DSM 2015/2

Interview with Marie Kovářová

Petr Hampl
A board member of Ceska Pojistovna explains her view on information security, especially on investment approvals processes, long-term strategies, requirements on a chief information security officer and risk appetite. Trends, future technologies and new threats are also discussed.

Interview with Jeffrey Bardin

Petr Hampl
The leading information officer of the Treadstone 71 project states that defense based strategies have failed. According to him, a new paradigm is needed, based on a counterstrike or even a preventive strike. Mr. Bardin also explains his view on the role of the State in information security as well as his view on the relationship between an IT manager and a chief information officer.

Reporting of security incidents

Edited Andrea Kropáčová
The key rules and guidelines of security incidents reporting are discussed in this article. The content of reports, communication channels, the critical need of speed and the role of creativity in incident response are also explained. The final part of the article is focused on the role and the operation methods of the Computer Security Incidents Response Team in the Czech Republic.

The implementation of encrypted virtual servers

Jiří Vrbický
A case study from a data center describes an implementation of a technical solution enabling clients to choose what virtual servers are encrypted and also to keep encryption keys under their control. In the first part, the technical requirements are explained. This is followed by a process of product selection, feasibility study, implementation and integration into the client interface of data center services.

Multiple factor authentication with a token

Jakub Horák, Václav Špáňa
The initial part of this contribution focuses on the limits of single factor identification as well as the limits of using a mobile phone as the second factor. The basic requirements of any token based solution, authentication process, implementation and integration to multiple applications are also explained.

Executive orders related to Czech Cybersecurity law

Fraud detection in the online environment

Jan Mészáros
A general model of online fraud and a system for its detection are introduced in this article. Fraud targets, the persons involved, ways of fraud realization (social engineering, man-in-the-middle, malware) and key features are covered. Special attention is dedicated to techniques of fraud detection, including fingerprinting, robot detection, behavior analysis and rules application.

Legal aspects of internal policies

Karel Malinka, Radim Polčák, Zdeněk Říha
This paper focuses on the key mistakes which should be avoided during the creation of internal security policies. The relationship between the requirements of internal policies and the law is also discussed, as well as proper definitions of basic terms such as “computer” and “mobile phone”. The final part is focused on aspects of executability.