DSM 2010/3

Main topic: Electronic signature, safety in health care.

 PUBLISHED: 27.09.2010

6) Interview with Chris Mitchell
Editor-in-chief of DSM, Jaroslav Dočkal,interviewed the Professor of Information Science at the Royal Holloway University in London, Chris Mitchell.

10) Security in Healthcare Via Standards
Alena Hőnigová
Personal health information is considered to be the most private personal information. This article gives examples of selected international and European standards, technical reports and technical specifications. In these documents we can find a way of resolving and preventing security issues in healthcare. The article also lists other documents that define electronic healthcare records or requirements on reference architecture.

14) Testing Security Policies
Viktor Tichý
Why and how should ICT security policies be tested? How does this testing differ from penetration testing? This article answers these questions, analyzes the process of introducing regular security policy testing and gives a practical example.

18) The Experiences of a Penetration Tester – Part I
Martin Mačok
The author provides an overview of the trends he identified during his work in the field of security consulting. It is clear from his experience that the situation is especially difficult for wireless networks and web applications.

22) Monitoring Employees is Legal!
Jan Mikulecký
Monitoring employees is a delicate topic that the Office for Personal Data Protection (UOOU) tries to resolve by prohibiting any control over company ICT. The author argues against the, in his opinion, one-sided view of the Office which, exceeding its authority, tries to limit the rights of employers and at the same time provides a guide for employees on how to deal with their personal affairs during working hours without any fear of sanctions.

26) From Golf to BCMS Certification
Libor Široký
Business Continuity Management has evolved significantly over the last 40 years, from the original concept focusing on formalized activities for managing mainframe breakdowns to the current Business Continuity Management Systems (BCMS) certification. The objective of this article is to explain the main steps in the development of this area of security, including the main information about implementation, the certification audit of BCMS and the interconnection with other management systems.

30) Electronic Signature Use in Slovakia
Pavol Frič, Július Lintner
This article is a free continuation of an already published article on electronic signatures in Slovakia. It particularly focuses on a specific implementation of electronic signatures. Based on an evaluation of the success of the implementation, the article identifies the main limiting factors that will have to be resolved in the future.

34) Stumbling Blocks in Guaranteed Electronic Signature Verification
Petr Budiš
A number of articles have been written about electronic signatures. Only limited space has been devoted to the correct steps for verifying guaranteed electronic signatures by the recipient of the electronically signed document. With the growing number of messages sent through data boxes in particular, this topic is becoming more important. This article points out several stumbling blocks that have to be resolved by a recipient of messages with a guaranteed electronic signature.

38) (In)Secure HTTPS – part I
Radek Krejčí, Pavel Čeleda
Securing web communication is a topical security issue. A number of questions are connected with the use of HTTPS on web servers, with the issue of certificates, their verification by clients and with dealing with untrustworthy certificates. This article also poses the question as to whether the root certificates of CA are really trustworthy.

42) A Common Standard for Key Management
Jaroslav Dočkal
By the time the magazine goes to press we should have an approved first version of the KMIP protocol that deals with the current issues of the insufficient interoperability of cryptographic devices in the client – server set up. This article contains the characteristics of the protocol, its specification, a description of message exchange and the cryptographic functions used.

48) Sales of Fake Antivirus Now Also Over the Phone
Viral page
This new type of cyber crime, originally aimed only at English-speaking countries (UK, U.S.A., Australia), has lately started to appear in many other language environments. The first cases have already been recorded in the Czech Republic.

The articles on pages 10-46 were subject to an expert opponency by the Editorial Board of DSM.