Main Topic: Internet of Things
These articles were subject to peer-to-peer review.
Click on headline to see more about article
Interview with Petr Kuchař
The interview for this issue DSM - Petr Kuchař, Director of the eGoverment Chief Architect Department, Ministry of the Interior. We discussed eIDAS implementation in the Czech Republic, identification in the electronic environment and related steps in the area of laws and related regulations.
Security framework for IIoT – Part I.
The first part of the series of two articles discusses the first of two parts of the new security framework for industrial Internet of Things published by Industrial Internet Consortium. The article explains the specifics of the region and the approach compares with the approaches of other standard-setting organizations and institutions. Further analyses the models chosen for addressing the risks and threats, and refers to an interesting example of the use.
Dire straits of communication in IT security
Vlasta Šťavová, Vít Bukač, Václav Lorenc
Communication is the key element not only in general human interactions; it’s also important for security. This article aims at the communication schemes during selected IT security situations – incident response and end-user communication, reporting to managers, and vulnerability notifications. Common mistakes and possible solutions are presented and discussed by the authors.
WSNProtectLayer – security layer for wireless sensor networks
Petr Švenda, Vašek Matyáš, Martin Stehlík, Andriy Stetsko, Dušan Klinec
This article presents a case study dealing with transparent privacy protection, intrusion detection and key distribution in wireless sensor networks deployed for critical infrastructure protection. We provide an analysis of functional and security requirements in three deployment scenarios, including relevant attacker models. Then we describe the design and testing of developed middleware supporting the required security aspects for the TinyOS platform, through transparent means of radio virtualization.
Impact of the General Data Protection Regulation
The protection of personal data has extremely broad scope of application. Consequently, these issues are actual and relevant for practically all private and public bodies. Recently adopted General Data Protection Regulation brings in many respects substantial changes into the legal regulatory framework. For this paper, we chose to briefly discuss namely the general exemptions, the right to be forgotten, new directs claims of data subjects, changes in institutional backing and the assessment of cross-border data transactions.
Information security and GRC issues
Governance, Risk management and Compliance. This discipline aims to synchronize information and activities across management of organisation, risks and compliance agenda. GRC tools can help organisations to gain control in dealing with compliance with regulation and legal requirements.
Unsolicited email and its impact on business processes
The author discusses existing e-mail “attacks” that use a social engineering method and e-mail. The authors focuses on team cooperation, communication and processes, rather than just purely technical countermeasures.
Cyber Hygiene Based on CIS Controls
The article draws attention to the increasingly used design of security measures called CIS Controls or otherwise Critical Security Controls (CSC). Provides an overview of the first five measures that are referred to as the basis for cyber hygiene. Points to the possibility of using CIS Controls not only for the design of security measures, but also for security products assessment.
Legal aspects of monitoring employee use of IT
Kamil Malinka, Jakub Harašta
The article deals with the question under what circumstances and to what extent is it possible to monitor the use of IT resources by an employee. We work in the existing legal framework, we have identified unquestionably correct practices and discussed complex cases such as blocking activities, their evaluation etc. The most serious problem is the very improper handling of data in relation to the subsequent preservation. We have also discussed the gap between the legal aspects and implementation.
The Amendment of the Act on Cyber Security – Part II.
In the first part of this article, we have already introduced the new European Union directive called NIS Directive and changes in definitions and changes of obligatory entities, which this directive is reflected in the draft amendment of the Act on Cyber Security. The second part of this series brings the latest information regarding the progress of deliberations on the draft amendment of the Act on Cyber Security and focuses on changes in obligations and penalties for non-compliance.
Forensic analysis of mobile phones – Part IV.
Jakub Kothánek, Jaroslav Kothánek
The forth part of the series about the forensic analysis of mobile devices explains how to extract the data from a mobile phone with operating systems iOS, Windows and BlackBerry. This part deals with connecting the phone to forensic tools, settings of this phone and possibilities of extraction of data. The article also describes what data can be from cell phones extracted and analysed.
Special use of flow charts
Jaroslav Dočkal, Lukáš Přibyl, Karel Šimeček
In addressing the economic problems in recent years increasingly used to process diagrams. They are suitable for defining the following activities within workflows and for their subsequent optimization. They are particularly suitable for training new employees. The article on the example shows the possibility of their use in the work of the SOC (Security Operation Center).