DATA SECURITY MANAGEMENT ARCHIVE
Browse an archive of past issues of our magazine

back  Back to DSM magazine...

DSM 2014/2

2015 2

Main topic: Banking, mobile devices, authentication

 PUBLISHED: 17.06.2014

 rr These articles were subject to peer-to-peer review

INTERVIEW WITH KAREL SOUKENÍK
[Page 6 ]
Petr Hampl
The CFO of Sberbank in the Czech Republic speaks about approving investments, business methodologies and the costs of information security. He comments on the current draft of the Cybersecurity Act and contemplates the role of human failings in cybercrime. A part of the interview is focused on cloud computing – Mr. Soukeník questions the assumption that moving data to an advanced cloud provider results in increased security risks.

INTERVIEW WITH ALLAN ANT
[Page 10 ]
Petr Hampl
The Research Vice President at Gartner introduces people centric security as a more effective alternative to command centric security. However, the main part of the discussion is dedicated to identity and access management systems implementation.  Mr. Allan lists the most common reasons of projects failing: First, a focus on technology instead of processes. Second, too much automation, and finally, the efforts to achieve compliance through identity and access management.

MOBILE POLICIES
[Page 12 ]
Lukáš Bláha, Martin Tobolka
The authors explain which devices should be covered by a corporate mobile policy, the model of threats used as a base for a mobile security policy, define the minimum mandatory measures and discuss mobile device management and mobile application management features. The final part of the article is focused on user monitoring.

BACKUP IN TELEPLAN
[Page 15 ]
Josef Novikmec
This case study describes a project for backup technology implementation focused on desktops and laptops containing critical business data. There are particular sections on the basic technology choices, the testing of different alternatives, the choice of products and vendors, detailed functional requirements and technical design and implementation. The return on investment is also discussed. 

BIOMETRIC FACIAL RECOGNITION
[Page 18]
Tomáš Valer
This article focuses on the differences between 2D face recognition and the new 3D face recognition. It explains the technical principals of 3D face scanning, provides information about the products currently available on the market and shows some examples of practical use. The second part of the article provides a case study of 3D face recognition implementation at Sberbank in Moscow. 

OUTSOURCED INFORMATION SYSTEMS SUPERVISION IN THE BANKING INDUSTRY
[Page 24]
Martin Fleischmann
The Czech National Bank expert defines outsourcing in detail and explains the approach to supervision at the national bank, as well as the key standards which banks need to ensure compliance. He also discusses the particular types or risks, such as legal risks, risk of losing governance, risk of loss of auditability and reputation risk etc.

BEHAVIORAL  ANALYSIS IN NETWORKS
[Page 28]
Mikuláš Labský, Pavel Minařík
The article explains why it is important to analyze data flow within LAN and WAN. Technologies for such monitoring are also described,  with special focus behavioral analysis tools. Their implementation is demonstrated on case studies from ČD – Telematika and Thomayer Hospital in Prague.

SQL INJECTION ATTACKS – PART II
[Page 32 ]
Lukáš Antal, Maroš Barabas, Petr Hanáček
This second part is focused on uncommon attacks through SQL injections and their impact on the security of information systems and operations over file systems, data recording on discs, JavaScript abusing and Port Scanning.

CHANGES IN NEW VERSION OF PCI DSS 3.0 – PART II
[Page 36]
Jakub Morávek
The Payment Card Industry Data Security Standard defines the set of minimum requirements for the security of data about card users. This article describes some of the changes and summarizes the impact on companies submitted to a compliance audit.

SECURITY OF CONTACTLESS CARDS
[Page  41]
Martin Henzl, Maroš Barabas, Radim Janča, Petr Hanáček
The article explains technical principles of card authentication, user identification and transaction authorization, with special focus on EMC standard. Weaknesses in contactless cards protection are discussed in the following part of the particle, which also describes most common attack, such as PrePlay, Relay, SDA Replay  and Man-in-the-middle.

Contact us

TATE International s.r.o.
Hořejší nábřeží 21, 150 00 Praha 5

phone  Phone: +420 737 215 220
email  E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 
 

Na naší webové stránce používáme cookies. Některé z nich jsou nutné pro běh stránky, zatímco jiné nám pomáhají vylepšit vlastnosti stránky na základě uživatelských zkušeností (tracking cookies). Sami můžete rozhodnout, zda cookies povolíte. Mějte prosím na paměti, že při odmítnutí, nemusí být stránka zcela funkční.

Přijmout
Back to top