack is in a modification of the behavior of the browser in order to compromise it. The article gives entry conditions for the attack, its scenario, protection possibilities and examples of attacks (fictitious internet banking).
47 / SERVICE PATCHES FOR WINDOWS
The contents of this article include the latest patches for Microsoft Windows – Service Pack 1 for Windows Vista and Service Pack 3 for Windows XP.
48 / TYPOSQUATTING, A.K.A. THE MISUSE OF TYPOS
The misuse of the typos of Internet users when entering addresses has grown into a profitable business. The article presents the results of a study conducted last year by McAfee, Inc. on the subject of typosquatting.