Print Layout 1

Transcription

Print Layout 1
FuturIT_borito_eng.qxd
07/10/26
17:29
Page 2
2007
Annual Report
2007 futurIT
National Office for Research and Technology
Estabished by the support of the National Office for Research and Technology
FuturIT_eng_ok.qxd
07/11/5
9:40
Page 2
futurIT
„Information Security
Knowledge Centre”
FuturIT_eng_ok.qxd
07/11/5
9:40
Page 3
contents
Contents
III. IT security qualification and development of devices
29.
Executive summary
1.
Mission statement
3.
1. Security certification of IT solutions
30.
Organisational structure
4.
2. Development of information security tools
31.
Management structure
5.
IV. Implementing information security training system
32.
The consortium members
6.
1. PhD education and research in Information Security
33.
Our activities
8.
2. MSc education in information security
34.
Research Programmes
3. Raising awareness and professional standards
National and industry-specific information security systems 12.
of information security in Hungary
36.
Organisational and human security research
13.
Indicators
Data recovery and data storage research
14.
PhD dissertations
38.
Knowledge management programme
15.
PhD, post-doctorate and university research positions
39.
Students partnership program
40.
Results
Accounting period
18.
24-hour programming competition sponsored by futurIT
41.
Results achieved in the last reporting period
19.
Adult training
42.
I. Project preparation
20.
Technology transfer
43.
1. Supporting infrastructure
21.
Conferences
44.
2. Procurement of the resources necessary for R&D
22.
Resources
46.
3. Organisational structure
23.
Indicators
47.
4. Financial management system
23.
Media appearances
48.
II. Creating an uniform methodology background for it security
Professional programmes
50.
solutions
24.
Financing, summary of financial indicators
53.
1. A planning and rating methodology for IT solutions
25.
Monitoring
55.
2. A national information security regulatory system
27.
Contact information
56.
Our team
56.
3. Assessment, analysis and management
of IT threats and risks
28.
FuturIT_eng_ok.qxd
07/11/5
9:40
Page 4
summary
Executive summary
Our mission is to deliver first class
standing staff members to work on the project, all with a dedicated
research, develop and educate
team spirit. The consortium members have a proved track record
advanced value-protection meth-
of cooperation that predates the establishment of futurIT. They strongly
ods securing information assets.
consider each other as strategic partners having already completed
In the year 2006 University of
several successful collaborative projects. The successful operation
Pannonia won support from the
of the Knowledge Centre demands a close collaboration to secure
National Office for Research and
a number of organisational and cultural challenges. This includes
Technology in two areas related to information security.
reconciliation of a variety of problem-solving processes and different
types of work. The building trust at every organisational level and
The members of the consortium are Albacomp Co., KÜRT Co. and
in every collaborator body towards the targets is crucial. For this
the University of Pannonia.
very reason one of the most important results of the first phase of
work will the creation of an advanced management model. This
The leading staff members responsible for the Project are:
will serve as a basis for the organisation of effective operation in
The Manager of the futurIT Information Security Knowledge Centre
the years to come.
is Tamás Kürti.
The founder of the ÖkoRET Environmental Safety Information
The Research Steering Committee will provide the direction in which
Technology Knowledge Centre is Prof Dr Ákos Rédey and its
the consortium will operate. This will include the approval of work
manager is Prof Dr. Gyula Marton.
progress and interim results, providing professional consultation
The director of the Knowledge Centre is Prof. Dr. Ferenc Friedler,
and advice, and promoting the pursuit of professional and scientific
the founder and Dean of the Faculty of Information Technology,
work. The RSC will meet whenever necessary, but at least once
University of Pannonia.
every two weeks.
The Project Committee will monitor the fulfilment of the Knowledge
This report gives an account of the work of futurIT.
Centre operative goals and strategy. Each consortium member will be
represented there. The PC will be empowered to pass resolutions
The consortium members have been fully dedicated and highly
regarding the evaluation and exploitation of the project results. The
motivated in their pursuits by a common set of values and goals.
research and development work will be carried out by Research
They are leading researchers and experts in their fields, covering
Laboratories, each of which is geared towards addressing a specific
the science, business and innovation. All three partners have
topic of research. The Project Committee has approved so far the
assigned reliable, trustworthy, committed and professionally out-
establishment of the following Research Laboratories:
1
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:40
Page 5
1. Development of national
3. Data storage and data recovery
and industry-specific information
The rapid pace of development with growing the complexity of
security systems
data storage media, and the logical structures they use, is greatly
The aim of this research and
increasing the risk of data loss. Our program is aimed to reduce
development program is to create
this risk, and is being conducted in collaboration with our key
IT security procedures, method-
strategic partner, KÜRT Co., the founder of Hungarian data recovery
ologies and tools tailored to suit
industry. The purpose of the program is not only to solve the problems
the specific requirements of the various specialist fields and
of rescuing data from existing devices, but also to conduct research
sectors of industry, and to support their practical use. It will be
into the risks inherited in future generations of storage media.
