Main topic: eGovernment security, payment system security
PUBLISHED: 04.12.2013
These articles were subject to peer-to-peer review
Interview with Martin Smith
[page 6]
Petr Hampl
A psychologist focused on information security issues explains why information leaks are so common in spite of the massive investment into technology protection. He also answers questions about motivating employees to follow security rules, the failings of a “police” mentality of security managers and provides comments on the European directive on cyber security which is currently being drafted.
Interview with Jiří Jirka
[page 11]
Petr Hampl
The economic deputy of the Czech Minister for Trade and Industry speaks about his view on the outlook for Czech IT, with special focus on technical universities, the Digital Czechia program, the organization of IT services across Czech central government and the impact of the disproportional focus on pricing on the quality of government IT systems.
The Czech Cybernetic Security Act and its impact on companies
[page 14]
Vladimír Rohel
This article explains the key pillars of the law which is currently being drafted: technical neutrality, benefi tting from established norms and minimal coercion. The proposed law establishes both state and national Computer Emergency Response Teams and creates new obligations for critical information systems providers.
The actual situation of The Czech Cybernetic Security Act
[page 18]
Vladimír Smejkal
Origins of the law discussed are explained as well as its original intention. In the second half of the article, key diffi culties of the suggested norm are explained: Terminology different from other laws regulating similar area, moving of defi nition of duties of the system operators from the act to an executive order and missing coordination with other legislative activities of the government.
Payment Applications Security Testing
[page 24]
Jan Mészáros, Radek Šichtanc
The authors show the differences between usual penetration testing and the testing of payment applications. They pay special attention to internet banking, mobile banking and payment gates for internet shops. They also describe the key protective tools and mechanisms which can be implemented in response to the fi ndings of testing.
Practical Remarks on the Implementation of Intrusion Prevention Systems
[page 32]
Roman Mikeš
The first part of this contribution is focused on the most frequent mistakes in IPS/IDS implementation, followed by explanations for tuning IPS/IDS systems so that the maximum number of attacks can be prevented and a minimum number of false alarms are caused. The final part of article recommends the insertion of an IPS/IDS tool into the overall security architecture of an organization.
Information Security Management System 2013
[page 37]
Luděk Novák
New versions of ISO/IEC 27001 and ISO/IEC 27002 are more practical, involve less bureaucracy and cover some areas which were not covered in the previous version from 2005, in particular the security of information system development. The conditions for a company’s transition to the new norms and recertification are also explained.
Ilegal Monitoring of Communications in GSM Networks
[page 42]
Ivan Junek, Michal Kašík
The GSM standard has already been published in great detail and its cryptography has also already been broken. This has resulted in increased risks of illegal monitoring of both voice and SMS communications. The technical principals of active, semiactive (man-in-the-middle) and passive monitoring, as well as some options for protection are described in this article.
Phone: +420 737 215 220
E-mail: