Main topic: Cloud, Incident management, Classification of Information, Risk management, ...
ISSUE DATE: 12.4.2018
These articles were subject to peer-to-peer review.
Click on headline to see more about article
How to deploy cloud services securely - Part I.
Karin Gubalová
The first part of the series focuses on general principles that will enable implementing of the cloud service and concurrently, taking into account the organization's security requirements. The areas of strategy, solution design and human resources are dis-cussed. At the same time, the article highlights some issues that, while they seem obvious, are often neglected in organizations.
DSM | page 10
How to risk - We cannot escape the risk management – Part I.
Richard Michálek
Benefits and pitfalls of risk management, tips on how to deal with it to benefit the organization.
DSM | page 14
Different incidents require different approaches
Zuzana Duračinská, Pavel Bašta, Martin Kunc
The article is describing incident handling process from the prospective of National cyber security team CSIRT.CZ. In the beginning general description of reported incidents from third parties is described. It is followed by two specific cases where neutral position of the team was used to solve the incidents which had number of other implications.
DSM | page 18
Cyber Education Survey
Martin Zbořil
PricewaterhouseCoopers performed in cooperation with TATE International a research on cyber awareness level of employees in Czech organizations. The research also focuses on techniques of security trainings and relation between the cyber awareness and performed training. This article brings a summary of interesting results.
DSM | page 21
Endpoint Detection and Response (EDR)
Pavel Krátký
In the fight with modern sophisticated threats a new proactive approach is needed. Today’s EPP (Endpoint Protection Platform) technologies used to protect endpoints, using preventive approach, are necessary, but not always funcional. Constantly evolving threat landscape fueled rise of new defense model, so called „Endpoint Detection and Response“ (EDR). This model is fundamentaly different from EPP and adds another advanced security layer, which goal is to detect, identify and target threats, based on behavioral analysis.
DSM | page 24
PSD2
Petr Budiš
At the beginning of this year, Directive EU on payment services in the Internal market (PSD2) began to apply. Its aim is to introdu-ce a new model of communication between the bank and its clients, which brings about the emergence of so-called third parties. They get permission to access bank accounts via the Internet. The Czech Banking Association has facilitated the creation of a common standard for open banking. Through the data interface of banks, the third parties will provide banking services to clients with the primary responsibility for settling payments remaining on the client's bank. If the bank performs the implementa-tion of both the data interface and the security concept correctly, the whole system will operate safely. Therefore, it is necessary to pay close attention to security, especially communication. Banks need to know who allows access to their systems.
DSM | page 28
What to understand GDPR as an opportunity
Antonín Beneš
Current state of preparations for application of GDPR regulation is moving fast towards unlimited buck-passing and a oce-an full of announcements and requests of concent which problably almost no one is going to read. The author of this lippy remark is traing to draw your attention to the fact the regulation doesn’t prevent creation of national rules that could bring a real improvement of a personal data security and increase legal certainty of all data processing parties. But it’s necessa-ry to do things in a proper order – start with an agreement on what we are willing to protect and why and after that proceed with finging how to do that. The GDPR will become just another beaurocratic obstruction bringing unnecessary costs and killing many praiseworthy activities if we just implement dully the current state of the regulation.
DSM | page 31
Slovak Electronic Identity Card (eID) – The Genesis – Part I.
Peter Handzuš
Secure, trustworthy and reliable electronic identification scheme is a cornerstone of eGovernment for every state seriously considering the transformation from industrial to digital era. Slovak republic is no exception and since December 2013 citizens can securely access public e-services comfortably from their homes via internet using their eID card. Identification and authentication by means of eID card is based on Extended Access Control (EAC) mechanism revolving around mutual authentication of eID card and service provider. It offers state-of-the-art security designed specifically for this purpose. The main goal was to provide citizens with the most efficient solution possible which maximally respects their rights for privacy and protection of personal data. First out of three anticipated articles explains the history of the Slovakian eID project, how identification and authentication with national eID card practically works and why it is considered highly secure and privacy valuing than other most frequent solution applied elsewhere.
DSM | page 34
CIS Controls version 7
Jaroslav Dočkal
The article introduces a new version of the draft controls from the Center for Internet Security. It discusses the reasons why these measures came out after 17 months in the new version, while ISO standards stagnated for a number of years in the same wording.
DSM | page 40
Phone: +420 737 215 220
E-mail: