DATA SECURITY MANAGEMENT ARCHIVE

Browse an archive of past issues of our magazine

back  Back to DSM magazine...

DSM 2016/4

2016 4
Main Topic:
Internet of Things

 PUBLISHED: 8.12.2016

 

rr These articles were subject to peer-to-peer review.

Click on headline to see more about article

Interview with Petr Kuchař

The interview for this issue DSM - Petr Kuchař, Director of the eGoverment Chief Architect Department, Ministry of the Interior. We discussed eIDAS implementation in the Czech Republic, identification in the electronic environment and related steps in the area of laws and related regulations.

Security framework for IIoT – Part I. rr

Jaroslav Dočkal
The first part of the series of two articles discusses the first of two parts of the new security framework for industrial Internet of Things published by Industrial Internet Consortium. The article explains the specifics of the region and the approach compares with the approaches of other standard-setting organizations and institutions. Further analyses the models chosen for addressing the risks and threats, and refers to an interesting example of the use.

Dire straits of communication in IT security rr

Vlasta Šťavová, Vít Bukač, Václav Lorenc
Communication is the key element not only in general human interactions; it’s also important for security. This article aims at the communication schemes during selected IT security situations – incident response and end-user communication, reporting to managers, and vulnerability notifications. Common mistakes and possible solutions are presented and discussed by the authors.

WSNProtectLayer – security layer for wireless sensor networks rr

Petr Švenda, Vašek Matyáš, Martin Stehlík, Andriy Stetsko, Dušan Klinec
This article presents a case study dealing with transparent privacy protection, intrusion detection and key distribution in wireless sensor networks deployed for critical infrastructure protection. We provide an analysis of functional and security requirements in three deployment scenarios, including relevant attacker models. Then we describe the design and testing of developed  middleware supporting the required security aspects for the TinyOS platform, through transparent means of radio virtualization.

Impact of the General Data Protection Regulation rr

Radim Polčák
The protection of personal data has extremely broad scope of application. Consequently, these issues are actual and relevant for practically all private and public bodies. Recently adopted General Data Protection Regulation brings in many respects substantial changes into the legal regulatory framework. For this paper, we chose to briefly discuss namely the general exemptions, the right to be forgotten, new directs claims of data subjects, changes in institutional backing and the assessment of cross-border data transactions.

Information security and GRC issues rr

Pavel Krátký
Governance, Risk management and Compliance. This discipline aims to synchronize information and activities across management of organisation, risks and compliance agenda. GRC tools can help organisations to gain control in dealing with compliance with regulation and legal requirements.

Unsolicited email and its impact on business processes rr

Václav Lorenc
The author discusses existing e-mail “attacks” that use a social engineering method and e-mail. The authors focuses on team cooperation, communication and processes, rather than just purely technical countermeasures.

Cyber Hygiene Based on CIS Controls rr

Jaroslav Dočkal
The article draws attention to the increasingly used design of security measures called CIS Controls or otherwise Critical Security Controls (CSC). Provides an overview of the first five measures that are referred to as the basis for cyber hygiene. Points to the possibility of using CIS Controls not only for the design of security measures, but also for security products assessment.

The Amendment of the Act on Cyber Security – Part II. rr

Martin Konečný
In the first part of this article, we have already introduced the new European Union directive called NIS Directive and changes in definitions and changes of obligatory entities, which this directive is reflected in the draft amendment of the Act on Cyber Security. The second part of this series brings the latest information regarding the progress of deliberations on the draft amendment of the Act on Cyber Security and focuses on changes in obligations and penalties for non-compliance.

Forensic analysis of mobile phones – Part IV. rr

Jakub Kothánek, Jaroslav Kothánek
The forth part of the series about the forensic analysis of mobile devices explains how to extract the data from a mobile phone with operating systems iOS, Windows and BlackBerry. This part deals with connecting the phone to forensic tools, settings of this phone and possibilities of extraction of data. The article also describes what data can be from cell phones extracted and analysed.

Special use of flow charts rr

Jaroslav Dočkal, Lukáš Přibyl, Karel Šimeček
In addressing the economic problems in recent years increasingly used to process diagrams. They are suitable for defining the following activities within workflows and for their subsequent optimization. They are particularly suitable for training new employees. The article on the example shows the possibility of their use in the work of the SOC (Security Operation Center).

back  Back...

Contact us

TATE International s.r.o.
Hořejší nábřeží 21, 150 00 Praha 5

phone  Phone: +420 737 215 220
email  E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 
 
Back to top