Main topic: Active approach to security education, prevention, GDPR experience, security certification, ...
YEAR: 2018 | ISSUE: 3 | PUBLISHED: 28.9.2018
These articles were subject to peer-to-peer review.
Interview with Denis Moreau
Adam Lamser
In the last issue we talked with Denis Moreau, Senior Engineering Architect at VMware, about cloud, its development and impact on compliance. We will now continue the discussion with talks about possibilities and the future of virtualization, its potential use in new approaches to cyber security and we will tackle the topic of emerging challenges and how to prepare for them.
DSM | page 6
Cookies and data protection
Jaroslav Tajbr, Petra Věžníková
Discussion and reflections on GDPR have already resounded in the public space for some time. This European regulation raised an unexpected wave of interest and criticism of the professional (and often also lay) public. It cannot be denied that this regulation helped raise awareness of personal data protection and privacy as such. However, the European Union has not yet said the last word in this respect. One of the other acts which will strongly affect legal regulation in the sphere of privacy protection is the forthcoming ePrivacy regulation. This text focuses on one of its aspects, namely cookies and their impact on privacy.
DSM | page 11
How to deploy cloud services securely – Part III.
Michal Wojnar, Martin Zbořil
The third part of the cloud security serial is a case study describing qualitative risk assessment performed by the financial services company prior to cloud service implementation. In particular, the article includes also the summary of all risks and their evaluation identified during the assessment.
DSM | page 17
Security aspects of Industry 4.0
Vladimír Smejkal
Industry 4.0 is associated with many optimistic visions. Because of its impact on human society, security is a very important aspect of the realization of visions that we call Industrial 4.0, Company 4.0, Smart City with Smart House and Smart Transport etc. Systems that are part of Industry 4.0 (ICS/SCADA/DCS) are historically more vulnerable than traditional ICT systems. And other visions related to the growing presence of artificial intelligence in these areas will require even greater caution.
DSM | page 22
Slovak Electronic Identity Card (eID) – Part III.
Peter Handzuš
It is the right time for evolution from current eID cards to mobile eIDs, which will significantly increase comfort of the user and overall usage of electronic services. There are various approaches and innovative solutions addressing this topic. Besides fo-llowing its own criteria, governments should take into consideration also requirements of the commercial sector that objectively and timely correlate and thus can lead to synergic effect resulting in prompt adoption. Currently forming trends show that mobile devices have the potential to completely substitute not only eID card, but also other types of identity documents in the future so we can have them always close at hand and which are accepted in the electronic as well as the physical world internationally.
DSM | page 29
Classifications are not the same
Michal Wojnar
The article describes different types of classification relevant to information security. Its main objective is to compare nuances between each classifications and define whether in the given context, information or data classification is an appropriate term.
DSM | page 35
DevOps – Part I.
Vladimír Kufner
This article is the first part of the longer series about DevOps phenomena. It summarizes reasons for origin, history, trends, expectations and basic concepts. It compares DevOps with traditional methods of managing IT.
DSM | page 38
Certification of software products for qualified electronic signature and seal in Slovakia
Karol Pokryvka
The article is dedicated to the topic of certification of software products for qualified electronic signature and seal, per-forming audit, methodology, legislative requirements and changes that were brought to this area by EU Regulation no. 910/2014 (eIDAS) and Act no. 272/2016 Z. z. about confidential services.
DSM | page 44
„Next-Gen“ antiviruses – Part I..
David Pecl
The first part of the Next-Gen antivirus software series introduces the current state of antivirus software and describes the princi-ples of detection of both common and Next-Gen antivirus software. It also provides information about the features that each current adequate antivirus software should have.
DSM | page 48
ATMs‘ security
Lukáš Antal, Stanislav Klubal
ATMs are basically just computers running on Windows OS with specialized peripheral hardware. This makes them suscep-tible to different attacks, mainly the money jackpotting attack that empties ATM's safe and gives all the money to the attacker. During the past few years, our experts performed numerous penetration tests of ATMs and verified, that none of the tested ATMs was resistant against this attack.
DSM | page 54
Phone: +420 257 920 319
Mobil: +420 737 215 219
E-mail: