Security

The contribution deals with the issue of implementation of Business Continuity Planning. The methodology helps to maintain business continuity in the event of crisis situations. Inter alia, the paper is based on information and experience from the International Business Continuity Summer School.

Today’s times are presented with continually increasing number of both external and internal attempts to attack computers and computer networks. These attacks have typically common aim – to obtain sensitive data and misuse the subjugated computer for other attacks. Most of these attacks are targeted to state administration and municipal government, security organs, financial sector, health-care, industrial enterprises and radio telecommunication. With respect of this situation it is absolutely necessary to protect computers, computer networks and especially data which are saved within against such attacks, especially against unauthorized access. Carefully selected technologies must fulfill not only security requirements but also high requirements for operational endurance and possibility to solve crisis situations which can occur. There are already modern technologies which can fulfill such requirements. Basically we can speak about combination of implementation of solutions based on hardware, software, associated services and necessary procedures.

Current appearance and incidence of new global threat’s domains and their operation asks new approaches in the processes, serving to the investigation, assessment, and abating of these threats within their life cycles. Here the dependence of risk rate at real time in the operation need defined environment as event principal domain (others fundamental domains can be e.g. the nature, real time, real space, crime scene, religion fundamentalisms, informational media, social nets, societies, politics, global economy, etc.). This situation indicates the problem priorities of never-ending investigative security research, forensic engineering practice and crisis/emergency management. They must develop, implement and use more exact and predictable quantitative and qualitative rational indicators of crime domains, participants and actors behaviour aiming to their situation awareness and more effective rating technologies. Such the behaviour needs new capabilities not only control/regulation/executive processes, systems, persons and organizations, but even rating technologies and procedures. New behaviour of relevant entities in human corporations needs new approaches within rating, assessment and evaluation of the threats, hazards, perils, dangers, risks and feedback incidence. This paper outlines functions and processes performance of the FRs and their management at Terror Threats Life Cycles, which aim is exact risk rating. Here are displayed new approaches and mathematical dependences of the operational algorithm process characteristics and actor’s behaviour at the crisis interfaces of terror performed scene. It can contribute to more exact and objective providing of forensics services. It helps to clarification and to recognizing the roles of others process actors in the future. Risk rating modelling at Threat Life Cycles needs live PowerPoint presentation; which will be dramatized in Prague.

Information System of Data Boxes (ISDS) is a new way of communication. It is more and more important that we as users can protect our personal data. Data boxes deserve the protection of similar level as in internet banking. The right tool for you is "Secure Key", which is a combination of digital certificates PostSignum and safe storage represented by USB token.

Preventing exposure to risks managerial decision making requires creating polices that establish processes management data creating, extraction, transformation and loading into DW and final data evaluation, including functional audit.

There is no doubt about the need of identification and assessment of crisis risks for preparation of crisis plans. The risk analysis is stipulated by valid legislation. But how can we practically carry it out the best way? How do we not stick to intuition? How do we not entangle ourselves in the problem and sink in details, parameters and numerical values the interpretation of which in practice is questionable? How can we orient ourselves in tens of various methods and products for risk analysis the majority of which is suitable for the given purpose? The author offers an undemanding but effective solution based on the FRAP methodology applied in information systems which create elements of a critical infrastructure.

With usage of the Internet the vulnerability of a company’s network keep growing because the two most common vulnerabilities exploited are software defects and configuration errors.
Are you sure that all your workstations and servers have the latest security updates, that all your workstations still have the settings according to the company local security policy and your users don’t run not approved applications? What about your offline VM images? And the most important of all, can you prove this is the case? What happens when you have an audit?

Patch management deal with balancing the risk of a security breach with the cost and disruption risk associated with the frequent and rapid deployment of software updates or system configuration changes. This in combination with integrated antivirus + antispyware providing powerful and certified protection against today’s highly complex viruses, Trojans and malware.


Configure local security policies deal with the management of critical security configurations, vulnerability identification, meeting compliance objectives with emerging regulations, lower the costs and reduce the risk of exposure.

