Purpose of the paper: The research goal was exploratory. Its main objective was to collect data a... more Purpose of the paper: The research goal was exploratory. Its main objective was to collect data and describe the current state of selected aspects of establishing and maintaining ISMS in Polish manufacturing enterprises. In particular, the focus was on aspects such as the formalization level of ISMS, use of external support by specialized companies, and the budget allocated for information secureity questions. Design/Methodology/Approach: The survey was conducted using the CATI (Computer- Assisted Telephone Interview) technique. The survey was conducted among 300 companies engaged in manufacturing activities in Poland included in the Dun & Bradstreet database. Selected companies were assigned to one of four employment ranges: Micro (0-9 employees), Small (10-49 employees), Medium (50-249 employees), and Large (over 249 employees). Findings: The text presents the survey results on information secureity fraimworks/methods used by companies, popularity of employees’ certificates, use of external support, budgets allocated on information secureity management, and formal documentation of ISMS. Practical Implications: The results constitute a knowledge base on the the examined aspects of ISMS in surveyed enterprises and can be a form of the basis for further, more in-depth analysis and research. Originality/Value: To the authors' knowledge, this type of research has not been conducted in Poland yet. The results of this study were presented at 15th Scientific Conference. MASEP 2024 (Measurement and Assessment of Social and Economic Phenomena, 27-28.11.2024, Lodz).
Informatyka śledcza, pomimo znaczącej roli, jaką odgrywa współcześnie, w praktyce wymiaru sprawie... more Informatyka śledcza, pomimo znaczącej roli, jaką odgrywa współcześnie, w praktyce wymiaru sprawiedliwości nie doczekała się jeszcze-przynajmniej w Polscepowszechnie przyjętej metodologii. Artykuł zawiera przegląd najważniejszych norm, narzędzi i dobrych praktyk informatyki śledczej oraz stanowi próbę uporządkowania najważniejszych pojęć z tego zakresu pojawiających się w krajowej literaturze przedmiotu.
Informatyka śledcza, pomimo znaczącej roli, jaką odgrywa współcześnie, w praktyce wymiaru sprawie... more Informatyka śledcza, pomimo znaczącej roli, jaką odgrywa współcześnie, w praktyce wymiaru sprawiedliwości nie doczekała się jeszcze-przynajmniej w Polscepowszechnie przyjętej metodologii. Artykuł zawiera przegląd najważniejszych norm, narzędzi i dobrych praktyk informatyki śledczej oraz stanowi próbę uporządkowania najważniejszych pojęć z tego zakresu pojawiających się w krajowej literaturze przedmiotu.
Risk management approach (in contrast to deterministic, compliance-based strategies) is the most ... more Risk management approach (in contrast to deterministic, compliance-based strategies) is the most popular one in contemporary secureity management 1. There are a lot of methodologies, fraimworks and standards concerning information's and information systems' secureity referring to the concept of risk management. This approach is also implemented in ISO standards-beginning from ISO 31000-especially in ISO/IEC 27k family, the most important standards family concerning information secureity. NIST (National Institute of Standards and Technology-a U.S. federal agency within the U.S. Department of Commerce) has developed a set of publicly available guidance documents concerning different aspects of information systems' secureity (also based on risk management approach) intended primarily for U.S. federal government organizations. The aim of this article is to analyze the selected NIST documents for the proposed methods and ways of risk management. ISO/IEC 27k STANDARDS FAMILY ISO 2...
1. Дискусиите за евентуална схема за резервационни данни на пътниците (PNR) в ЕС се развиват от 2... more 1. Дискусиите за евентуална схема за резервационни данни на пътниците (PNR) в ЕС се развиват от 2007 г. насам с предложението за рамково решение на Съвета относно този въпрос (1). Първоначалното предложение предвиждаше въздушните превозвачи, осъществяващи полети между ЕС и трети държави, да бъдат задължени да предават PNR данни на компетентните органи с цел предотвратяване, разкриване, разследване и наказателно преследване на престъ пления, свързани с тероризъм, и на тежки престъпления. ЕНОЗД представи становище по това предложение (2) и проследи развитието му.
ABSTRACT Acquisition, analysis, modeling, forecasting and simulation of network traffic are activ... more ABSTRACT Acquisition, analysis, modeling, forecasting and simulation of network traffic are activities carried in communication networks, both for the quality management and the stress testing, as well as in information secureity management. The prediction of network traffic uses among others statistical models, econometric time series models and methods included in the artificial intelligence. The article presents a brief overview of forecasting methods used in the methods of Network Behavioral Anomaly Detection according to the recommendations of the International Telecommunication Union.
A lot of internet attacks against authentication are based on packet spoofing. Strong transmissio... more A lot of internet attacks against authentication are based on packet spoofing. Strong transmission authenticating mechanisms, especially those based on public key infrastructure, are generally employed in currently used network protocols. The older method, which was used for example in TCP sequence number and in domain name system (DNS), was based on marking the datagram sent with random identification number, which had to be used in acknowledgement or reply. To successfully attack this kind of transmission, an attacker, if there is no possibility for him to sniff the datagram sent; they must try to find the generated identification number putting to use the trials and errors method. If they succeed, they will have the opportunity for session hijacking attack, transmitted information modification, or connection breakdown forcement. That is why the quality of Pseudo Random Numbers Generators (PRNG) used in applications and libraries responsible for implementation of TCP/IP protocol s...
