{"id":2768,"date":"2015-08-05T09:05:12","date_gmt":"2015-08-05T07:05:12","guid":{"rendered":"http:\/\/preventista.sk\/info\/?p=2768"},"modified":"2015-08-05T09:06:58","modified_gmt":"2015-08-05T07:06:58","slug":"outsourcing-informacnych-technologii-a-bezpecnost","status":"publish","type":"post","link":"https:\/\/preventista.sk\/info\/outsourcing-informacnych-technologii-a-bezpecnost\/","title":{"rendered":"Outsourcing informa\u010dn\u00fdch technol\u00f3gi\u00ed a bezpe\u010dnos\u0165"},"content":{"rendered":"<p><strong>In\u0161tit\u00facie verejnej spr\u00e1vy podobne ako firmy a organiz\u00e1cie zo s\u00fakromn\u00e9ho sektora vyu\u017e\u00edvaj\u00fa outsourcing ako jednu zo strat\u00e9gi\u00ed boja s ch\u00fdbaj\u00facimi profesion\u00e1lmi a\u00a0nedostatkom finan\u010dn\u00fdch prostriedkov pre\u00a0oblas\u0165 informa\u010dn\u00fdch a\u00a0komunika\u010dn\u00fdch technol\u00f3gi\u00ed. Je ale n\u00e1kup IT slu\u017eieb pre zabezpe\u010denie kritick\u00fdch procesov a\u00a0bezpe\u010dnosti organiz\u00e1cie u\u00a0dod\u00e1vate\u013ea v\u017edy spr\u00e1vnou vo\u013ebou? <\/strong><\/p>\n<p>Outsourcing je v\u00a0s\u00fa\u010dasnosti ob\u013e\u00faben\u00fdm sp\u00f4sobom optimaliz\u00e1cie n\u00e1kladov prostredn\u00edctvom n\u00e1kupu slu\u017eieb, ktor\u00fdmi sa zabezpe\u010duj\u00fa \u010dinnosti nepredstavuj\u00face hlavn\u00fa \u010dinnos\u0165 organiz\u00e1cie. Existuje mno\u017estvo funkci\u00ed, ktor\u00e9 je mo\u017en\u00e9 zabezpe\u010di\u0165 outsourcingom. Organiz\u00e1cia m\u00f4\u017ee tak\u00fdmto sp\u00f4sobom obstar\u00e1va\u0165 slu\u017eby personalistiky, dopravy, upratovacie slu\u017eby, ale aj IT slu\u017eby a\u00a0infra\u0161trukt\u00faru. Napriek tomu, \u017ee vyu\u017e\u00edvanie outsourcingu m\u00f4\u017ee by\u0165 ve\u013emi v\u00fdhodn\u00e9, m\u00f4\u017ee so sebou prinies\u0165 aj mno\u017estvo netrivi\u00e1lnych riz\u00edk.<\/p>\n<p>Predov\u0161etk\u00fdm nadmern\u00e9 outsourcovanie IT slu\u017eieb \u010di zabezpe\u010dovanie informa\u010dnej bezpe\u010dnosti t\u00fdmto sp\u00f4sobom m\u00f4\u017ee pre organiz\u00e1ciu predstavova\u0165 nov\u00fa hrozbu. Odhliadnuc od nutnosti umo\u017enenia pr\u00edstupu k\u00a0citliv\u00fdm a\u00a0d\u00f4le\u017eit\u00fdm inform\u00e1ci\u00e1m organiz\u00e1cie tretej strane.<\/p>\n<p>Ide o\u00a0hrozbu zvn\u00fatra organiz\u00e1cie, preto\u017ee dod\u00e1vate\u013e sa de\u00a0facto st\u00e1va s\u00fa\u010das\u0165ou organiza\u010dnej \u0161trukt\u00fary. Je preto potrebn\u00e9 vykon\u00e1va\u0165 anal\u00fdzu riz\u00edk spojen\u00fdch s\u00a0dod\u00e1vate\u013emi a\u00a0implementova\u0165 opatrenia na ich minimaliz\u00e1ciu. Predov\u0161etk\u00fdm umo\u017eni\u0165 pr\u00edstup len k\u00a0tak\u00fdm inform\u00e1ci\u00e1m, ktor\u00e9 dod\u00e1vate\u013e nevyhnutne potrebuje na vykon\u00e1vanie obstaran\u00fdch \u010dinnost\u00ed a\u00a0vykon\u00e1va\u0165 ich monitorovanie a\u00a0pravidelne presk\u00famava\u0165 pr\u00edstupov\u00e9 pr\u00e1va na predch\u00e1dzanie bezpe\u010dnostn\u00fdm incidentom, ak\u00fdm je napr. \u00fanik inform\u00e1ci\u00ed.<\/p>\n<p>Hoci je mo\u017en\u00e9 outsourcova\u0165 prev\u00e1dzku organiz\u00e1cie, neznamen\u00e1 to ale zbavenie sa zodpovednosti za chod organiz\u00e1cie a\u00a0ochranu jej dobr\u00e9ho mena prostredn\u00edctvom outsourcovania. T\u00e1 ost\u00e1va v\u017edy na pleciach vedenia.<\/p>\n<p>Outsourcova\u0165 je mo\u017en\u00e9 pou\u017e\u00edvanie a\u00a0prev\u00e1dzku hardv\u00e9ru, softv\u00e9ru alebo aj samotn\u00fdch slu\u017eieb. Typick\u00fdmi pr\u00edkladmi s\u00fa prev\u00e1dzka d\u00e1tov\u00e9ho centra, aplik\u00e1cie, webovej str\u00e1nky a slu\u017eby spojen\u00e9 s\u00a0bezpe\u010dnos\u0165ou. V\u00a0pr\u00edpade outsourcingu bezpe\u010dnosti hovor\u00edme o\u00a0MSS (Managed Security Services), ktor\u00fd predstavuje napr. prev\u00e1dzku firewallov, monitorovanie sie\u0165ovej prev\u00e1dzky, ochranu pred \u0161kodliv\u00fdm k\u00f3dom alebo prev\u00e1dzku virtu\u00e1lnych priv\u00e1tnych siet\u00ed. Existuje viacero d\u00f4vodov, pre\u010do sa organiz\u00e1cia rozhodne pre outsourcing. \u010casto nimi s\u00fa snaha zamera\u0165 sa predov\u0161etk\u00fdm na hlavn\u00fd predmet \u010dinnosti organiz\u00e1cie a\u00a0podporn\u00e9 slu\u017eby outsourcova\u0165, snaha zni\u017eova\u0165 n\u00e1klady, pr\u00edstup k\u00a0\u0161pecializovan\u00fdm znalostiam, schopnostiam a\u00a0zdrojom, z\u00edskanie konkuren\u010dnej v\u00fdhody a pod.