YEAR: 2019 | ISSUE: 3 | PUBLISHED: 24.9.2019
These articles were subject to peer-to-peer review.
Click on headline to see more about article
Interview with Robert Bigman
Robert Bigman, who has worked for Central Intelligence Agency (CIA) for numerous years, told us about the specifics of the job. He shared the risk management approach of the agency and outlined the types of incidents he had to solve during his career. Mr. Bigman explained how a true improvement in cyber security is hard to achieve without going through a previous failure and expressed his opinion on the Huawei case.
DSM | page 6
Incident management in compliance with valid legislation – Part I.
The miniseries focuses on how current legislation in the Czech Republic interferes with the incident management process. A general description of the security inci-dent management process as well as the relevant legislative requirements of selected essential laws (cyber security act in this part), including the affected parts of the process and the way of applying the legislation, is given. Readers thus may check whether their incident management process is appropriately set up or learn how to adapt the process to suit the legislation that applies to them.
DSM | page 12
PKI in cryptographic key management system – Part I.
The article (as the first part of a miniseries) focuses on the public key infrastructure as the one of the services used in an organisation. It finds motivational aspects for engaging the asymmetric key management system and discusses its involvement as the possible way for improving flexibility and agility of the organisation in the field of asymmetric key management. The system is also discussed as a tool for coping with diversity of processes of various PKI providers.
DSM | page 18
How to deal with risks – Part IV.
This article – a fourth instalment in a risk management miniseries – describes the main types of financial risks in banks and non-financial companies, their magnitude, management and measurement methods and related pitfalls.
DSM | page 23
Interview with Ján Uriga
We questioned Ján Uriga, who is a behavioural psychologist focuses on business field, about the relationship between cyber security and psychology. He explained why it is convenient to have a person knowledgeable about behavioural sciences in any team. The recognition of va-lue of information – a core of any business activity – was discussed, including practical example from client environment. Finally, Mr. Uriga explained the concept of PwC Experience Center he is in charge of.
DSM | page 28
In the article the author provides an overview of the Czech legislation on open data. In the introduction the author describes the term open data, which he later puts into the context of Czech legislation, mainly the Act On Free Access to Information and Copyright Act – in particular when published data are subject to copyright as an author’s work or a database. He also mentions some major changes brought by General Data Protection Regulation (GDPR) to open data regulation. Furthermore the author provides some examples of Czech projects using open data.
DSM | page 32
DevOps – Part V.
This article (part of DevOps miniseries) is focused on security within DevOps („DevSecOps“). It points out specific vulnerabilities and possible threats, as well as key challenges that DevOps brings to the IT security. The text also discusses how DevOps influences other areas, and describes potential impact in case security within DevOps is not kept under control. In the final part, recommended principles and methods are examined.
DSM | page 36
Czech Telecommunication Office on its way to the 21st century
The article summarises development in the field of the telecommunications and role of the independent regulatory body, which changed significantly during the past decades. The office which used to be accountable for the number phone boots is now preparing the 5G frequency auction. The second half of the article is focused on the current key activities of the Czech Telecommunication Office.
DSM | page 42