DATA SECURITY MANAGEMENT ARCHIVE
Browse an archive of past issues of our magazine

back  Back to DSM magazine...

DSM 2008/2

2006 2

Main topic: Information security management system.

PUBLISHED: 06.06.2008

6 / INTERVIEW ON IMPLEMENTATION OF SECURITY IN SKANSKA CS WITH A SECURITY MANAGER OF THE COMPANY
Mgr. Vladimír Tichý graduated from Pedagogická fakulta of Charles University, specialization pedagogy of physics and technical basics. He joined Skanska CS at 1995, being security manager from 2004. He was interviewed at his Prague office by editor-in-chief of DSM Jaroslav Dočkal.

10 / LEGAL COLUMN – EXPERTS FROM LEGAL FIRM ROWAN LEGAL RESPOND
We will learn whether there are legal limits for connection of monitoring devices at the client’s provider. If the information system contains programs from more providers, what is the liability of each of them caused by an error in the system? What guarantees an author or vendor of a protection system or firewall that forms part of the system?

12 / HOW TO MANAGE INFORMATION SECURITY?
KARIN GUBALOVÁ

The article describes implementation of information security management system (ISMS) according to ISO 27001:2005. It analyzes the most important phases of the project (setting the goal and scope, risk evaluation and decision on risk management, creation of security policy, implementation of security measures), problems encountered and their solution. The objective was to demonstrate the whole process on a practical example.

18 / MEASUREMENT OF EFFICIENCY OF SECURITY MEASURES
LUDĚK NOVÁK

Feedback that monitors functioning of a system and can highlight potential weaknesses plays an irreplaceable part in information security management system. In addition to a standard form of feedback (in a form of controls or audits) more emphasis is currently placed on measurement of efficiency of security measures. The article describes incorporation of indicators into the management system and experience with their use.

22 / DATA PRIVACY AND PROFILING
MAREK KUMPOŠT, VÁCLAV MATYÁŠ

This article first introduces the issue of data protection and formulates the problem of measurability for information privacy or data protection. The article then focuses on the information on user behavior in a monitored system – co-called user (behavior) profiles. The authors then show ways of processing such data and also their exploitation.

26 / EDI ARCHIVE ACCORDING TO EAL2 – PART I
DAVID C. HÁJÍČEK, ZDENĚK SEEMAN, PAVEL VONDRUŠKA

First in a series of articles describes a process of creation of an EDI archive. It focuses on an analysis of requirements and legislative restrictions, definition of security requirements and description of development of EDI archive according to the level EAL2 of the standard ČSN ISO/IEC 15408. The article does not describe the technical aspects of EDI archive, although it discusses some interesting selected ones.

32 / MOTIVATION OF PEOPLE WHEN CHANGING IT PROCESSES
RADEK BĚLINA

Relying on tools and processes and ignoring people issues is quite often the cause of failure of change of IT processes. The article summarizes practical experience and demonstrates how to get quickly to the first results and how to motivate employees at various levels during the project.

36 / QUO VADIS ITIL – PART IX. ADVANTAGES OF IMPLEMENTATION OF ITIL AND ROI
VLADIMÍR KUFNER

The article summarizes the main benefits of ITIL implementation and discusses them from the point of view of individual participants. It further discusses selected areas, for example government organizations. Last but not least it comments on ROI for ITIL and gives an example case.

42 / MAN IN THE BROWSER
LUDĚK RAŠEK, JIŘÍ KAPLICKÝ, VLADIMÍR PÁRAL

The authors draw an attention to a threat to web applications called “Man in The Browser”. The substance of this attack is in a modification of the behavior of the browser in order to compromise it. The article gives entry conditions for the attack, its scenario, protection possibilities and examples of attacks (fictitious internet banking).

47 / SERVICE PATCHES FOR WINDOWS
MILAN JIRSA

The contents of this article include the latest patches for Microsoft Windows – Service Pack 1 for Windows Vista and Service Pack 3 for Windows XP.

48 / TYPOSQUATTING, A.K.A. THE MISUSE OF TYPOS
ZDENĚK ŘÍHA

The misuse of the typos of Internet users when entering addresses has grown into a profitable business. The article presents the results of a study conducted last year by McAfee, Inc. on the subject of typosquatting.

Contact us

TATE International s.r.o.
Hořejší nábřeží 21, 150 00 Praha 5

phone  Phone: +420 737 215 220
email  E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 
 

Na naší webové stránce používáme cookies. Některé z nich jsou nutné pro běh stránky, zatímco jiné nám pomáhají vylepšit vlastnosti stránky na základě uživatelských zkušeností (tracking cookies). Sami můžete rozhodnout, zda cookies povolíte. Mějte prosím na paměti, že při odmítnutí, nemusí být stránka zcela funkční.

Přijmout
Back to top