<\/p>\n<p>\u00dazke prepojenie medzi poskytovate\u013eom a\u00a0odberate\u013eom outsourcovan\u00fdch slu\u017eieb a\u00a0z\u00e1vislos\u0165 na kvalite t\u00fdchto slu\u017eieb s\u00fa d\u00f4vodom, pre\u010do je potrebn\u00e9 pos\u00fadi\u0165 rizik\u00e1 na technickej, fyzickej \u010di person\u00e1lnej \u00farovni, ktor\u00e9 z\u00a0takejto spolupr\u00e1ce vypl\u00fdvaj\u00fa.<\/p>\n<p>Ke\u010f\u017ee dod\u00e1vate\u013e bude ma\u0165 pr\u00edstup do vn\u00fatra organiz\u00e1cie, z\u00edska tak znalosti o\u00a0zamestnancoch, infra\u0161trukt\u00fare, procesoch, ale aj o\u00a0zranite\u013enostiach v\u00a0syst\u00e9moch a\u00a0opatreniach, ktor\u00e9 m\u00e1 organiz\u00e1cia implementovan\u00e9. Dod\u00e1vate\u013e m\u00f4\u017ee sprac\u00fava\u0165 a nar\u00e1ba\u0165 s\u00a0citliv\u00fdmi inform\u00e1ciami, informa\u010dn\u00fdmi syst\u00e9mami a\u00a0in\u00fdmi akt\u00edvami, m\u00f4\u017ee ma\u0165 \u00a0pr\u00edstup k\u00a0pou\u017e\u00edvate\u013esk\u00fdm men\u00e1m a\u00a0hesl\u00e1m a\u00a0tak mo\u017enos\u0165 pristupova\u0165 k\u00a0ve\u013emi citliv\u00fdm alebo chr\u00e1nen\u00fdm inform\u00e1ci\u00e1m. K\u00a0tak\u00fdmto inform\u00e1ci\u00e1m m\u00f4\u017eu patri\u0165 finan\u010dn\u00e9 inform\u00e1cie, firemn\u00e9 e-maily v\u00a0pr\u00edpade outsourcovanej spr\u00e1vy emailov\u00e9ho syst\u00e9mu, vyv\u00edjan\u00fd \u0161pecializovan\u00fd softv\u00e9r, obchodn\u00e9 tajomstvo,\u00a0du\u0161evn\u00e9 vlastn\u00edctvo, know-how alebo person\u00e1lne inform\u00e1cie o zamestnancoch. \u00dato\u010dn\u00edci m\u00f4\u017eu ma\u0165 snahu z\u00edska\u0165 tieto inform\u00e1cie a\u00a0pou\u017ei\u0165 ich pre svoj finan\u010dn\u00fd zisk, pr\u00edpadne ich vyu\u017ei\u0165 ako n\u00e1stroje pre \u010fal\u0161ie \u00fatoky, napr. pomocou soci\u00e1lneho in\u017einierstva. V\u00a0kombin\u00e1ci\u00ed so zranite\u013enos\u0165ami v\u00a0n\u00e1strojoch na pr\u00e1cu na dia\u013eku, ktor\u00e9 sa pri IT outsourcingu \u010dasto pou\u017e\u00edvaj\u00fa, star\u00fdmi a nepou\u017e\u00edvan\u00fdmi pou\u017e\u00edvate\u013esk\u00fdmi alebo administr\u00e1torsk\u00fdmi \u00fa\u010dtami a\u00a0ch\u00fdbaj\u00facim alebo nedostato\u010dn\u00fdm logovan\u00edm sa bezpe\u010dnostn\u00e9 rizik\u00e1 nutne zvy\u0161uj\u00fa. Je preto potrebn\u00e9 t\u00fdmto rizik\u00e1m pristupova\u0165 zodpovedne a\u00a0bezpe\u010dnos\u0165 outsourcingu riadi\u0165.<\/p>\n<p><strong>Bezpe\u010dnos\u0165 outsourcingu<\/strong><\/p>\n<p>Pre adekv\u00e1tne zaistenie bezpe\u010dnosti outsourcingu je potrebn\u00e9 ho strategicky pl\u00e1nova\u0165, ke\u010f\u017ee v\u00e4\u010d\u0161inou sa jedn\u00e1 o\u00a0dlhodobej\u0161ie partnerstvo. Pl\u00e1novanie mus\u00ed okrem in\u00e9ho bra\u0165 do \u00favahy bezpe\u010dnostn\u00e9 aspekty, legislat\u00edvne aspekty a\u00a0bezpe\u010dnostn\u00fa politiku organiz\u00e1cie. Organiz\u00e1cia z\u00edskava v\u00fdhodu \u0161etrenia finan\u010dn\u00fdch prostriedkov v\u00fdmenou za stratu plnej kontroly nad vlastn\u00fdmi d\u00e1tami a\u00a0akt\u00edvami. Rovnako pri prenose d\u00e1t medzi odberate\u013eom a\u00a0dod\u00e1vate\u013eom, ktor\u00fd je pre spolupr\u00e1cu potrebn\u00fd, existuje viacero riz\u00edk, ktor\u00e9 je potrebn\u00e9 vzia\u0165 do \u00favahy. \u010casto opom\u00ednanou hrozbou b\u00fdva konflikt z\u00e1ujmov dod\u00e1vate\u013ea. Na jednej strane sa dod\u00e1vate\u013e sna\u017e\u00ed poskytova\u0165 slu\u017eby \u010do najviac ekonomicky, aby maximalizoval svoj zisk. Na druhej strane objedn\u00e1vate\u013e o\u010dak\u00e1va maxim\u00e1lnu kvalitu poskytovan\u00fdch slu\u017eieb, efektivitu a\u00a0\u00fastretov\u00fd pr\u00edstup od dod\u00e1vate\u013ea. Je preto potrebn\u00e9 podp\u00edsa\u0165 dohodu o\u00a0\u00farovni poskytovan\u00fdch slu\u017eieb (SLA \u2013 Service Level Agreement), do ktorej je potrebn\u00e9 zahrn\u00fa\u0165 aj finan\u010dn\u00e9 pokuty za nedodr\u017eanie dohody a\u00a0pr\u00e1vo na odst\u00fapenie od dohody v\u00a0pr\u00edpade, \u017ee nie s\u00fa naplnen\u00e9 jej podmienky. Pri pr\u00edprave zmluvy je potrebn\u00e9 jasne definova\u0165 bezpe\u010dnostn\u00e9 po\u017eiadavky na dod\u00e1van\u00e9 syst\u00e9my a\u00a0slu\u017eby. Ako ukazuje prax, tak \u010dast\u00fdm javom b\u00fdva, \u017ee sa na bezpe\u010dnos\u0165 nemysl\u00ed pri pr\u00edprave zml\u00fav a\u00a0ani po\u010das \u00favodn\u00fdch \u0161t\u00e1di\u00ed v\u00fdvoja syst\u00e9mov. Bezpe\u010dnos\u0165 je \u017eia\u013e a\u017e na konci akosi priliepan\u00e1 a\u00a0netvor\u00ed integr\u00e1lnu s\u00fa\u010das\u0165 projektu. Pri tvoren\u00ed zml\u00fav s\u00a0dod\u00e1vate\u013emi je potrebn\u00e9 myslie\u0165 na platn\u00fa legislat\u00edvu a\u00a0\u0161tandardy, rovnako je potrebn\u00e9 \u0161pecifikova\u0165 rozsah pr\u00edstupu, ktor\u00fd organiz\u00e1ciu dod\u00e1vate\u013eovi umo\u017en\u00ed.