DSM 2010/2

Main topic: electronic signatures, security certification.

 PUBLISHED: 17.06.2010

6) Interview with Aleš Špidla
Editor-in-chief of DSM, Jaroslav Dočkal, spoke to the director of cyber security at the Ministry of the Interior of the Czech Republic.

10) Electronic Signature Use in Slovakia
Pavol Frič, Július Lintner
An evaluation of the use of electronic signatures focusing on the legislation governing their use. The article summarizes the legislative situation in Slovakia and describes the approach to this legislation and the progress of its creation. It also describes the preparation of the infrastructure that creates the technical and organizational conditions for the use of electronic signatures in practical applications.

14) Principles of Vulnerabilities in 2008−2009
Marek Skalický
This article provides a summary of a research into the dynamic characteristics of a vulnerability life cycle based on the results of the scanning of thousands of organizations in 2008. The findings resulted in 4 main “Laws of Vulnerabilities” – quantifiable attributes used to demonstrate relations between the severity and quantity of discovered vulnerabilities and a time-frame for their remediation and exploitation.

18) Don’t Guess, Measure! 
Zbyněk Marx
A brief description of the ISO/IEC 27004 standard dealing with security. The article focuses on the purpose of measuring information security or a description of a program and a model of measurement. A graphical model of security measurement is attached as well as a practical example of a measurement concept, including a description of terms.

22) Vulnerability Scanner at ČSA
Tomáš Fencl
A short case study discussing the experience with a small scale vulnerability scanner implementation within a broader vulnerability management process.

26) Certification or Camouflage
Sulamit Bukovinská, Karin Gubalová
The article presents the usual problem of certifying ISMS to be compliant with ISO/IEC 27001. This problem refers to limiting executed activities to minimize time, human and financial resources and also successfully complete the certification process.

30) On the Trail of Chuck Norris
Pavel Čeleda, Radek Krejčí, Josef Kaderka
This article explains the problem of botnets (malware) exploiting vulnerabilities of SOHO (Small Office/Home Office) devices. Using the recent case of such a botnet, called Chuck Norris, we describe real experiences with the botnet discovery, its behavior analysis and the problems of taking down the botnet.

34) TPM or Trustworthy Computer
Pavel Tuček
An introduction to the operation of a trusted platform module, a description of its architecture and an explanation of the term Trustworthy Status. A sample trustworthy status of a system and several practical examples of the use of TPM to increase the security of a computer are also provided. The article also shows the potential risks of TPM misuse and certain imperfections in its implementation.

40) WLAN Surveillance Respecting Standards 
Jaroslav Dočkal
WLAN networks are often considered insufficiently secured and therefore unfit for the army, public sector, etc. The author demonstrates on the Motorola AirDefense Enterprise solution that even in this category of networks we can find products that comply with all the requirements of standards such as DoD, PCI, COBIT and others.

47) Conficker Supremacy Continues 
The Conficker worm still leads the statistics of the most frequent viral threats. There are also new threats and techniques that aim to rob users.

48) PR ICZ: Difficulties Electronic Signature Implementation
The article describes certain difficulties implementing electronic signatures can cause, in addition to their undisputable advantages.

The articles on pages 10-46 were subject to an expert opponency by the Editorial Board of DSM.