Main topic: Data leakage prevention (DLP) and security policy.
6/ Interview with Miroslav Trnka
Miroslav Trnka is a co-founder, co-owner and general manager of ESET. The company was established in 1992 in Bratislava. Its key product up till now has been the antivirus software, NOD32. The software was enhanced in the last two years with firewall and antispam software. ESET’s Linux products are also available on the market and are designed to protect corporate clients and are also offered as freeware tools for on-line detection and removal of malware and infiltration. Last year ESET started to establish a division for network security by acquiring the Czech company, Šetrnet.
10/ Results of PSIB SR ‘08
Lukáš Neduchal, Martin Stanek
The article informs readers of the selected results of the Information Security Survey in the Slovak Republic (Průzkum stavu informační bezpečnosti - PSIB SR ’08) and considers several information security trends. Compared with the previous two surveys, no significant changes (either positive or negative) have been identified in the basic questions of information security perception and management. The current status can be therefore evaluated as stable.
14/ Using DLP to Prevent Data Leaks
The article introduces a new DSM topic – DLP, or tools for the prevention of data leaks. It explains what this new class of software is used for, how it functions, what individual categories there are and how it is designed. It also mentions problems that can be encountered during the implementation of DLP and what customers should require from the vendors of DLP systems.
18/ New Methods to Prevent Data Leaks
The article describes a modern approach to the protection of sensitive data and how to prevent data leaks from a company. It starts with a description of the main factors that influence the protection of data. Further, it focuses on the use of specialized products that enable companies to not only actively increase data protection and prevent data leakage, but also to practically enforce security rules and evaluate the efficacy of existing measures. It concludes with selected recommendations for the successful selection and implementation of products.
24/ Security Policies in Real Life
The author summarizes his experience in the creation and implementation of security policies. By using examples, it demonstrates various mistakes made in the definition and implementation of security policies. It also tries to advise how to avoid these mistakes.
28/ Security is our job
Critical thoughts on the practical implementation of security in the Czech Republic based on the author’s practical experience and experiences. The objective is to provoke the reader with a humorous and occasionally sarcastic style to think about serious issues. If you believe the article is about you, the reason may be that it really is about you.
32/ Vulnerabilities of On-line Systems – Part II
The second in a series of articles contains an analysis of the protection against using multiple identities (Sybil attacks). It delimitates target areas, evaluates vulnerabilities and classifies methods of protection. The article describes the whole spectrum of these methods.
36/ Trends in the Development of Electronic Authentication
The article is devoted to electronic authentication in ICT. It analyzes various methods of two- and three-factor authentication and authorization and evaluates the risks. It addresses in more detail the methods of strong authentication. It stresses the fact that a sufficient level of security for authentication and authorization can only be offered by tools and methods based on multi-factor authentication that have to be in-line with general and special legislation.
40/ Session Riding
Jaromír Dobiáš, Zdeněk Říha
The article is devoted to attacks called “Session Riding”, which is a special category of attacks known as “Cross Site Request Forgery”. Session Riding attacks misuse a previous authentication of the user and can act under his identity without his knowledge.
44/ Difficulties of PKI in Real-life – Part I
Daniel Kouřil, Michal Procházka
The article summarizes several years of experience with implementation of PKI in a large distributed environment, a so-called grid. A number of problems discussed in the article are not visible in smaller systems and only become problematic when the infrastructure grows over a certain size.