<\/p>\n<p><strong>Ako si zodpovedne vybra\u0165 dod\u00e1vate\u013ea a\u00a0ak\u00e9 po\u017eiadavky by mala na nich organiz\u00e1cia kl\u00e1s\u0165?<\/strong><\/p>\n<p>Ve\u013ekos\u0165 dod\u00e1vate\u013ea m\u00f4\u017ee by\u0165 dobr\u00fdm argumentom pre v\u00fdber. Na jednej strane men\u0161ie spolo\u010dnosti maj\u00fa v\u00e4\u010d\u0161ie riziko insolventnosti, na druhej strane tie v\u00e4\u010d\u0161ie maj\u00fa ve\u013ea klientov a\u00a0projektov a\u00a0teda existuje riziko, \u017ee objedn\u00e1vate\u013e nebude pre dod\u00e1vate\u013ea prioritn\u00fdm klientom. Dod\u00e1vate\u013e by mal by\u0165 schopn\u00fd poskytn\u00fa\u0165 referencie na n\u00edm realizovan\u00e9 podobn\u00e9 projekty v\u00a0minulosti. Tu je potrebn\u00e9 myslie\u0165 na to, \u010di nehroz\u00ed konflikt z\u00e1ujmov pri dod\u00e1van\u00ed konkuren\u010dn\u00fdm spolo\u010dnostiam a\u00a0na nez\u00e1vislos\u0165 od ur\u010dit\u00fdch v\u00fdrobcov. Referencie na projekty z\u00a0minulosti je dobr\u00e9 presk\u00fama\u0165 a\u00a0kontaktova\u0165 z\u00e1kazn\u00edkov dod\u00e1vate\u013ea a\u00a0pok\u00fasi\u0165 sa z\u00edska\u0165 inform\u00e1cie o\u00a0kvalite dod\u00e1van\u00fdch slu\u017eieb z\u00a0poh\u013eadu samotn\u00e9ho klienta. Organiza\u010dn\u00e1 forma dod\u00e1vate\u013ea by mala by\u0165 tie\u017e presk\u00faman\u00e1 kv\u00f4li jeho spo\u013eahlivosti. Odpor\u00fa\u010dame tie\u017e preveri\u0165 jeho vlastn\u00edkov, aby bolo mo\u017en\u00e9 vopred odhadn\u00fa\u0165 sf\u00e9ry vplyvu na dod\u00e1vate\u013ea. Dobr\u00fdm argumentov pre v\u00fdber dod\u00e1vate\u013ea je aj jeho certifik\u00e1cia pod\u013ea medzin\u00e1rodne uzn\u00e1van\u00fdch \u0161tandardov ako napr. ISO 9001, ISO 27001, \u010di in\u00fdch. Nemenej d\u00f4le\u017eit\u00e9 s\u00fa po\u017eiadavky na samotn\u00fdch zamestnancov dod\u00e1vate\u013ea. Prvorad\u00e1 by mala by\u0165 ich kvalifik\u00e1cia, ktor\u00fa je potrebn\u00e9 dolo\u017ei\u0165 pr\u00edslu\u0161n\u00fdmi certifik\u00e1tmi a\u00a0sk\u00fasenos\u0165ami s\u00a0projektmi podobn\u00e9ho zamerania ako ten, ktor\u00fd bude implementovan\u00fd. \u00a0Rovnako d\u00f4le\u017eit\u00fd je po\u010det zamestnancov vyhraden\u00fdch pre projekt a\u00a0ich pracovn\u00e1 doba. Je tie\u017e potrebn\u00e9 presk\u00fama\u0165, \u010di dod\u00e1vate\u013e implementoval proces preverovania svojich zamestnancov.<\/p>\n<p>Prijatie rozhodnutia outsourcova\u0165 nejak\u00fa slu\u017ebu alebo cel\u00fd informa\u010dn\u00fd syst\u00e9m \u010dasto podporuje predpoklad \u0161etrenia finan\u010dn\u00fdch prostriedkov. Je ale cena za outsourcing dan\u00e1 len v\u00fd\u0161kou fakt\u00fary od dod\u00e1vate\u013ea? Pred samotn\u00fdm podp\u00edsan\u00edm zmluvy je potrebn\u00e9 spravi\u0165 anal\u00fdzu riz\u00edk a\u00a0pos\u00fadi\u0165, \u010di cena za dodato\u010dn\u00e9 bezpe\u010dnostn\u00e9 rizik\u00e1 a\u00a0implement\u00e1ciu opatren\u00ed na ich zmiernenie nakoniec nepredra\u017e\u00ed projekt. Ke\u010f otvor\u00edme svoju sie\u0165 zamestnancom dod\u00e1vate\u013ea, \u010do je potrebn\u00e9 spravi\u0165 vo vn\u00fatri na\u0161ej organiz\u00e1cie, aby sme adekv\u00e1tne ochr\u00e1nili na\u0161e d\u00e1ta? Dodr\u017eiava dod\u00e1vate\u013e aspo\u0148 tak\u00e9 bezpe\u010dnostn\u00e9 \u0161tandardy ako my? Odpor\u00fa\u010dame\u00a0 pozrie\u0165 sa na akt\u00edva organiz\u00e1cie, ku ktor\u00fdm bud\u00fa ma\u0165 zamestnanci dod\u00e1vate\u013ea pr\u00edstup a\u00a0zhodnoti\u0165, ak\u00e1 je hodnota dan\u00e9ho akt\u00edva a\u00a0ak\u00e9 s\u00fa n\u00e1klady na jeho \u00fadr\u017ebu. Rovnako je potrebn\u00e9 odhadn\u00fa\u0165 rizik\u00e1 s\u00favisiace s\u00a0dan\u00fdm akt\u00edvom a\u00a0n\u00e1klady spojen\u00e9 so zabezpe\u010den\u00edm jeho bezpe\u010dnosti, n\u00e1klady spojen\u00e9 s\u00a0potenci\u00e1lnym naru\u0161en\u00edm jeho bezpe\u010dnosti, jeho funkcie a\u00a0potrebu redundancie dan\u00e9ho akt\u00edva. A\u017e po zar\u00e1tan\u00ed v\u0161etk\u00fdch t\u00fdchto dodato\u010dn\u00fdch n\u00e1kladov je mo\u017en\u00e9 odhadn\u00fa\u0165 re\u00e1lnu cenu outsourcingu.