YEAR: 2018 | ISSUE: 1 | PUBLISHED: 28.7.2018
These articles were subject to peer-to-peer review.
Interview with Denis Moreau
Denis Moreau is currently a Senior Engineering Architect at VMware working on leveraging application and platform con-text to realize highly resilient, scale-able and adaptive security and compliance in clouds and software defined data cen-ters. Prior to joining VMware he worked as Senior Technology Strategist at RSA specializing in utility computing security, advanced threat technologies and trust modeling. In this issue we will be talking about cloud, its development and its impact on complaince, in the next issue we will then finish up the discussion with talks about possibilities and the future of virtualization and its potential use in new approaches to cyber security.
DSM | page 6
Information Classification in corporate environment
Matej Kačic, Maroš Barabas, Hana Vystavělová
This article presents real findings based on the implementation of information classification, its connection to safety standards, and requirements set by the Cybersecurity Act and the GDPR regulations. We shall focus on the benefits the classification of information brings, if applied during the process of building security in the enterprise environ-ment and on the subsequent implementation of security technologies used for detection and prevention of information leaks and security monitoring. Number of examples will be listed where correct implementation of classification was applied and we will show you how a suitable tool increases security awareness and enforceability of the classification process in the company environment.
DSM | page 12
How to risk - We cannot escape the risk management – Part II.
Benefits and pitfalls of risk management, tips on how to deal with it to benefit the organization.
DSM | page 18
Payment Service Providers According to the PSD 1 and PSD 2
The paper describes two main milesrones of the Payment Systems Legislation – PSD 1 and PSD 2. Two different Directives but at the same time so alike. The Czech transposition of PSD 2 came into force by the brand new Act on Payments on the 13th January 2018. PSD 2 replaced PSD 1.
DSM | page 21
Slovak Electronic Identity Card (eID) – Present – Part II.
Post-implementation phases of the eID cards applies in general regardless of geographical boarders. It’s beneficial to learn from the practice of other countries and pragmatically avoid negative empirical experience whenever possible. Slovakia is heading towards completion of saturation phase and level of penetration of the eID cards among citizens in combination with amendment of law on anti-money laudering open the door to broad acceptance in the private sector too. Single digital market of the EU fully counts on national electronic identity schemes viewed as pillars for establishing strong security level of proving identity by electronic means. Life brings unimaginable situations – the case of the ROCA only confirmed that archi-tectonic decision to implement EAC mechanism was rational. Thanks to that, we have avoided any impact on the security and trustworthiness of the identification and authentication by eID card. Moreover, we can utilize the unique properties of the EAC mechanism for generating safe key-pairs remotely. The next expected evolution step is introduction of the mobile eID solution.
DSM | page 26
How to deploy cloud services securely - Part II.
The second part of the cloud security serial describes security risks that cloud services must deal with. The article includes also the summary of security benefits that the use of cloud service brings.
DSM | page 31
Introduction of SOC and its evolution to the present day
Nik Černomorský, Martin Fojtík, Jan Seidl
Purpose of this article is to describe the basic concept of the SOC (Security Operations Center) and briefly introduce the gradual development of this area. The various stages of development are marked by the relevant SOC generations, with an emphasis on differences between generations and their relationship to security trends. In particular, it is about changing the concept of dealing with security incidents from reactive to proactive in relation to the progress of data analytics deve-lopment, behavioral analysis, or the introduction of predictive models.
DSM | page 35
Analysis of job offers for SOC Analyst positions
Today is a lot of writing and talking about the SOC (Security Operation Center) – but it remains a question of what to look for in the preparation of SOC staff. The answer to this question is being sought through the job analytics survey as “Security Analyst SOC”. The article proceeds from the search of a reputable authority response through a self-investigation through the analysis of 30 job offers to determine the hypotheses, where the development of the requirements for the preparation of this profession will take.
DSM | page 39
Honeypot as a Service
The HaaS project is based on the idea of forwarding an attack attempt to the central honeypot of the CZ.NIC association. These attacks, whose goal is often to infect a vulnerable endpoint with malware, then end up in a prepared environment where the malware is identified and stored. This approach allows for identification of new malware types and their subsequent analysis. One example of such analysis is discussed in the second part of the article.
DSM | page 45
Students fought for London
The history of the Czech Secondary school cyber security competition began in the spring of 2016. The first participation of the Czech cybersecurity team at the European final took place in October 2017 in Malaga, Spain. The competition has become highly visible part of the support of the young generation for the multidisciplinary area of cyber and information security. The interest of the students in studying the field of Cyber Security at two pilot schools in the Czech Republic (Secondary Technical School in Smíchov, Prague, and Secondary School of Informatics, Post and Finance in Brno) is much higher than the capacity of the schools.
DSM | page 49