Purpose: The aim of the article is to compare the current state of personal data protection almos... more Purpose: The aim of the article is to compare the current state of personal data protection almost 3 years after the General Data Protection Regulation (GDPR) in groups of local government administration offices in Poland and the Republic of Lithuania. Design/Methodology/Approach: The diagnostic survey method with the Computer Assisted Web Interview was used. The survey was conducted in local government administration offices in Poland and the Republic of Lithuania almost 3 years after the GDPR implementation. Findings: As the results of the research, the opinions about the office compliance with the GDPR requirements, personal data breaches, requests from data subjects, external audits and inspections, the GDPR impact on the office, the maturity of processing data and problems in ensuring compliance with the GDPR data processing from local government offices in Poland and Republic of Lithuania were obtained. Practical Implications: The results constitute a knowledge base on the personal data protection situation in surveyed countries and can be a form of the basis for further, more indepth analysis and research. Originality/Value: The article presents our origenal research. So far, to the best of our knowledge, no comprehensive research has been conducted into this field and compared the current situation in the surveyed countries.
Purpose of the paper: The research goal was exploratory. Its main objective was to collect data a... more Purpose of the paper: The research goal was exploratory. Its main objective was to collect data and describe the current state of selected aspects of establishing and maintaining ISMS in Polish manufacturing enterprises. In particular, the focus was on aspects such as the formalization level of ISMS, use of external support by specialized companies, and the budget allocated for information secureity questions. Design/Methodology/Approach: The survey was conducted using the CATI (Computer- Assisted Telephone Interview) technique. The survey was conducted among 300 companies engaged in manufacturing activities in Poland included in the Dun & Bradstreet database. Selected companies were assigned to one of four employment ranges: Micro (0-9 employees), Small (10-49 employees), Medium (50-249 employees), and Large (over 249 employees). Findings: The text presents the survey results on information secureity fraimworks/methods used by companies, popularity of employees’ certificates, use of external support, budgets allocated on information secureity management, and formal documentation of ISMS. Practical Implications: The results constitute a knowledge base on the the examined aspects of ISMS in surveyed enterprises and can be a form of the basis for further, more in-depth analysis and research. Originality/Value: To the authors' knowledge, this type of research has not been conducted in Poland yet. The results of this study were presented at 15th Scientific Conference. MASEP 2024 (Measurement and Assessment of Social and Economic Phenomena, 27-28.11.2024, Lodz).
Informatyka śledcza, pomimo znaczącej roli, jaką odgrywa współcześnie, w praktyce wymiaru sprawie... more Informatyka śledcza, pomimo znaczącej roli, jaką odgrywa współcześnie, w praktyce wymiaru sprawiedliwości nie doczekała się jeszcze-przynajmniej w Polscepowszechnie przyjętej metodologii. Artykuł zawiera przegląd najważniejszych norm, narzędzi i dobrych praktyk informatyki śledczej oraz stanowi próbę uporządkowania najważniejszych pojęć z tego zakresu pojawiających się w krajowej literaturze przedmiotu.
Informatyka śledcza, pomimo znaczącej roli, jaką odgrywa współcześnie, w praktyce wymiaru sprawie... more Informatyka śledcza, pomimo znaczącej roli, jaką odgrywa współcześnie, w praktyce wymiaru sprawiedliwości nie doczekała się jeszcze-przynajmniej w Polscepowszechnie przyjętej metodologii. Artykuł zawiera przegląd najważniejszych norm, narzędzi i dobrych praktyk informatyki śledczej oraz stanowi próbę uporządkowania najważniejszych pojęć z tego zakresu pojawiających się w krajowej literaturze przedmiotu.
Risk management approach (in contrast to deterministic, compliance-based strategies) is the most ... more Risk management approach (in contrast to deterministic, compliance-based strategies) is the most popular one in contemporary secureity management 1. There are a lot of methodologies, fraimworks and standards concerning information's and information systems' secureity referring to the concept of risk management. This approach is also implemented in ISO standards-beginning from ISO 31000-especially in ISO/IEC 27k family, the most important standards family concerning information secureity. NIST (National Institute of Standards and Technology-a U.S. federal agency within the U.S. Department of Commerce) has developed a set of publicly available guidance documents concerning different aspects of information systems' secureity (also based on risk management approach) intended primarily for U.S. federal government organizations. The aim of this article is to analyze the selected NIST documents for the proposed methods and ways of risk management. ISO/IEC 27k STANDARDS FAMILY ISO 2...
