Main topic: Rozhovor s ředitelem NÚKIB, ISO 27701, penetrační testování, Data Subject Access Rights
ISSUE DATE: 25.6.2020
PUBLISHED: 25.6.2020
These articles were subject to peer-to-peer review.
Click on headline to see more about article
Interview with Karel Řehka
Daniela Seigová
Brigadier general Karel Řehka was on the 20th March, 2020 appointed to the position of National Cyber and Information Security Agency (NÚKIB) director. In the first of two parts of the interview he answers questions about his future visions, using his experience from military missions in the new function, managing NÚKIB’s financial resources and much more.
DSM | strana 7
Enhancing the security of PKI with blockchain technology
Yehor Safonov
This article discusses a possibility of enhancing the security of the classic Public Key Infrastructure (PKI) model with applying a revolutionary blockchain technology. In the first part, the author focuses on explaining the principles of the classical PKI system based on CA's trustiness and on the Certificate Transparency (CT) solution introduced by Google. The author presents security problems and risks related to mentioned models and outlines possible ways of defense against sophisticated attackers. The second part is focused on blockchain technology and integration with PKI. The text compares existing blockchain PKI models with a focus on the CertLedger solution, which can be successfully applied to enhance the security of PKI.
DSM | strana 11
Challenge called DSAR and what does the request for an access to personal data mean for the administratior – part I.
Petra Věžníková
The article deals with the data subject‘s right to access their personal data, and to obtain a copy thereof (according to Art. 15 GDPR). The first part of the article contained in this edition gives an overview of the substantive aspects of the right of access from the perspective of the data controller (content and scope of the right) and provides examples of sanctions imposed for non-compliance with GDPR in handling access requests.
DSM | strana 17
DevOps – part VIII.
Vladimír Kufner
This, last article of the whole series about DevOps summarizes previous articles and reflects future possible trends in DevOps. It indicates current status of DevOps, names of companies using DevOps. It recommends the most active companies participating on DevOps transformations. It summarizes DevOps web sites and companies associated.
DSM | strana 21
Slider
Václav Stupka, Jakub Vostoupal
This article deals with the European framework for cybersecurity certification and with the changes this new EU legislation shall bring. It explains what the certification is, how the certification framework is supposed to function, which institutions are responsible for it and finally, it introduces the certification procedure itself.
DSM | strana 25
Penetration testing – part I.
Michel Quiroz
Article about the basics of a penetration test, informing the reader about key details of this type of IT security practice. Article covers general approach, process, industry standards, and defines multiple different aspects of a penetration test. Further explanation corrects common misunderstandings about the differences between penetration tests and vulnerability scans/red team exercises. As the first article in a series, it will provide the reader with a foundation on penetration testing to build upon for future articles.
DSM | strana 30
Cyberwar is coming. How does the preparation look from the hackers perspective?
Daniel Hejda
If we were on the brink of a cyberwar, how would the preparation look from hacker’s perspective? Find out how do attackers think and what activities precede the attack itself. This article explains why is the preparation phase crucial and why is it accurate to compare attackers to strategists or chess players.
DSM | strana 34
ISO 27701: an alternative to the GDPR certification
Petr Šimsa
The article is dedicated to introduction of standard ISO/IEC 27701: Privacy Information Management System. It describes basic differences in contradiction to ISO 27001 and introduces the possible usage of the standard including as alternative to GDPR Certification.
DSM | strana 42
Reponses to questions about a law amendment concerning providing cyber protection for the Czech republic
Currently widely discussed law amendment concerning providing cyber protection for the Czech republic brought into public attention many controversial opinions and some disinformation. Therefore we decided to create five comprehensive questions and send them to several public figures, specialists and experts to give them a fair chance to express their opinion and make a clear statement. This article offers collected answers.
DSM | strana 46
SECTIONS
- Virus section DSM | strana 54
- Standards and publications DSM | strana 55
- News from partner companies DSM | strana 56
- Legal advice DSM | strana 57
- Management summaryDSM | strana 60
- Colophon DSM | strana 62