Main topic: Security outsourcing, outsourcing security.
6 / INTERVIEW WITH VLADIMÍR MATOUŠ
In May of this year, Mr. Matouš joined T-Systems Czech Republic as a Senior Vice President of ICT Operations. In this new position he should use experience from ICT management in the mobile operator environment and join development and delivery units for IT and telecommunications into one unit using the “One Factory” project. T-Systems will thus be able to offer to its clients solutions fully using the possibilities of integration of the both so-far divided worlds. The interview was carried out by the editor-in-chief of DSM, Jaroslav Dočkal.
10 / LEGAL COLUMN – EXPERTS FROM THE LEGAL FIRM, ROWAN LEGAL, RESPOND
The column explains whether the employer or manager is legally responsible in case an employee misuses his/her working tools (PC, Internet, etc.) to carry out illegal acts. You will also get an answer to the question concerning which legal tools are available to the employer to protect the organization’s data from misuse.
12 / SECURE OUTSOURCING IN PRACTICE
RADEK SAZAMA, MICHAL MORAVEC, MICHAL SRNEC, JAROSLAV DOČKAL
The article describes the main rules concerning security when outsourcing IT systems. It builds on the long-term experience of IBM and especially from the requirements of international clients and the results of audits at one of IBM's strategic centers for European clients that has been operating in Brno since 2001.
16 / SECURITY AS A SERVICE
The article describes development trends in IT and their impact on security. It deduces the division of security into logical layers from an analysis of development. Certain layers can then be outsourced without impacting overall information system security. The article further describes security trends using third party services and concludes by explanation what should not be missing in third party security offerings.
22 / IT AND SECURITY – RIVALS OR ALLIES?
The article brings a view on the cooperation between IT, which is usually only interested in operating IT technology, and the security department, which, by its insensitive intrusions, often makes enemies. not only out of IT but also of the users. By mutual cooperation at the strategic, tactical and operational levels these two, often antagonistic departments, can support the business objectives of the organization and by that help to not only decrease service downtimes but also protect sensitive information from leaking and unauthorized changes. This effective connection leads to decreased costs and speeds up of the process of introducing new services. It leads to an increase of profit for the whole organization.
26 / ZONE-BASED FIREWALLS
JIŘÍ SLINTÁK, JAROSLAV DOČKAL
The article describes a new approach for the creation of secure configurations based on a Zone-based Firewall model (ZFW). This model is compared with an older configuration model, CBAC, and an approach for the development of zone protection is proposed. It demonstrates by example how to transform the graphical projection of security policy on a configuration.
32 / DISASTER RECOVERY PLANNING – PART II
The second in a series of articles that describes the contents of selected chapters of disaster recovery plans. It deals above all with the recovery of individual systems and scenarios in case of a natural disaster. It also contains recommendations how to carry out real disaster recovery tests.
36 / QUO VADIS ITIL – PART XI.
The final in a series of 11 articles that deals with specific recommendations for successful ITIL implementation. It analyses various aspects as the human factor, organizational changes and supporting tools. It also analyses various implementation aspects – various methods and recommended steps.
42 / VULNERABILITIES OF ON-LINE SYSTEMS – PART I
The first in a series of two articles describing the issues and principles of attacks that can endanger the reliability of on-line systems, e.g. electronic auctions or activity sharing systems. It briefly analyses pseudo-anonymity and issues related to Sybille attacks, identity theft and reputation dissimulation. The article also gives examples of real attacks. It states that the systems described in the article are vulnerable using these attacks and do not use standard security countermeasures, because a central authority that could enforce these countermeasures usually does not exist or does not have enough power to do so.
46 / WINDOWS SERVER 2008
The article describes the new security features of Windows Server 2008, such as the modularity of the operating system connected with a role-based administration of the operating system and the installation of Server Core, an environment for script writing Windows PowerShell and changes in auditing. The article avoids a description of system elements that was described in articles published in previous issues of DSM.