<\/p>\n<p><strong>Outsourcing bezpe\u010dnosti<\/strong><\/p>\n<p>\u010co v\u00a0pr\u00edpade outsourcovania samotnej bezpe\u010dnosti informa\u010dn\u00fdch syst\u00e9mov? Ako u\u017e bolo spomenut\u00e9 vy\u0161\u0161ie, je mo\u017en\u00e9 outsourcova\u0165 dod\u00e1vanie slu\u017eieb a\u00a0produktov na zaistenie informa\u010dnej bezpe\u010dnosti. Nie je v\u0161ak mo\u017en\u00e9 outsourcova\u0165 zodpovednos\u0165 za to, \u017ee bezpe\u010dnostn\u00e9 mechanizmy zlyhaj\u00fa a\u00a0organiz\u00e1cia bude prepieran\u00e1 v\u00a0m\u00e9di\u00e1ch za \u00fanik osobn\u00fdch \u00fadajov \u010di in\u00fdch citliv\u00fdch d\u00e1t a z\u00e1rove\u0148\u00a0jej dobr\u00e9 meno utrp\u00ed nato\u013eko, \u017ee nebude schopn\u00e1 z\u00edskava\u0165 nov\u00fdch z\u00e1kazn\u00edkov a\u00a0udr\u017ea\u0165 si star\u00fdch. Nakoniec bude prin\u00faten\u00e1 z\u00a0trhu od\u00eds\u0165, preto\u017ee nebude schopn\u00e1 konkurencie. Organiz\u00e1cie, ktor\u00e9 maj\u00fa z\u00e1ujem outsourcova\u0165 niektor\u00e9 procesy informa\u010dnej bezpe\u010dnosti si musia by\u0165 vedom\u00e9 potenci\u00e1lnych dopadov.<\/p>\n<p>D\u00f4vodov pre outsourcing niektorej oblasti informa\u010dnej bezpe\u010dnosti m\u00f4\u017ee by\u0165 viacero. Napr\u00edklad\u00a0organiz\u00e1cii m\u00f4\u017ee ch\u00fdba\u0165 kapacita na rie\u0161enie niektor\u00fdch \u0161pecializovan\u00fdch \u00faloh a\u00a0n\u00e1klady na obsadenie takejto poz\u00edcie by za\u0165a\u017eili rozpo\u010det. Ako pr\u00edklad m\u00f4\u017ee sl\u00fa\u017ei\u0165 forenzn\u00e1 anal\u00fdza alebo penetra\u010dn\u00e9 testovanie. Zamestn\u00e1va\u0165 odborn\u00edkov na tieto \u010dinnosti na pln\u00fd \u00fav\u00e4zok by mohlo by\u0165 finan\u010dne ve\u013emi n\u00e1kladn\u00e9, najm\u00e4 preto, \u017ee kybernetick\u00e9 \u00fatoky proti jednej organiz\u00e1cii sa nest\u00e1vaj\u00fa tak \u010dasto, aby sa to organiz\u00e1ci\u00ed oplatilo. V\u00a0tomto pr\u00edpade je vyu\u017eitie outsourcingu dobr\u00fd n\u00e1pad, preto\u017ee dod\u00e1vate\u013e slu\u017eieb pravdepodobne disponuje radom odborn\u00edkov, ktor\u00ed s\u00fa na tieto \u010dinnosti odborne pripraven\u00ed a v\u010faka v\u00e4\u010d\u0161iemu po\u010dtu z\u00e1kazn\u00edkov maj\u00fa mnoho sk\u00fasenost\u00ed, disponuj\u00fa \u0161pecializovan\u00fdm hardv\u00e9rom a\u00a0softv\u00e9rom, n\u00e1strojmi a\u00a0znalos\u0165ami aktu\u00e1lnych zranite\u013enost\u00ed a\u00a0hrozieb. Probl\u00e9mom v\u00a0tomto pr\u00edpade m\u00f4\u017ee by\u0165 schopnos\u0165 pos\u00fadi\u0165 ich znalosti a\u00a0odborn\u00fa sp\u00f4sobilos\u0165, ke\u010f\u017ee v\u00e4\u010d\u0161inou ide o\u00a0vysoko \u0161pecializovan\u00e9 \u010dinnosti. V\u00a0pr\u00edpadoch, ke\u010f je to mo\u017en\u00e9 odpor\u00fa\u010dame vyu\u017e\u00edva\u0165 slu\u017eby in\u00fdch organiz\u00e1ci\u00ed verejnej spr\u00e1vy, ktor\u00e9 s\u00fa na tak\u00fato \u010dinnos\u0165 \u0161pecializovan\u00e9 a\u00a0svoje slu\u017eby poskytuj\u00fa in\u00fdm \u0161t\u00e1tnym in\u0161tit\u00faci\u00e1m bezodplatne.<\/p>\n<p>Pre ak\u00e9 oblasti informa\u010dnej bezpe\u010dnosti u\u017e ale vyu\u017eitie outsourcingu tak\u00fd dobr\u00fd n\u00e1pad nie je? Funkcie spojen\u00e9 s\u00a0riaden\u00edm informa\u010dnej bezpe\u010dnosti (governance), riaden\u00edm riz\u00edk a\u00a0zabezpe\u010den\u00edm s\u00faladu predstavuj\u00fa k\u013e\u00fa\u010dov\u00e9 procesy v\u00a0informa\u010dnej bezpe\u010dnosti. Je preto na mieste ma\u0165 tieto procesy pod kontrolou. Vo v\u0161eobecnosti mo\u017eno poveda\u0165, \u017ee outsourcovanie zlyh\u00e1va v\u00a0t\u00fdch oblastiach informa\u010dnej bezpe\u010dnosti, kde nie je mo\u017en\u00e9 monitorova\u0165 a\u00a0mera\u0165 efektivitu outsourcovan\u00fdch \u010dinnost\u00ed, ale aj v\u00a0pr\u00edpadoch, kedy s\u00fa citliv\u00e9 d\u00e1ta sprac\u00favan\u00e9 mimo kontroly organiz\u00e1cie, a hlavne\u00a0ke\u010f jedin\u00fdm cie\u013eom outsourcingu je \u0161etrenie finan\u010dn\u00fdch prostriedkov \u2013 \u010dasto na \u00fakor kvality poskytovan\u00fdch slu\u017eieb.<\/p>\n<p>K\u00a0jedn\u00fdm z\u00a0najz\u00e1va\u017enej\u0161\u00edch riz\u00edk outsourcingu bezpe\u010dnosti patr\u00ed umo\u017enenie pr\u00edstupu k\u00a0intern\u00fdm \u010di citliv\u00fdm inform\u00e1ci\u00e1m dod\u00e1vate\u013eovi. V\u00a0takejto situ\u00e1cii je potrebn\u00e9 s\u00a0dod\u00e1vate\u013eom uzavrie\u0165 dohodu o\u00a0ml\u010danlivosti, tzv. NDA (non-disclosure agreement), ktor\u00e1 zabr\u00e1ni dod\u00e1vate\u013eovi pou\u017e\u00edva\u0165 inform\u00e1cie in\u00fdm sp\u00f4sobom ako je dohodnut\u00e9. V\u00a0pr\u00edpade \u00faniku inform\u00e1ci\u00ed m\u00f4\u017ee organiz\u00e1cia spravi\u0165 u\u017e len m\u00e1lo. Je preto potrebn\u00e9 pos\u00fadi\u0165 hodnotu inform\u00e1ci\u00ed, ku ktor\u00fdm m\u00e1 dod\u00e1vate\u013e ma\u0165 pr\u00edstup, a\u00a0do NDA zahrn\u00fa\u0165 aj adekv\u00e1tne vysok\u00e9 pokuty za poru\u0161enie tejto dohody.