The presentation will deal with vulnerability management helping organizations to meet their compliance objectives, automate the process, lower their costs and reduce their risk of exposure.

There are two looks on audit of DRP. The first one means audit of DRP documents/documentation, another one stands for appraisal of process generated by that doc.
We told over DRP as document in previous conferences. Its audit is pointed to existence (range, content) and applicability in crisis situation. The first is, the DRP must be useful and must generate sentence of paces for mitigation of damages. DRP as operation is audited by controlled disputation (test bed) or by training situation. Anyway, we don’t talk of audit, but of action assessment after real disaster run over.
Sentence of paces “what – by what (scenario) – how – anticipated results – factual results – auditor’s assessment” is discussed. It is told about particular activities based on standards/norms, criteriae audit will be processed by and best practices as well.

Safety of citizens in the spirit of the South Town project "Safe South Town" is one of the main pillars of the City District of Prague 11. Therefore, various security branches respond to the current security situation in the territory. An important element of all these activities is on the one hand, proactive type of management as an essential element to minimize potential risks. On the other hand, it can already point to specific projects towards all citizens. One of these projects to promote the security situation as such is represented by "The Security Map of the District of Prague 11". It is a visual representation of risk points in the district. Its form is in cooperation with many stakeholders, including citizens enjoy an most risky sites with an emphasis on security as a whole.

The visual appearance of the security map of the District of Prague 11 is solved by using a geographic information system MISYS, which works with networked graphics and descriptive information. Supporting layer consists of various graphical material (eg, cadastral map, technical map, orthophotomaps, land-use plan, etc.) for the whole of the capital city of Prague. The elements of the security map are drawn in a notepad drawing. This allows by a simple draw basic graphic elements (which are points, marked symbols, text, lines and surfaces) above any combination of vector and raster graphic work.

Part of the contents of the security map of the District of Prague 11, is the basic information on individual areas of crime and other security risks. Individual map sheets represent the underlying concrete base map layers tailored to specific focus areas such as transport, crime, an overview of the security services, CCTV systems, social issues, practical information for citizens, etc. These individual focus areas, contain the specific sub-areas focused on a corresponding security and the problem area (hazardous traffic, dangerous crossings, illegal tipping (fly tipping), the problem of housing and non-residential buildings, the presence of homeless people, the risk of fires, vandalism, etc.).

The project of security maps has already been briefly introduced at a press conference at the premises of the Prague City Hall under the name "Safe South Town". At this moment the City District of Prague 11 is the only district, which this project to such a depth and quality deals.

Virtualization, consolidation and cloud computing: these are the current trends, providing cost reduction and flexibility in IT operations.
However, how you could make sure to protect your information, manage access to them, assure compliance in such environments "without boarders"? And how could you even discover, where are your sensitive data located?
RSA Security provides solutions in areas of encryption, secure authetication, identity protection, security monitoring (SIEM) and discovery and protection of sensitive data (DLP, Data Loss Prevention).

A family of international standards ISO/IEC 27000 is widely used for information security management system (ISMS) development since it is based on the best practices approach. There are no doubts about quality and efficiency of ISMS based on ISO/IEC 27000. Although ISO/IEC 27000 covers all aspects of information security, management and security analysts find opportunities for ISMS improvement.
ISMS improvement can be achieved by adopting of specific approaches from ISO/IEC 20000 (Information technology – Service management) and EN ISO 9001 (Quality management systems) standards. In this paper, areas from these standards will be identified. Practical application will be demonstrated on the examples.

Users are ranked amongst elements that bring a great deal of indispensable threats and vulnerabilities into information systems of organizations. We experience a lot of serious incidents caused by users in our every day practice. These incidents can bring many adverse effects for organizational economics or its good-will.

In the following presentation, I will try to outline a few typical user profiles with accent on some specific features of their behavior.
Consequently I will talk about actual possibilities in managing resulting IT security risks through properly selected security countermeasures which can be implemented in the organizational environment.