Main topic: Authentication, digital signatures
PUBLISHED: 11.03.2014
These articles were subject to peer-to-peer review
Interview with Vitězslav Bogač
[page 6]
Petr Hampl
The CIO of the electricity company, ČEZ, speaks about outsourcing, commodity IT services, justifying investment in IT security and about situations where innovation is prevented by information security worries. He also comments on the Cyber Security Act.
Antivirus protection testing
[page 12]
The author starts with the broader problems of testing IT security products and services. He then focuses on selecting malware for antivirus protection testing and explains the most common failings of such testing as well as the rules for interpreting results. The final part of the article concerns testing of the demands placed on system resources.
Authentication
[page 18]
Václav Matyáš
Certain factors which can influence future user authentication are discussed. Some chapters are particularly focused on biometric signatures and new dimensions of authentication – the ability to verify not only the identity of a user, but also their position and their communication with other systems. New opportunities and potential threats are also discussed.
Changes in PCI DSS 3.0. – Part I
[page 25]
Jakub Morávek
The latest version of the Payment Card Industry Data Security Standard was issued last year. This article explains which subjects need to be compliant with this standard and demonstrates the three year cycle of the standard. It describes the changes in particular sections of the norm: general application rules, firewall configuration, saved data protection, data encryption during transmission, firewall protection, application development and information access management.
Czech POINT identity management with integration to Central Registers
[page 28]
Martin Šlancar
This case study describes the processes and technology architecture for the decentralized distribution of identities for 100 000 Czech POINT users in 8 000 organizations. A section of the article is focused on Single Identity Space as well as the requirements connected to Central Registers implementation and the solution of these tasks. The final section informs about the current project for data synchronization between Single Identity Space (users) and the Central Registers (citizens).
The application of foreign standards in preparations for Czech Government Cloud projects
[page 32]
Václav Žid
The author declares that the Cloud projects of the Czech central government authorities are hindered by the nonexistence of standards. However, some foreign standards and principles can be applied, with U.S. federal government standards being particularly useful. This article informs about documents by ENISA, as well as the Cloud First and FedRAMP programs. A reference model and a recommended methodology for risks estimation are also described.
The new European Directive for digital signatures
[page 36]
Martin Vondrouš
This new piece of European legislation, already approved by the European Commission and awaiting approval from the European Parliament, should create a consistent legislative framework and thus support the international exchange of trusted digital documents. This article sums up the legacy legislation and focuses on particular areas covered by the proposed directive: digital signatures, digital archives, trusted authorities, trusted systems of message delivery, digital identification and trusted website certificates.
SQL injection attacks – Part I.
[page 40]
This article describes the most frequent attacks against websites connected to databases. The general principle of SQL injection is initially explained, followed by four particular methods: Chained questions, UNION questions, Blind SQL Injection and Time based Blind SQL Injection.
The articles on pp. 12-17, 20-44 were subject to a peer-to-peer review by the Editorial Board of DSM.
Phone: +420 737 215 220
E-mail: