Main topic: Cloud, Incident management, Classification of Information, Risk management, ...
YEAR: 2018 | ISSUE: 1 | PUBLISHED: 12.4.2018 These articles were subject to peer-to-peer review.
Interview with Vladimír Matouš
Eva Racková
In this issue, we looked into the internal IT kitchen of Tatrabanka and we talked to Vladimír Matouš, who has been acting as a CIO since February 2010. During the interview, we were focusing on innovations in security field. We also learned how Tatrabanka approaches new regulations and influences the environment in which it operates.
DSM | page 6
How to deploy cloud services securely - Part I. 
Karin Gubalová
The first part of the series focuses on general principles that will enable implementing of the cloud service and concurrently, taking into account the organization's security requirements. The areas of strategy, solution design and human resources are dis-cussed. At the same time, the article highlights some issues that, while they seem obvious, are often neglected in organizations.
DSM | page 10
How to risk - We cannot escape the risk management – Part I. 
Richard Michálek
Benefits and pitfalls of risk management, tips on how to deal with it to benefit the organization.
DSM | page 14
Different incidents require different approaches 
Zuzana Duračinská, Pavel Bašta, Martin Kunc
The article is describing incident handling process from the prospective of National cyber security team CSIRT.CZ. In the beginning general description of reported incidents from third parties is described. It is followed by two specific cases where neutral position of the team was used to solve the incidents which had number of other implications.
DSM | page 18
Cyber Education Survey 
Martin Zbořil
PricewaterhouseCoopers performed in cooperation with TATE International a research on cyber awareness level of employees in Czech organizations. The research also focuses on techniques of security trainings and relation between the cyber awareness and performed training. This article brings a summary of interesting results.
DSM | page 21
Endpoint Detection and Response (EDR) 
Pavel Krátký
In the fight with modern sophisticated threats a new proactive approach is needed. Today’s EPP (Endpoint Protection Platform) technologies used to protect endpoints, using preventive approach, are necessary, but not always funcional. Constantly evolving threat landscape fueled rise of new defense model, so called „Endpoint Detection and Response“ (EDR). This model is fundamentaly different from EPP and adds another advanced security layer, which goal is to detect, identify and target threats, based on behavioral analysis.
DSM | page 24
PSD2 
Petr Budiš
At the beginning of this year, Directive EU on payment services in the Internal market (PSD2) began to apply. Its aim is to introdu-ce a new model of communication between the bank and its clients, which brings about the emergence of so-called third parties. They get permission to access bank accounts via the Internet. The Czech Banking Association has facilitated the creation of a common standard for open banking. Through the data interface of banks, the third parties will provide banking services to clients with the primary responsibility for settling payments remaining on the client's bank. If the bank performs the implementa-tion of both the data interface and the security concept correctly, the whole system will operate safely. Therefore, it is necessary to pay close attention to security, especially communication. Banks need to know who allows access to their systems.
DSM | page 28