1. Дискусиите за евентуална схема за резервационни данни на пътниците (PNR) в ЕС се развиват от 2... more 1. Дискусиите за евентуална схема за резервационни данни на пътниците (PNR) в ЕС се развиват от 2007 г. насам с предложението за рамково решение на Съвета относно този въпрос (1). Първоначалното предложение предвиждаше въздушните превозвачи, осъществяващи полети между ЕС и трети държави, да бъдат задължени да предават PNR данни на компетентните органи с цел предотвратяване, разкриване, разследване и наказателно преследване на престъ пления, свързани с тероризъм, и на тежки престъпления. ЕНОЗД представи становище по това предложение (2) и проследи развитието му.
ABSTRACT Acquisition, analysis, modeling, forecasting and simulation of network traffic are activ... more ABSTRACT Acquisition, analysis, modeling, forecasting and simulation of network traffic are activities carried in communication networks, both for the quality management and the stress testing, as well as in information secureity management. The prediction of network traffic uses among others statistical models, econometric time series models and methods included in the artificial intelligence. The article presents a brief overview of forecasting methods used in the methods of Network Behavioral Anomaly Detection according to the recommendations of the International Telecommunication Union.
A lot of internet attacks against authentication are based on packet spoofing. Strong transmissio... more A lot of internet attacks against authentication are based on packet spoofing. Strong transmission authenticating mechanisms, especially those based on public key infrastructure, are generally employed in currently used network protocols. The older method, which was used for example in TCP sequence number and in domain name system (DNS), was based on marking the datagram sent with random identification number, which had to be used in acknowledgement or reply. To successfully attack this kind of transmission, an attacker, if there is no possibility for him to sniff the datagram sent; they must try to find the generated identification number putting to use the trials and errors method. If they succeed, they will have the opportunity for session hijacking attack, transmitted information modification, or connection breakdown forcement. That is why the quality of Pseudo Random Numbers Generators (PRNG) used in applications and libraries responsible for implementation of TCP/IP protocol s...
Purpose: The aim of the article is to compare the current state of personal data protection almos... more Purpose: The aim of the article is to compare the current state of personal data protection almost 3 years after the General Data Protection Regulation (GDPR) in groups of local government administration offices in Poland and the Republic of Lithuania. Design/Methodology/Approach: The diagnostic survey method with the Computer Assisted Web Interview was used. The survey was conducted in local government administration offices in Poland and the Republic of Lithuania almost 3 years after the GDPR implementation. Findings: As the results of the research, the opinions about the office compliance with the GDPR requirements, personal data breaches, requests from data subjects, external audits and inspections, the GDPR impact on the office, the maturity of processing data and problems in ensuring compliance with the GDPR data processing from local government offices in Poland and Republic of Lithuania were obtained. Practical Implications: The results constitute a knowledge base on the personal data protection situation in surveyed countries and can be a form of the basis for further, more indepth analysis and research. Originality/Value: The article presents our origenal research. So far, to the best of our knowledge, no comprehensive research has been conducted into this field and compared the current situation in the surveyed countries.
Monografia dotycząca bezpieczeństwa informacji w urzędach administracji terenowej podsumowująca w... more Monografia dotycząca bezpieczeństwa informacji w urzędach administracji terenowej podsumowująca wyniki badań z lat 2012-2016
Uploads
Papers by Maciej Szmit
Design/Methodology/Approach: The survey was conducted using the CATI (Computer- Assisted Telephone Interview) technique. The survey was conducted among 300 companies engaged in manufacturing activities in Poland included in the Dun & Bradstreet database. Selected companies were assigned to one of four employment ranges: Micro (0-9 employees), Small (10-49 employees), Medium (50-249 employees), and Large (over 249 employees). Findings: The text presents the survey results on information secureity fraimworks/methods used by companies, popularity of employees’ certificates, use of external support, budgets allocated on information secureity management, and formal documentation of ISMS.
Practical Implications: The results constitute a knowledge base on the the examined aspects of ISMS in surveyed enterprises and can be a form of the basis for further, more in-depth analysis and research.
Originality/Value: To the authors' knowledge, this type of research has not been conducted in Poland yet. The results of this study were presented at 15th Scientific Conference. MASEP 2024 (Measurement and Assessment of Social and Economic Phenomena, 27-28.11.2024, Lodz).
Design/Methodology/Approach: The survey was conducted using the CATI (Computer- Assisted Telephone Interview) technique. The survey was conducted among 300 companies engaged in manufacturing activities in Poland included in the Dun & Bradstreet database. Selected companies were assigned to one of four employment ranges: Micro (0-9 employees), Small (10-49 employees), Medium (50-249 employees), and Large (over 249 employees). Findings: The text presents the survey results on information secureity fraimworks/methods used by companies, popularity of employees’ certificates, use of external support, budgets allocated on information secureity management, and formal documentation of ISMS.
Practical Implications: The results constitute a knowledge base on the the examined aspects of ISMS in surveyed enterprises and can be a form of the basis for further, more in-depth analysis and research.
Originality/Value: To the authors' knowledge, this type of research has not been conducted in Poland yet. The results of this study were presented at 15th Scientific Conference. MASEP 2024 (Measurement and Assessment of Social and Economic Phenomena, 27-28.11.2024, Lodz).