YEAR: 2019 | ISSUE: 4 | PUBLISHED: 10.12.2019
These articles were subject to peer-to-peer review.
Click on headline to see more about article
Interview with Jeffrey Bardin
JJeffrey Bardin is the executive director and chief intelligence officer at Treadstone71. As a leading expert in both intelligence and cybersecurity, we asked him about cyber threat intelligence, what it means to be an intelligence officer in the private sector and captured his view of the progress cyber security made since its beginning.
DSM | page 7
Wireless M-Bus: who is aware you’re doing the laundry?
This paper deals with smart metering based on Wireless M-Bus protocol. It highlights the requirements listed in GDPR and analyses risks for data subjects. Finally, the author provides recommendations for legitimate data processing.
DSM | page 13
PKI in cryptographic key management system – Part II.
In the second part of this miniseries describing PKI as a part of the central key management system we show the architecture of the typical CKMS for the asymmetric keys, its functional blocks, processes, requirements and existing standards used for building CKMS. The architecture is focused on the ability to manage large number of different keys and ability to make transition between services and PKI providers rapidly, with low risk of failure, and without negatively impacting the operation. At the end, the article summarizes actual challenges associated with CKMS and gives recommendations for organisations striving for flexibility in the governance of asymmetric keys.
DSM | page 18
Utilizing DevOps culture within the Citizen Portal
The author describes the solution of the Citizen Portal from the development and operation point of view. This point of view reflects the current trends of the DevOps culture. At the same time, it describes how security is implemented in a project that is agile from the very beginning and where any change in SW implementation or infrastructure is welcome.
DSM | page 23
Incident management in compliance with valid legislation – Part II.
The article focuses on how current legislation in the Czech Republic interferes with the incident management process. The relevant legislative requirements in the area of payment services and GDPR are described, including their application in the incident management process. Readers thus may check whether their incident management process is appropriately set up or how to adapt the process to suit the legislation that applies to them.
DSM | page 26
Testing the blockchain solutions
Jakub Jedlinský, Kryštof Jelínek
The paper concerns with the usability of today's blockchain solutions. It distinguishes between corporate DLTs and public DLTs. Results of user testing of four applications built on public blockchains are also presented. From these results, it draws more general conclusions about the readiness of such solutions.
DSM | page 32
DevOps – Part VI.
This article extends the topic of information security in the context of DevOps and follows the previous article V. It explains concept of continuous security, discusses relationship between security and infrastructure in context of cloud computing and describes all necessary changes to be done at technology, process and company culture levels. The article also explains concept of leadership and the key success factor for SecDevOps. Finally, it illustrates a practical example of involvement particular security methods and practices into DevOps lifecycle and discusses the benefits of integrated security in DevOps and vice-versa.
DSM | page 39
The new communication network for an Internet of Everything based system for the papal Basilica and Sacred Convent of Saint Francis in Assisi
The article describes the implementation of a new communication network in a unique environment, which is the Basilica of St. Francis in Assisi, Italy. New approaches such as Internet of Everything (IoE), Integrated Multidisciplinary Model for Security and Safety Management (IMMSSM), Genetic Algorithms (Gas) and Building Information Modelling (BIM) were used for the project. The methods described are generally applicable at any similar location.
DSM | page 44
Bluff and confuse your opponent: how to gain a tactical advantage by changing your cyber terrain
PR Fidelis Cybersecurity
DSM | page 44