Main topic: Security education, digitization and security, user-friendly information security, ...
ISSUE DATE: 11.12.2018
These articles were subject to peer-to-peer review.
Click on headline to see more about article
Interview with Jaroslav Šmíd
Anna Roubíčková
Jaroslav Šmíd is the First Deputy Director of the National Cyber and Information Security Agency (NÚKIB), which has held the role of central cyber security authority in the Czech Republic since August 2017. We spoke with Mr. Šmíd about the activities of NÚKIB, education and awareness in the field of cyber security, and we did not forget to evaluate the first year of existence of this office.
DSM | page 6
Red/Blue team exercises
Radim Ošťádal, Radka Cieslarová
The article is focused on technical cyber security exercises, especially on Red/Blue team exercises. It shows how does the exercise look from the participant´s view and how complex the preparation is. There are mentioned benefits of such exercises and its relationship to different education methods.
DSM | page 12
Smart contracts – the future of blockchain?
Jaroslav Tajbr
„Smart contracts“ are automatized protocols used to secure, verify and/or enforce certain arrangements between the entities involved. Recently, smart contracts have often been mentioned with respect to the blockchain technology. The article deals with the legal-theoretical aspects of blockchain smart contracts and describes on specific cases their possible ways of use.
DSM | page 17
How to deploy cloud services securely – Part IV.
Martin Zbořil
PricewaterhouseCoopers performed in cooperation with TATE International a research on awareness of cloud services security in Czech organizations. The research focused on cloud services usage, their security risks, benefits, measures, and controls. Besides, questions regarding compliance and Czech national cloud were included in the research. This two-part evaluation brings the first part of a survey of interesting results.
DSM | page 23
WPA3 – Solution or Missing Opportunity?
Jaroslav Dočkal
The article discusses the vulnerabilities that led to this WPA3 certification notice. It clarifies its objectives, and related cryptographic algorithms, protocols and mechanisms. At the end of the article, the autor expresses his point of view on the real contribution of WPA3.
DSM | page 27
DevOps – Part II.
Vladimír Kufner
Second part of six-part series of articles about DevOps describes the most often used methodologies and standards the DevOps is being based on; in particular ITIL, Agile SW development and Lean IT. There are also further discussed major selected technologies (such as virtualization, containerization and cloud computing) playing non-interchangeable function of success factor enablement.
DSM | page 31
DLP technology and its current limits
Pavel Krátký
DLP stands for Data Loss Prevention. It aims to solve the risk of data leaving an organization. In the article, we will take a look at historical evolution and milestones in DLP. Also, we will try to answer the question, why DLP still isn’t a well--known technology after being more than ten years on the market.
DSM | page 40
Cryptography in the world of quantum computers
Jiří Pavlů
The article is concerned with problematics of the usage of quantum computers for cryptanalyzing contemporary schemes of asymmetric cryptography. Moreover, the ways of mitigation of potential quantum attacks are presented.
DSM | page 43
Czech Banking Association and its role in raising Security Awareness
Tomáš Hládek, Ondřej Koch
The joint article written by the authors from the Czech Banking Association and PwC (which provides support with security and crisis management topics to CBA) describes the role of the association in general at first. Subsequently it informs the reader about two recently conducted cyber-crisis management tests during which the banking sector showed it is prepared relatively well for a possible attack, but there’s still a room for some improvement.
DSM | page 47
Information assets and risks – Part I.
Miroslav Buda
In the first part of this two-part series the author focuses on the obligations in the area of information assets and risks management. Subsequently he presents the common mistakes, that are made by organizations during the framework implementation, together with their impact and practical examples. The mistakes will be used in the second part of this article to provide readers the knowledge how to avoid them.
DSM | page 51
The team of Czech hackers has not been hacked in London
Karel Macek
The growing need for IT security professionals is widely acknowledged worldwide. To help mitigate this shortage of skills, many countries launched national cyber security competitions targeting towards students, university graduates or even non-ICT profes-sionals with a clear aim to find new and young cyber talents and encourage young people to pursue a career in cyber security. The European Cyber Security Challenge (ECSC) leverages on these competitions by adding a pan-European layer.
DSM | page 54