Main topic: Kybernetická bezpečnost a zpravodajství, poskytovatelé řízených bezpečnostních služeb (MSSP)…
ISSUE DATE: 24.3.2020
PUBLISHED: 24.3.2020
These articles were subject to peer-to-peer review.
Click on headline to see more about article
Customers’ privacy in the environment of online advertisement on Czech web
Libor Polčák
Bid requests in Internet auctions for advertisement impressions propagate details about users, their attributes, browsers, location etc. Recently, several complaints have been lodged with several supervisory data protection authorities. This paper shows that special categories of personal data are processed in RTB initiated by Czech websites without seeking consent.
DSM | page 11
Data Retention obligation in case law of the Court of Justice of the European Union and Constitutional Court of the Czech Republic
Miroslav Uřičař
The obligation to retain traffic and location data (Data Retention) has been criticized due to its interference with the right to privacy since its adoption. The Data Retention obligation has already been subject to three decisions of the Court of Justice of the EU and three decisions of the Constitutional Court of the CR, the most important from them being the judgment of the Court of Justice declaring the Data Retention Directive invalid. In the pending case the Court of Justice has been requested by the French, Belgian and UK courts to assess whether their national Data Retention obligations are compliant with the EU law. Advocate General of the Court of Justice has presented his Opinion in these cases on 15 January 2020. In his opinion the means and methods of combating terrorism must be compatible with the requirements of the rule of law. Therefore, he states that the ePrivacy Directive precludes such legislation which imposes the obligation to retain, in a general and indiscriminate fashion, the traffic and location data of all subscribers, as is the case of the French, Belgian and UK legislation. The ruling of the Court of Justice could be expected in the coming months.
DSM | page 17
Analysis of the situation of digitalization
Peter Chrenko
Nowadays, the terms „digitalization“ and „digital transformation“ are either becoming a cliché or their interpretation differs from one person to another. It seems that the most common idea of what they mean is associated with implementing new technologies and applications in companies to make our and clients‘ life easier. The more money the company invests in them, the more „digital“ it is considered. The reality is, however, that these investments do not bring the desired effect, as we tend to get too caught up in this effort and forget about the most relevant – the client. The aim of this article is, using results of recent minisurveys, show what is the „digital reality“ in big companies. Secondly, it aims to suggest how to approach this issue with all its complexity and spread awareness within the public sphere, because it impacts not only the companies themselves but their clients and consequently the society as well.
DSM | page 23
DevOps – part VII.
Vladimír Kufner
This, last but one article of the whole series about DevOps summarizes achieved outcomes of transformation to DevOps and reflects future possible trends in DevOps. It discusses most often myths ad typical problems when transforming to DevOps.
DSM | page 30
Two decades of United Nations‘ attempts for the cyberspace stabilization
Richard Kadlčák
This article provides a historical overview of UN efforts to stabilize cyberspace dating back to the 1990s. The article also covers the current round of UN cyber-negotiations and identifies the main cleavages between states calling for the preservation of free, open, and secure cyberspace and those trying to restrict freedom online under the pretext of strengthening cybersecurity. In its concluding section, the article positions the Czech Republic in the context of UN cyber-negotiations and offers practical suggestions for a way forward with a view of stabilizing cyberspace at the global level.
DSM | page 36
Malware Emotet – Trickbot – Ryuk in the Benešov hospital
Adam Kučínský, Vojtěch Sikora
The article deals with the cyber attack on the hospital in Benešov, which took place in December 2019. The article describes the attack, the malware used in this case, the procedure after the detection of the attack and the measures to be applied to prevent and respond to these types of attacks.
DSM | page 39
Reality can be worse than the expectation
Martin Hlaváč
At the end of the year 2019, IT administrators of major financial institutions in the Czech Republic encountered unusual activities in the IT infrastructure of the company. During the verification process they concluded that the company had been hacked, and they tried to solve the problem on their own. But after several weeks of unsuccessful efforts, the AEC team was asked for help. Cyber security experts soon managed to uncover the unprecedented scale of the incident. They also detected the input vector into the system and then stopped the attack with precisely coordinated action. The final elimination of the attackers in the infrastructure of the institution was made possible by the deployment of the EPP/EDR solution and by subsequent manual termination of remaining hacker activities. During the investigation of the incident, the hackers were identified as members of the globally active group called Cobalt Group, which specializes in the illicit transfer of funds from companies and institutions.
DSM | page 44