<\/p>\n<p><strong>Opatrenia na zmiernenie riz\u00edk spojen\u00fdch s\u00a0outsourcingom<\/strong><\/p>\n<p>Rizik\u00e1 vypl\u00fdvaj\u00face z\u00a0outsourcingu slu\u017eieb spojen\u00fdch s\u00a0informa\u010dn\u00fdmi a\u00a0komunika\u010dn\u00fdmi technol\u00f3giami a\u00a0ich bezpe\u010dnos\u0165ou je mo\u017en\u00e9 zmierni\u0165 implement\u00e1ciou vhodn\u00fdch bezpe\u010dnostn\u00fdch opatren\u00ed. V\u00fdber t\u00fdchto opatren\u00ed mus\u00ed by\u0165 podporen\u00fd predch\u00e1dzaj\u00facim vykonan\u00edm anal\u00fdzy riz\u00edk. Prv\u00fdm krokom je identifik\u00e1cia, klasifik\u00e1cia a\u00a0ohodnotenie inform\u00e1ci\u00ed, ku ktor\u00fdm bude ma\u0165 dod\u00e1vate\u013e pr\u00edstup. Na predch\u00e1dzanie \u00a0\u00faniku inform\u00e1ci\u00ed je potrebn\u00e9 uzavrie\u0165 NDA, kde bude \u0161pecifikovan\u00e9 trvanie ml\u010danlivosti o\u00a0zisten\u00fdch inform\u00e1ci\u00e1ch \u2013 pri ist\u00fdch typoch inform\u00e1ci\u00ed to m\u00f4\u017ee by\u0165 aj na neur\u010dit\u00fa dobu. V\u00a0NDA je tie\u017e potrebn\u00e9 \u0161pecifikova\u0165 \u010dinnosti po\u017eadovan\u00e9 pri vypr\u0161an\u00ed lehoty ml\u010danlivosti, zodpovednosti dod\u00e1vate\u013ea a\u00a0\u010dinnosti, ktor\u00e9 mus\u00ed vykon\u00e1va\u0165 pre ochranu inform\u00e1ci\u00ed, vyjasni\u0165 si vlastn\u00edctvo inform\u00e1ci\u00ed, obchodn\u00e9ho tajomstva a\u00a0du\u0161evn\u00e9ho vlastn\u00edctva v\u00a0s\u00favislosti s\u00a0ochranou t\u00fdchto inform\u00e1ci\u00ed a\u00a0\u00fakony, ktor\u00e9 s\u00fa dod\u00e1vate\u013eovi povolen\u00e9 so spr\u00edstupnen\u00fdmi inform\u00e1ciami vykon\u00e1va\u0165. \u00da\u010dinn\u00fdm n\u00e1strojom je aj vyhradenie si pr\u00e1va na vykonanie auditu bezpe\u010dnosti informa\u010dn\u00fdch syst\u00e9mov u\u00a0dod\u00e1vate\u013ea a\u00a0pr\u00e1vo na monitorovanie aktiv\u00edt spojen\u00fdch so sprac\u00favan\u00edm alebo\u00a0in\u00fdm nar\u00e1ban\u00edm s\u00a0citliv\u00fdmi inform\u00e1ciami. S\u00fa\u010das\u0165ou takejto dohody\u00a0 by mali by\u0165 aj podmienky vr\u00e1tenia spr\u00edstupnen\u00fdch inform\u00e1ci\u00ed a\u00a0sp\u00f4sob ich bezpe\u010dn\u00e9ho ni\u010denia a\u00a0tie\u017e proces pre nahlasovanie neautorizovan\u00e9ho vyzradenia inform\u00e1ci\u00ed a\u00a0\u00faniku citliv\u00fdch inform\u00e1ci\u00ed. V\u00a0neposlednom rade je potrebn\u00e9 dohodn\u00fa\u0165 sa aj na krokoch, ktor\u00e9 bud\u00fa podniknut\u00e9 v\u00a0pr\u00edpade poru\u0161enia tejto dohody. Dohoda o\u00a0ml\u010danlivosti mus\u00ed by\u0165 v\u00a0s\u00falade s\u00a0platnou legislat\u00edvou, zmluvn\u00fdmi a\u00a0regula\u010dn\u00fdmi podmienkami a\u00a0po\u017eiadavky na ml\u010danlivos\u0165 je potrebn\u00e9 presk\u00famava\u0165, a to v\u00a0pravideln\u00fdch intervaloch a\u00a0v\u00a0pr\u00edpade zmien, ktor\u00e9 m\u00f4\u017eu ma\u0165 na tieto po\u017eiadavky vplyv. V\u00a0pr\u00edpade v\u00fdvoja informa\u010dn\u00fdch syst\u00e9mov s\u00a0vyu\u017eit\u00edm outsourcingu je potrebn\u00e9 zv\u00e1\u017ei\u0165 licen\u010dn\u00e9 podmienky, vlastn\u00edctvo k\u00f3du,\u00a0du\u0161evn\u00e9 vlastn\u00edctvo a\u00a0sp\u00f4sob testovania. Tie\u017e je potrebn\u00e9 \u0161pecifikova\u0165 zmluvn\u00e9 po\u017eiadavky na bezpe\u010dn\u00fd n\u00e1vrh, v\u00fdvoj a\u00a0testovanie a\u00a0po\u017eadova\u0165 d\u00f4kazy o\u00a0tom, \u017ee boli dodr\u017ean\u00e9 aspo\u0148 minim\u00e1lne po\u017eiadavky na bezpe\u010dnos\u0165 a\u00a0\u017ee bolo vykonan\u00e9 dostato\u010dn\u00e9 testovanie na ochranu pred \u0161kodliv\u00fdm obsahom a\u00a0pr\u00edtomnos\u0165ou zranite\u013enost\u00ed.<\/p>\n<p>\u010co v\u00a0pr\u00edpade, \u017ee dod\u00e1vate\u013e je zasiahnut\u00fd v\u00fdpadkom dod\u00e1vky elektrickej energie, pr\u00edrodn\u00fdm ne\u0161\u0165ast\u00edm, geopolitick\u00fdmi nepokojmi alebo inou kr\u00edzou? Bude schopn\u00fd n\u00e1m aj po\u010das tejto kr\u00edzy poskytova\u0165 slu\u017eby? A\u00a0ak nie, tak sme schopn\u00ed pokra\u010dova\u0165 v\u00a0kritick\u00fdch procesoch alebo vieme tak\u00fdto v\u00fdpadok tolerova\u0165? Pri v\u00fdbere dod\u00e1vate\u013ea je potrebn\u00e9 bra\u0165 do \u00favahy aj fakt, \u010di m\u00e1 nasaden\u00e9 pl\u00e1ny kontinuity \u010dinnost\u00ed a pl\u00e1ny obnovy. Nie je dobr\u00e9 spolieha\u0165 sa len na \u00fastne uistenie, ale je potrebn\u00e9 tieto pl\u00e1ny aj presk\u00fama\u0165. Dobrou pr\u00edpravou na potenci\u00e1lnu kr\u00edzu je vykonanie cvi\u010den\u00ed na preverenie t\u00fdchto pl\u00e1nov spolo\u010dne s\u00a0dod\u00e1vate\u013eom. Po\u010das cvi\u010denia je mo\u017en\u00e9 simulova\u0165 kr\u00edzov\u00fa situ\u00e1ciu, ako napr. zmazanie produk\u010dn\u00fdch d\u00e1t nespokojn\u00fdm administr\u00e1torom, v\u00fdpadok energie v\u00a0d\u00e1tovom