Main topic: Cybersecurity law, data centres, cloud computing, network monitoring
These articles were subject to peer-to-peer review
Click on headline to see more about article
Interview with Andrea Kropáčová
The co-founder and representative of the Czech national CSIRT (Computer Security Incident Response Team) talks about current changes related to the implementation of the Cybersecurity Act, the operations of corporate and national response teams, new threats and a shift in the mentality of users. The FENIX project focused on defense against DDoS attacks is also discussed.
Interview with Michal Čupa
The former board member of Český Telecom and CEO of Contactel, České Radiokomunikace and Microsoft Czech Republic, with extensive management experience in the Russian market, focuses on the role of intuition in making decisions about technology investments. He also speaks about the role of the Chief Information Officer and the Chief Information Security Officer in companies.
Executive orders supplementing Czech cybersecurity law – Part I.
This article describes which bodies are subject to the Czech cybersecurity law, as well as their new duties. It provides a definition of critical infrastructure, and also discusses key information systems. The article includes several tables summarizing subjects, duties, requirements and impacts. The author, a professor of law at Masaryk University, also criticizes the process of implementing the law.
ISO 27018: The first international standard for personal data protection in cloud
This article focuses on the new ISO standard published last year. It describes the basic requirements and their relationship to EU regulation frameworks. The basic rules and requirements are divided into several categories, such as personal security, cryptography, etc. The impact on particular industries and audit related issues are also mentioned.
Operational security of the data center of České Radiokomunikace
This case study describes building the data center, with special focus on ensuring operational security. It defines potential clients and their needs, and sums up the requirements of the relevant standards. It also describes in detail the following areas: electricity supply, connectivity, temperature regulation, fire protection, water protection and access protection. The last part of the text is focused on regular audits, support, maintenance and supervision.
Network monitoring at Seznam.cz
Tomáš Dědek, Eva Neduchal Podskalská
This case study from the largest Czech internet company shows Seznam from the network infrastructure perspective. The initial situation is described as well as client requirements and the basic alternatives of architecture. The solution, based on FlowMon by INVEA-TECH is introduced. The last part of the article is about the implementation at two data centers of Seznam.cz
Forensic analysis overs SIEM
A fictional case study describes investigation of leak of creadit card information. It is explained how forensic module operate. The process of investigation is depicted step by step, including particular outputs and screen views.
Ivan Noris, Radovan Semančík
At the beginning, the article describes Role Based Access Control concept, which results in explosion of role number. Hybrid RBAC models are discussed in the following part. The second part of the article is focused on case study of implementation of a multi-tenant solution for local government.
Lawyer data in the cloud
This contribution investigates the impact of a recent decision of the City Court in Prague. This decision partially disrupted the protection of client information stored by an advocate in a data center. The article discusses the duty of advocate confidentiality, police searches of premises and the role of the Czech Bar Association.
IP addresses as new personal data?
Pavel Mates, Vladimír Smejkal
The main focus of the article is answering the question: what can be considered as being personal data? It shows that technological progress results in continually changing definitions of personal data. The second part of the article is dedicated to specific features of e-mail addresses and IP addresses. Some decisions of European courts are also discussed.