Danilo BURNAČ, Sanja ANDROIĆ
Mariborski vodovod d. d., Maribor, Slovenija
Boštjan ŠPEHONJA
Unistar pro, Ljubljana, Slovenija
Obveznosti podjetja Mariborski vodovod kot deležnika kritične infrastrukture na področju nevarnosti e-poslovanja in potreba po varnostnih pregledih IKT-sistemov
Obligations of the Water Utility Company Mariborski vodovod as a Participant of Critical Infrastructure on the Field of Risks of E-bussiness and the Need of Secure Checks of IKT Systems
(Moderna arhivistika 2018, 1 (1), str/pp. 283-292)
https://doi.org/10.54356/MA/2018/DTJD1202
Izvleček:
Namen članka je predstaviti obveznosti podjetja Mariborski vodovod kot deležnika kritične infrastrukture na področju nevarnosti e-poslovanja in zakonodaje ter potrebo po varnostni pregledih IKT-sistemov. Najprej bodo predstavljene vloga in obveznosti podjetja Mariborski vodovod na področju kritične infrastrukture, nato razlogi uprave podjetja za izvedbo varnostnih pregledov IKT-sistemov, e-procesi podjetja, nevarnosti e-poslovanja, zakonodajne obveznosti s tega področja, metodologija in izsledki izvedenega notranjega in zunanjega varnostnega pregleda. V članku bomo predstavili teoretična izhodišča in zakonodajne zahteve z metodo deskripcije, za to bomo uporabili podatke iz sekundarnih virov. Na podlagi izkušenj iz prakse in izvedenega varnostnega pregleda v podjetju bomo predstavili svoj pogled na kibernetska tveganja, nevarnosti na področju e-poslovanja ter izpolnitev zakonodajnih obvez. Prikazane praktične izkušnje podjetja Mariborski vodovod bodo nedvomno uporabne za ostala podjetja. Skrb za kibernetsko varnost mora imeti vsak zaposleni, saj je podjetje toliko varno, kot je njegov najšibkejši člen.
Ključne besede:
Mariborski vodovod, e-poslovanje, varnostni pregled, kritična infrastruktura, kibernetsko tveganje
Abstract:
Obligations of the Water Utility Company Mariborski vodovod as a Participant of Critical Infrastructure on the Field of Risks of E-bussiness and the Need of Secure Checks of IKT Systems
The aim of the paper is to present the obligations of the Mariborski vodovod company as a participant in the critical infrastructure related to dangers of e-commerce and legislation and the need for vulnerability assessments of ICT systems. The authors first present the role and obligations of the Mariborski vodovod company in relation to the critical infrastructure and continue with the presentation of reasons for performing vulnerability assessments of ICT systems, company's e-processes, dangers of e-commerce, legislative obligations relevant for this field and the methodology and findings of the internal and external vulnerability assessment. Author used the descriptive method to present the theoretical basis and legislative obligations based on data from secondary sources. Views on cyber risks and dangers in the field of e-commerce will be presented as well as views on fulfilling legislative obligations based on past experience and vulnerability assessment of the discussed company. We have no doubt that presented practical experience of the Mariborski vodovod company will prove to be useful for other companies. Cyber security should be a concern of every employee because a company is only as secure as its weakest link.
Key words:
Mariborski vodovod, e-commerce, vulnerability assessment, critical infrastructure, cyber risk