centre alebo z\u00e1plavy. Pri prvotn\u00fdch cvi\u010deniach bude posta\u010dova\u0165 presk\u00famanie pl\u00e1nov, pr\u00edpadne vykonanie cvi\u010denia \u201eod stola\u201c (table-top exercise) a\u00a0pri \u010fal\u0161\u00edch cvi\u010deniach postupne zvy\u0161ova\u0165 n\u00e1ro\u010dnos\u0165 a\u00a0implementova\u0165 tie\u017e neohl\u00e1sen\u00e9 cvi\u010denia. V\u00fdsledkom cvi\u010denia m\u00f4\u017ee by\u0165 jedine \u00faspech, preto\u017ee aj v\u00a0pr\u00edpade nevyrie\u0161enia kr\u00edzovej situ\u00e1cie tak\u00e9to cvi\u010denie poskytne preh\u013ead o\u00a0tom, ktor\u00e9 procesy a\u00a0aktivity rie\u0161enia kr\u00edzovej situ\u00e1cie potrebuj\u00fa zlep\u0161enie. Cvi\u010denia sa vykon\u00e1vaj\u00fa preto, lebo je lep\u0161ie identifikova\u0165 mo\u017enosti zlyhania po\u010das nich a\u00a0nie pri v\u00fdskyte re\u00e1lneho incidentu.<\/p>\n<p>Je potrebn\u00e9 sa zamyslie\u0165 tie\u017e nad t\u00fdm, \u010di na\u0161a organiz\u00e1cie nie je na dod\u00e1vate\u013eovi pr\u00edli\u0161 z\u00e1visl\u00e1. Odberanie viacer\u00fdch slu\u017eieb od jedn\u00e9ho dod\u00e1vate\u013ea m\u00f4\u017ee prinies\u0165 v\u00fdhody v\u00a0podobe ni\u017e\u0161ej ceny za tieto slu\u017eby \u00a0v\u00a0porovnan\u00ed s pr\u00edpadom distrib\u00facie t\u00fdchto slu\u017eieb viacer\u00fdmi dod\u00e1vate\u013emi. Pokia\u013e ale dod\u00e1vate\u013e zaznamen\u00e1 v\u00e1\u017ene probl\u00e9my a hroz\u00ed v\u00fdpadok viacer\u00fdch slu\u017eieb s\u00fa\u010dasne, tak sa potom\u00a0 z\u00a0dod\u00e1vate\u013ea m\u00f4\u017ee sta\u0165 tzv. SPOF (single point of failure) \u2013 bod, pri zlyhan\u00ed ktor\u00e9ho hroz\u00ed v\u00fdpadok cel\u00e9ho syst\u00e9mu. Rovnako v\u00a0regulovan\u00fdch odvetviach m\u00f4\u017ee v\u00fdpadok syst\u00e9mu znamena\u0165 nesplnenie z\u00e1konn\u00fdch po\u017eiadaviek, pri ktor\u00fdch hrozia nemal\u00e9 sankcie. Odvolanie sa na zlyhanie dod\u00e1vate\u013ea v\u00a0t\u00fdchto pr\u00edpadoch ur\u010dite neobstoj\u00ed.<\/p>\n<p>S\u00fa\u010das\u0165ou zmluvy, resp. dohody s\u00a0dod\u00e1vate\u013eom by mala by\u0165 aj po\u017eiadavka, \u017ee dod\u00e1vate\u013e bude dodr\u017eiava\u0165 bezpe\u010dnostn\u00e9 smernice organiz\u00e1cie. Je dobr\u00e9 ma\u0165 implementovan\u00fa smernicu pre outsourcing, kde bude predp\u00edsan\u00fd sp\u00f4sob v\u00fdberu dod\u00e1vate\u013ea, sp\u00f4sob vyhodnocovania riz\u00edk spojen\u00fdch s\u00a0outsourcingom a\u00a0obsah zml\u00fav s\u00a0dod\u00e1vate\u013emi, obsah doh\u00f4d o\u00a0\u00farovni poskytovan\u00fdch slu\u017eieb a\u00a0doh\u00f4d o\u00a0ml\u010danlivosti. Rovnako je vhodn\u00e9 ma\u0165 tam stanoven\u00fd sp\u00f4sob prij\u00edmania zamestnancov dod\u00e1vate\u013ea, po\u017eiadavky na ich vzdelanie a\u00a0schopnosti, rozsah pr\u00edstupu ak\u00fd je mo\u017en\u00e9 dod\u00e1vate\u013eovi umo\u017eni\u0165, sp\u00f4sob vykon\u00e1vania auditu u\u00a0dod\u00e1vate\u013ea a zodpovednosti za jednotliv\u00e9 \u010dinnosti na zaistenie informa\u010dnej bezpe\u010dnosti.<\/p>\n<p>Outsourcing informa\u010dn\u00fdch technol\u00f3gi\u00ed, informa\u010dnej bezpe\u010dnosti a\u00a0s\u00a0nimi spojen\u00fdch slu\u017eieb je mo\u017en\u00fd\u00a0 aj napriek tomu, \u017ee so sebou prin\u00e1\u0161a rizik\u00e1. Ak\u00e9ko\u013evek zlyhanie v\u00a0tejto oblasti m\u00f4\u017ee ma\u0165 z\u00e1va\u017en\u00e9 dopady na prev\u00e1dzku a\u00a0bezpe\u010dnos\u0165 organiz\u00e1cie. Je preto potrebn\u00e9 k\u00a0outsourcingu pristupova\u0165 zodpovedne,\u00a0s\u00a0uvedomen\u00edm si v\u0161etk\u00fdch riz\u00edk a\u00a0na ich z\u00e1klade implementova\u0165 opatrenia na ich predch\u00e1dzanie. Nikdy nie je mo\u017en\u00e9 \u00faplne odstr\u00e1ni\u0165 v\u0161etky rizik\u00e1 a\u00a0aj napriek nasadeniu opatren\u00ed v\u017edy ostane nejak\u00e9 zvy\u0161kov\u00e9 riziko. Miera jeho akcept\u00e1cie ale z\u00e1le\u017e\u00ed na tzv. \u201erisk apet\u00edte\u201c \u2013 tj. ochote vedenia riskova\u0165 a dan\u00e9 riziko podst\u00fapi\u0165.