Main topic: Malware, adware, spyware, ransomware, allware … virus protection (principles, technology, news)
These articles were subject to peer-to-peer review.
Click on headline to see more about article
Interview with Ivana Janů
Interview for this issue of DSM was conducted with Ivana Janů, chairwoman of The Office for Personal Data Protection. We discussed both the processing of personal identifiable information and the cooperation with EU and upcoming General Data Protection Regulation. We will also find out about some news in The Office for Personal Data Protection.
DSM | page 6
Interview with Marek Střihavka
In an interview with a former member of an international group 29A, dealing with computer viruses, Marek Střihavka, nicknamed Benny, you will find out about life of a person, who became an unlikely celebrity on the field of information security. He will tell a story about a path, which lead him to being a virus author, up to the point, where he became the lead programmer of antivirus solution. Additionaly, we will find out about how he was impacted by the unjustified authorship of SQL Slammer worm, which brought him to publicity.
DSM | page 11
This paper discusses ransomware for mobile devices. It deals with the specifics of such ransomware, used payment methods and ways of spreading ransomware on mobile devices. Finally, it gives recommendations on how to defend against ransomware.
DSM | page 17
Case study – Defence against ransomware in Česká pojišťovna
Tomáš Bartoň, Petr Štengl
IT Security team of Česká pojišťovna focused mainly on active defence against penetration of malicious code into their network and security analysis for the protection of data against encryption. By sandbox deployment into the e-mail infrastructure, they were able to significantly increase the security protection of corporate data against attacks. Based on the obtained statistical data, this solution was very effective against ransomware.
DSM | page 21
Preparation for GDPR in practise – Part I.
There has been said a lot about GDPR in our magazine and it is time to have a look at what it means to fulfill the conditions of the new regulation in practice. In the beginning of the first episode of GDPR in practice, for last, we summarize the essentials and get acquainted with a preparation plan. In the following parts of this series, we will discuss each phase of the plan in more detail.
DSM | page 24
Security framework for IIoT – Part II.
The first part of the series of two articles discussed the new security framework for industrial Internet of Things published by Industrial Internet Consortium. In the second part of the series we will describe the structure of the building components of IIoT and protection will be discussed in greater detail for one of them – endpoint devices. From the article, it is clear that this category of devices, due to the often autonomous nature of its operations, requires a specific type of protection.
DSM | page 29
The Amendment of the Act on Cyber Security – Part III.
In previous parts of this article, we have already introduced the new European Union directive called NIS Directive and changes in definitions and changes of obligatory entities, which this directive reflected in the draft amendment of the Act on Cyber Security. Furthermore we’ve already focused on obligations of regulated entities. Final part of this article deals with determination process of Essential Service Providers and with ENISA’s role according to NIS Directive.
DSM | page 34
Use of holograms for the purposes of visual security of personal IDs
The article describes latest trends in an anti-counterfeit protection of personal documents, with a special focus on security holograms. In the first part, the key reasons are discussed why physical documents such as cards are an important tool of personal authentication and identification. The second part of the article is about security holograms as the most advanced technology of optical protection. General requirements on security holograms are summarized at the end of the text.
DSM | page 38
Forensic analysis of mobile phones – Part V.
Jakub Kothánek, Jaroslav Kothánek
The fifth part of the series about the forensic analysis brings a case study about extraction of a sample mobile phone. The article describes the procedure of an expert examination from delivery of evidences to writing the expert opinion. It highlights the potential pitfalls of investigation. The article explains which type of extraction should be used and why.
DSM | page 43
Product Review – Nexpose
Testing of the product designed for management of a whole lifecycle of a vulnerability. Starting with discovery phase and ticket assignment, up to mitigation and control check. You could say from A to Z.
DSM | page 50
Military intelligence builds active cyber defense
In April, the Chamber of Deputies will again address the amendment to the Act on the Military Intelligence and related changes. We asked a representative of Military Intelligence for a brief statement, to give us more insight into forthcoming changes and explain the reasoning behind it.
DSM | page 55
Book Review – How to Measure Anything in Cybersecurity Risk
DSM | page 59
- Virus section DSM | page 60
- The vulnerabilities DSM | page 62
- Standards & Publications DSM | page 65
- Information from partner companies DSM | page 66
- Legal section DSM | page 67
- Management summary DSM | page 69
- Masthead DSM | page 70