Wyniki wyszukiwania - BazTech

1

Podmioty zaangażowane w politykę zapewnienia bezpieczeństwa sieci i systemów informatycznych w świetle dyrektywy NIS 2 (cz. 2)

Chałubińska-Jentkiewicz Katarzyna, Nowikowska Monika

Cybersecurity and Law

|

2024

|

Vol. 12 (2)

5--24

PL

14 grudnia 2022 roku ustawodawca unijny przyjął dyrektywę w sprawie środków na rzecz wysokiego wspólnego poziomu cyberbezpieczeństwa na terytorium Unii (dyrektywa NIS 2). Celem NIS 2 było ustanowienie mechanizmów skutecznej współpracy między odpowiedzialnymi organami w poszczególnych państwach członkowskich oraz aktualizacja listy sektorów i działań podlegających obowiązkom w zakresie cyberbezpieczeństwa. W artykule dokonano analizy podmiotów działających na rzecz zapewnienia bezpieczeństwa sieci i systemów informatycznych w świetle dyrektywy NIS 2. W pierwszej części artykułu („Cybercecurity and Law” 2024, nr 1) omówiono podmioty kluczowe, krytyczne i ważne, rejestr nazw domen najwyższego poziomu oraz dostawców usług DNS. W części drugiej autorki analizują takie podmioty, jak: organy właściwe ds. cyberbezpieczeństwa, pojedynczy punkt kontaktowy, zespoły reagowania na incydenty komputerowe (CSIRT), sektorowe zespoły cyberbezpieczeństwa, właściwy organ odpowiedzialny za zarządzanie incydentami i zarządzanie kryzysowe w cyberbezpieczeństwie, Europejska Sieć Organizacji Łącznikowych do spraw Kryzysów Cyberbezpieczeństwa (EU-CyCLONe), Grupa Współpracy, Agencja Unii Europejskiej ds. Bezpieczeństwa Sieci ENISA.

EN

On December 14, 2022, the EU legislator adopted a directive on measures for a high common level of cybersecurity in the territory of the Union, called the NIS 2 directive. The aim of the new NIS 2 directive was to establish mechanisms for effective cooperation between responsible authorities in the various Member States and to update the list of sectors and activities subject to cybersecurity obligations. The article reviews the entities involved in the policy of ensuring the security of network and IT systems in the light of the NIS 2 directive. In the 1st part of the article, published in „Cybercecurity and Law” 2024, no. 1. 11, the following entities are discussed: key entities, critical entities, registry of top-level domain names and DNS service providers, important entities. In part 2, the authors analyze entities such as the point of single contact, computer emergency response teams (CSIRTs), Cooperation Group, European Union Agency for Network Security.

2

Cybersecurity : choosen aspects

Pilarski Grzegorz

Wiedza Obronna

|

2022

|

nr 2

175--193

EN

In the era of contemporary cyber threats, there is an urgent need to provide cybersecurity in almost every public institution as well as in business. Particular emphasis should be put on institutions which are responsible for ensuring national security. A specific case is a military organization where cybersecurity should be provided during peace, crisis and war. In this article the author presented selected problems related to providing cyber security in a military organization and proposed appropriate solutions to the indicated aspects.

3

Tightening tax policy and changes to tax efficiency on the example of companies listed on the Warsaw Stock Exchange

Kowalski Michał J., Nesterak Janusz

Managerial Economics

|

2022

|

Vol. 23, no. 2

153--170

EN

The article presents an analysis of changes in the tax efficiency of companies listed on the Warsaw Stock Exchange. After 2017, some changes to the tax law aimed at tightening the regulations on an unprecedented scale were introduced. The research conducted showed that since 2018 there has been a decrease in tax efficiency measured with effective tax rate (ETR) and current effective tax rate (CETR). On average, in 2018–2019, the efficiency measured with CETR dropped by 17.7%, the median by 14.8% compared to the previous years. In 2018 and 2019, the value of the CETR was the highest in the entire analyzed period, i.e. from 2012 to 2019. At the same time, the propensity of companies to create deferred tax assets is declining, and the effective tax rate is also growing. The changes mainly concern companies with average tax efficiency, large entities forming capital groups, and companies implementing capital investments. The article presents a discussion on the observed trends and formulates directions for further research.

4

CERT PSE oraz E-CERT sektorowy elementem cyberbezpieczeństwa dla sektora energetycznego

Sordyl J.

Elektroenergetyka : współczesność i rozwój

|

2018

|

Nr 1(18)

74--78

EN

The analysis of the current situation in the area of development of cyber threats and cyber attack systems suggest that each organisation is a potential target for the attacking cyber criminals or professionals, often supported by foreign governments. We indirectly or directly depend on the management and monitoring systems based on IT solutions. The situation is similar in PSE SA which, due to the special place in provision of the energy safety of Poland, treat the problem of cyber security as a priority. Therefore, it is necessary to assign particular meaning to the proactive actions and protective actions. Especially now, when the development of the equipment for monitoring, management of industrial systems is based e.g. on the exchange of information/data via all kinds of devices, e.g. IIoT (Industrial Internet of Things)1 which are connected to the Internet, cyber threats and cyber security takes on a different meaning, not that applicable to industrial areas. The tasks related to the prevention of cyber threats and incident management in organisations around the world are carried out by specialized IT security cells — the so-called CERT/CSIRT (Computer Emergency Response Team/Computer Security Incident Response Team). Their role is not only to respond to the incidents, but also to prevent and conduct actions among users raising awareness about current cyber threats and the methods of protection against them. These teams are also responsible for establishing broad cooperation in the area of IT security with other CERTs in similar organisations, because only the fast exchange of information is a prerequisite for adequate and appropriate response to the threat. Taking into account the development of the situation in the surrounding space in PSE, it was decided to set up a CERT team whose tasks are focused on ensuring the proper and effective response to IT incidents. At the same time, due to the real threats to IT systems and their dependent critical infrastructure, steps have been taken to strengthen the cooperation in the energy sector. This initiative aims at creating a dedicated team for the entire energy sector i.e. E-CERT, based on CERT of PSE.

5

The methodology for detecting and managing the abuse of IT systems

Ryba M., Sulwiński J., Poniewierski A.

Computer Science

|

2008

|

Vol. 9

121-136

EN

This paper focuses on the processes of dealing with security breaches which are becoming one of the most pressing problems in every organization whose systems are connected to the global web. The study presents the most widely used methodologies which were designed in order to detect and react to security violations in a systematic and efficient way. Based on presented methodologies, announced and supported by such credible organizations as SANS, NIST, CERT® or ISO, authors present their own methodology. It takes into account selected aspects of these methodologies, with the purpose of creation a systematic and coherent approach to the process of detecting and reacting to abuses in IT systems.

PL

Niniejsza praca prezentuje aspekty związane z procesem reakcji na incydenty bezpieczeństwa, które stają się jednym z najbardziej dotkliwych problemów każdej organizacji, której systemy informatyczne są połączone z siecią Internet. Autorzy przedstawiają najpopularniejsze metodyki wykrywania i reakcji na incydenty bezpieczeństwa, opracowane i wspierane przez takie uznane i poważane organizacje jak SANS, NIST, CERTŽ czy ISO. Następnie autorzy prezentują swoją własną metodykę, która integruje wybrane elementy przedstawionych rozwiązań w kompletne i spójne podejście do detekcji i reakcji na incydenty bezpieczeństwa.