<\/p>\n<p>&nbsp;<\/p>\n<p>Ing. Henrich Slezak, CSIRT.SK<\/p>\n<p>&nbsp;<\/p>\n<p style=\"padding-left: 30px;\"><strong><em>Referencie<\/em><\/strong><\/p>\n<p style=\"padding-left: 30px;\"><em>ISO\/IEC 27002:2013<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>IT-Grundschutz-Catalogues<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>IT Outsourcing Security &#8211; The Government of the Hong Kong Special Administrative Region<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>Protective security governance guidelines &#8211; Security of outsourced services and functions \u2013 Australian Government<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>Top Three Potential Risks With Outsourcing Information Systems &#8211; Catherine Wright<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>The Case for Outsourcing Security &#8211; Bruce Schneier<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>Security Think Tank: IT security outsourcing should be informed and risk-managed &#8211; Lee Newcombe<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>The cost of cost savings: Security and risk when outsourcing IT &#8211; Karl Fruecht &amp; Jason Ausburn<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In\u0161tit\u00facie verejnej spr\u00e1vy podobne ako firmy a organiz\u00e1cie zo s\u00fakromn\u00e9ho sektora vyu\u017e\u00edvaj\u00fa outsourcing ako jednu zo strat\u00e9gi\u00ed boja s ch\u00fdbaj\u00facimi profesion\u00e1lmi a\u00a0nedostatkom finan\u010dn\u00fdch prostriedkov pre\u00a0oblas\u0165 informa\u010dn\u00fdch a\u00a0komunika\u010dn\u00fdch technol\u00f3gi\u00ed. Je ale n\u00e1kup IT slu\u017eieb pre zabezpe\u010denie kritick\u00fdch procesov a\u00a0bezpe\u010dnosti organiz\u00e1cie u\u00a0dod\u00e1vate\u013ea v\u017edy spr\u00e1vnou vo\u013ebou? Outsourcing je v\u00a0s\u00fa\u010dasnosti ob\u013e\u00faben\u00fdm sp\u00f4sobom optimaliz\u00e1cie n\u00e1kladov prostredn\u00edctvom n\u00e1kupu slu\u017eieb, ktor\u00fdmi sa [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2773,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[32,23,45,111,112,38,22],"class_list":["post-2768","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-itbezp","tag-bezpecnost","tag-it-kriminalita","tag-navod","tag-outsourcing","tag-outsourcing-it","tag-socialne-siete","tag-sukromie"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/08\/cover.jpg?fit=700%2C400&ssl=1","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":1540,"url":"https:\/\/preventista.sk\/info\/kyber-nieco\/","url_meta":{"origin":2768,"position":0},"title":"Kyber-nie\u010do","author":"I. Makatura","date":"17. okt\u00f3bra 2013","format":false,"excerpt":"\u201ePanta rhei\u201c\u00a0 je Plat\u00f3nova skr\u00e1ten\u00e1 interpret\u00e1cia tvrdenia antick\u00e9ho filozofa Herakleita o\u00a0tom, \u017ee v\u0161etko sa neust\u00e1le men\u00ed. Slovami \u201eEverything counts\u201c nie\u010do podobn\u00e9 kon\u0161tatuje i synthpopov\u00e1 skupina Depeche Mode, na ktorej hudbe sme mnoh\u00ed vyrastali.\u00a0 Ka\u017ed\u00fd odbor postupne prech\u00e1dza zmenami, \u010d\u00edm sa upres\u0148uje aj pou\u017e\u00edvan\u00e9 n\u00e1zvoslovie.\u00a0 A v\u00a0ka\u017edom odvetv\u00ed sa n\u00e1jdu odborn\u00e9\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"cyberlock","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/zamok.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/zamok.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/zamok.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/zamok.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":4168,"url":"https:\/\/preventista.sk\/info\/najsofistikovanejsi-a-najjednoduchsi-utok-a-ich-buducnost\/","url_meta":{"origin":2768,"position":1},"title":"Najsofistikovanej\u0161\u00ed a najjednoduch\u0161\u00ed \u00fatok a ich bud\u00facnos\u0165","author":"Marek Zeman","date":"15. janu\u00e1ra 2021","format":false,"excerpt":"V\u00a0tomto \u010dl\u00e1nku zo s\u00e9rie k\u00a0bud\u00facnosti Informa\u010dnej bezpe\u010dnosti sa budeme venova\u0165 bud\u00facnosti u\u017e v\u00a0s\u00fa\u010dasnosti existuj\u00facich \u00fatokov na organiz\u00e1cie. Pripomenieme si \u00fatoky \u0161peci\u00e1lnych slu\u017eieb, vysvetl\u00edme si, ako funguje phishing a\u00a0kam smeruje v\u00fdvoj. Oba spom\u00ednan\u00e9 \u00fatoky s\u00fa v\u00a0s\u00fa\u010dasnosti u\u017e dobre pop\u00edsan\u00e9, napriek tomu \u00fato\u010dn\u00edci st\u00e1le vedia prinies\u0165 zauj\u00edmav\u00fa zmenu. Niektor\u00e9 \u00fatoky bud\u00fa st\u00e1le\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2021\/01\/cyberattack-e1610103949743.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":2583,"url":"https:\/\/preventista.sk\/info\/bezpecne-hranice-cast-1-co-je-to-penetracny-test\/","url_meta":{"origin":2768,"position":2},"title":"Bezpe\u010dn\u00e9 hranice  \u010cas\u0165 1: \u010co je to penetra\u010dn\u00fd test","author":"I. Makatura","date":"16. febru\u00e1ra 2015","format":false,"excerpt":"V\u00fdraz \u201eperimeter\u201c v\u00a0matematike znamen\u00e1 celkov\u00fa d\u013a\u017eku vonkaj\u0161ieho obvodu dvojrozmern\u00e9ho objektu. V\u00a0prenesenom zmysle sa tento v\u00fdraz pou\u017e\u00edva ako \u201ehranica\u201c, teda priestor, ktor\u00fd sa nach\u00e1dza na vonkaj\u0161ej strane hranice vymedzen\u00e9ho objektu. V\u00a0informa\u010dnej bezpe\u010dnosti sa pod pojmom \u201eperimeter\u201c rozumie vonkaj\u0161\u00ed, cudz\u00ed priestor, mimo predmetn\u00e9ho virtu\u00e1lneho prostredia. Naj\u010dastej\u0161ie sa v\u00a0tomto kontexte jedn\u00e1 o\u00a0sie\u0165ov\u00fd perimeter,\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/02\/hranice-1.