Security risks of common hardware
The paper will deal with the security risks associated with the current form of end user workstation hardware and the real impact on the overall security of today's ISs.
First, the architecture of today's workstation hardware will be outlined. Subsequently, the security risks identified by today's hardware will be identified, and these risks will be assessed against pre-selected workstation deployment models. The first model will be a regular corporate stationary workstation, and the second mobile-based workstation will be selected as the second model. The risk identification will be based on the assumption that the stations have implemented the standard security measures according to ISO / IEC 27001.
The second part of the paper will discuss the conceptual possibilities of the solution, which would eliminate the mentioned security risks. These solution options will be judged both in terms of the extent of the elimination of security risks and in terms of the level of guarantees provided. Concluding the contribution, the basic safety requirements for the development, production, distribution and support of final safety products will be set out for the discussed solutions.
Jiří Truxa works at S.ICZ as a system security architect, security consultant and key account manager. He has been working in the infromation security are for over 25 years. He has orignially worked on cryptographic and security products, but since the new millenium his focus has shifte to the security architecture of complex systems with a high degree of required security guarantees, both in the world of clasified information and in the commercial sphere.
Ondřej Steiner works at S.ICZ as a security consultant. He has been in the area of information security for 20 years, when he started he first focused on PKI, HSM and certification authorities, from which he moved to the general information security. He is currently focusing on cyber-security and personal data protection (GDPR) projects.