DATA SECURITY MANAGEMENT ARCHIVE

Browse an archive of past issues of our magazine

back  Back to DSM magazine...

DSM 2009/1

2010 1

Main topic: Data leakage prevention (DLP) and security policy.

PUBLISHED: 09.03.2009

6/ Interview with Miroslav Trnka

Miroslav Trnka is a co-founder, co-owner and general manager of ESET. The company was established in 1992 in Bratislava. Its key product up till now has been the antivirus software, NOD32. The software was enhanced in the last two years with firewall and antispam software. ESET’s Linux products are also available on the market and are designed to protect corporate clients and are also offered as freeware tools for on-line detection and removal of malware and infiltration. Last year ESET started to establish a division for network security by acquiring the Czech company, Šetrnet.

10/ Results of PSIB SR ‘08
Lukáš Neduchal, Martin Stanek

The article informs readers of the selected results of the Information Security Survey in the Slovak Republic (Průzkum stavu informační bezpečnosti - PSIB SR ’08) and considers several information security trends. Compared with the previous two surveys, no significant changes (either positive or negative) have been identified in the basic questions of information security perception and management. The current status can be therefore evaluated as stable.

14/ Using DLP to Prevent Data Leaks
Jaroslav Dočkal

The article introduces a new DSM topic – DLP, or tools for the prevention of data leaks. It explains what this new class of software is used for, how it functions, what individual categories there are and how it is designed. It also mentions problems that can be encountered during the implementation of DLP and what customers should require from the vendors of DLP systems.

18/ New Methods to Prevent Data Leaks
Roman Šuffner

The article describes a modern approach to the protection of sensitive data and how to prevent data leaks from a company. It starts with a description of the main factors that influence the protection of data. Further, it focuses on the use of specialized products that enable companies to not only actively increase data protection and prevent data leakage, but also to practically enforce security rules and evaluate the efficacy of existing measures. It concludes with selected recommendations for the successful selection and implementation of products.

24/ Security Policies in Real Life
David Cón

The author summarizes his experience in the creation and implementation of security policies. By using examples, it demonstrates various mistakes made in the definition and implementation of security policies. It also tries to advise how to avoid these mistakes.

28/ Security is our job
Tonda Beneš

Critical thoughts on the practical implementation of security in the Czech Republic based on the author’s practical experience and experiences. The objective is to provoke the reader with a humorous and occasionally sarcastic style to think about serious issues. If you believe the article is about you, the reason may be that it really is about you.

32/ Vulnerabilities of On-line Systems – Part II
Ladislav Beránek

The second in a series of articles contains an analysis of the protection against using multiple identities (Sybil attacks). It delimitates target areas, evaluates vulnerabilities and classifies methods of protection. The article describes the whole spectrum of these methods.

36/ Trends in the Development of Electronic Authentication
Vladimír Smejkal

The article is devoted to electronic authentication in ICT. It analyzes various methods of two- and three-factor authentication and authorization and evaluates the risks. It addresses in more detail the methods of strong authentication. It stresses the fact that a sufficient level of security for authentication and authorization can only be offered by tools and methods based on multi-factor authentication that have to be in-line with general and special legislation.

40/ Session Riding
Jaromír Dobiáš, Zdeněk Říha

The article is devoted to attacks called “Session Riding”, which is a special category of attacks known as “Cross Site Request Forgery”. Session Riding attacks misuse a previous authentication of the user and can act under his identity without his knowledge.

44/ Difficulties of PKI in Real-life – Part I
Daniel Kouřil, Michal Procházka

The article summarizes several years of experience with implementation of PKI in a large distributed environment, a so-called grid. A number of problems discussed in the article are not visible in smaller systems and only become problematic when the infrastructure grows over a certain size.

 

Contact us

TATE International s.r.o.
Hořejší nábřeží 21, 150 00 Praha 5

phone  Phone: +420 737 215 220
email  E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 
 
Back to top