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":4708,"url":"https:\/\/preventista.sk\/info\/cloud-stavebne-prvky-a-hranice-zodpovednosti-3-cast-miniserialu\/","url_meta":{"origin":2768,"position":3},"title":"Cloud \u2013 stavebn\u00e9 prvky a\u00a0hranice zodpovednosti (3.\u010das\u0165 miniseri\u00e1lu)","author":"Iveta \u0160\u0165avinov\u00e1","date":"31. janu\u00e1ra 2022","format":false,"excerpt":"Cloudov\u00e9 syst\u00e9my pon\u00fakaj\u00fa neuverite\u013en\u00e9 mo\u017enosti, nielen pre naplnenie jednoduch\u00fdch t\u00fa\u017eob klientov ako je vytvorenie prostredia na ukladanie d\u00e1t a\u00a0v\u00fdpo\u010dtov\u00fd v\u00fdkon. N\u00e1jde sa tam miesto aj na zlo\u017eitej\u0161ie v\u00fdpo\u010dtov\u00e9 \u00falohy, firmy si ved\u00fa v\u00a0aplik\u00e1ci\u00e1ch v\u00a0cloude \u00fa\u010dtovn\u00edctvo a\u00a0niektor\u00e9 kompletn\u00fa kancel\u00e1riu. Av\u0161ak pri tomto to v\u00f4bec nekon\u010d\u00ed, ke\u010f m\u00e1te z\u00e1ujem, viete sa zaregistrova\u0165\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/01\/Cloud-2.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":2891,"url":"https:\/\/preventista.sk\/info\/bezpecnostny-incident-neprijemna-udalost\/","url_meta":{"origin":2768,"position":4},"title":"Bezpe\u010dnostn\u00fd incident &#8211; nepr\u00edjemn\u00e1 udalos\u0165?","author":"I. Makatura","date":"20. okt\u00f3bra 2015","format":false,"excerpt":"Jednou z k\u013e\u00fa\u010dov\u00fdch zodpovednost\u00ed vedenia podniku pri podpore syst\u00e9mu riadenia informa\u010dnej bezpe\u010dnosti je zavedenie procesu rie\u0161enia bezpe\u010dnostn\u00fdch incidentov. Schopnos\u0165 organiz\u00e1cie efekt\u00edvne reagova\u0165 na identifikovan\u00fd incident je z\u00e1visl\u00e1 od kvalitnej pr\u00edpravy na v\u0161etky potenci\u00e1lne udalosti, ktor\u00e9 by mohli nepriaznivo p\u00f4sobi\u0165 na informa\u010dn\u00e9 akt\u00edva podniku. Ak sa incident t\u00fdka kritick\u00fdch informa\u010dn\u00fdch akt\u00edv,\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/10\/incident2.png?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/10\/incident2.png?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/10\/incident2.png?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/10\/incident2.png?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":4726,"url":"https:\/\/preventista.sk\/info\/preco-sa-cloud-podoba-olympijskemu-bazenu-4-cast-miniserialu\/","url_meta":{"origin":2768,"position":5},"title":"Pre\u010do sa cloud podob\u00e1 olympijsk\u00e9mu baz\u00e9nu? (4.\u010das\u0165 miniseri\u00e1lu)","author":"Iveta \u0160\u0165avinov\u00e1","date":"17. febru\u00e1ra 2022","format":false,"excerpt":"Predch\u00e1dzaj\u00faci \u010dl\u00e1nok (Cloud \u2013 stavebn\u00e9 prvky a\u00a0hranice zodpovednosti) pribli\u017euje stavebn\u00e9 prvky cloudu, ktor\u00e9 je mo\u017en\u00e9 vyu\u017ei\u0165 v\u00a0s\u00falade s\u00a0na\u0161imi potrebami vyu\u017ei\u0165 slu\u017eby, ktor\u00e9 cloud prostredie poskytuje. Niekedy potrebujeme vyu\u017ei\u0165 len infra\u0161trukt\u00farne slu\u017eby, t.j. pam\u00e4\u0165ov\u00fd a\u00a0procesorov\u00fd v\u00fdkon, alebo \u00falo\u017eisko, inokedy je potrebn\u00e9 vyu\u017ei\u0165 sk\u00f4r komplexnej\u0161ie slu\u017eby. V\u00a0z\u00e1vislosti od typu zapojen\u00fdch\u00a0 slu\u017eieb sa\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/02\/image-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/02\/image-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2022\/02\/image-1.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/comments?post=2768"}],"version-history":[{"count":6,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2768\/revisions"}],"predecessor-version":[{"id":2776,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/2768\/revisions\/2776"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/media\/2773"}],"wp:attachment":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/media?parent=2768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/categories?post=2768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/tags?post=2768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}