done using the latest theoretical findings and practical experience
4. Knowledge management
from science and industry
The Knowledge Management program is a horizontal activity,
2. Organisational and human security research
involving the collation and presentation of the technical results of
The purpose of this program is to develop a methodology for
research programs carried out under the various projects. It includes
analysing the IT and information management risks related to
the publication of best practices established this activity. The
human (and organisational) resources. This will include assessment
Knowledge Management program will serve to strengthen futurIT
of the risks associated with these factors, and, by incorporating
professional foundations and its recognition in academic and business
the results of this research into a system. A reliable, automated
circles. This will contribute to the core aims of the project.
early detection and alerting solutions will be developed.
It would be our pleasure to discuss specific issues with you and
provide you more information about our work.
Veszprém, 30 September 2007
Prof. Dr. Ferenc Friedler
Tamás Kürti
Director
Manager
Pannonia Regional
futurIT Information Security
Knowledge Centre
Knowledge Centre
2
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:40
Page 6
mission
Mission statement
FuturIT Information Technology Security Research and Development
FuturIT will contribute to increasing innovation and R&D capacities
Centre (“futurIT”) will become a leading IT security research and
in the region, create a ready workforce for local knowledge-inten-
training centre in the Central Transdanubian Region, in Hungary
sive SMEs through vocational training, and create appropriate jobs
and in Central Europe, by providing cutting-edge training to leading
for qualified workers through the R&D activity of the spin-off
theoreticians and practical experts in the field and by utilising their
companies and consortium members.
expertise. The end-products of its developments will be IT security
processes, methodologies and tools of a world-class standard.
FuturIT’s education and training programme will allow students
of Pannon University’s Faculty of Information Technology to acquire
As futurIT, set up jointly by the Faculty of Information Technology
cutting-edge knowledge of lasting importance in the technical
(FIT) of Pannon University (UP), as well as KÜRT Co. (KÜRT) and
IT field, and will provide PhD students with appropriate research
ALBACOMP Co. (ALBACOMP), becomes a Regional Knowledge
topics. In addition to international academic publications and
Centre, it will provide advanced training acknowledged as unique
conferences, it will make use of the results of its basic and applied
in the central European region, and of a standard that
research projects through its products and through the provision
is at the cutting edge internationally, to Hungarian and foreign IT
of training to foreign students.
security experts, while at the same time conducting IT-security
research and development projects that closely track the latest
technological and societal changes.
FuturIT will maintain close contact with local businesses collaborating in its development projects or in the utilisation of its
futurIT
research findings, as well as with the educational institutions
„Information Security
Knowledge Centre”
involved as international partners in its research and advanced
training programme.
FuturIT’s activities will range from basic research to the sale
of products through spin-off companies. In addition to this, it will
function as an international knowledge base and conference
centre for matters related to IT security.
3
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:40
Page 7
organisational
Organisational structure
PANNON REGIONAL KNOWLEDGE CENTRE
MANAGEMENT COMMITTEE
futurIT
Operative Manager
Consortium
Coordinator
PROJECT COMMITTEE
University
of Pannonia
KÜRT Co.
Albacomp Co.
University
of Pannonia
KÜRT Co.
Albacomp Co.
RESEARCH WORKING COMMITTEE
Research
laboratories
Research topics - Lab n
Research topics - Lab 2
Research topics - Lab 1
Topic Managers
Staff member
Staff member
Staff member
Staff member
Student
Student
4
Annual Report 2007 futurIT
ÖKORET
Operative Manager
FuturIT_eng_ok.qxd
07/11/5
9:40
Page 8
management
Management structure
The futurIT research and devel-
development goals, debating work
opment centre operates as a
processes, approving research
partially autonomous, separate
results, facilitating compliance
budgetary unit of the Information
with scientific professional stan-
Technology
dards, and overseeing the deve-
Faculty
of
the
University of Pannonia.
lopment and running of training
programs held within the frame-
The supreme decision-making body of futurIT is the Project
work of the futurIT project.
Committee (PC), on which all the members participating in
the project are represented. The PC is responsible for ensuring
The Operative Head of futurIT is responsible for implementing
the operating conditions for the futurIT project, providing the
the strategic goals and R&D programs designated by the Project
necessary infrastructure and organisation in accordance with
Committee, using the available resources. The Operative Head
the schedule of project tasks. The PC oversees the fulfilment
bears ultimate responsibility for the day-to-day running of futurIT’s
of cost targets and deadlines, ensures that procurements are
operations and activities. He is also charged with ensuring that
made in compliance with the relevant statutory provisions, and
the results of R&D programs are put to practical use, and with
implements or approves any changes. The PC reports on a regular
building and monitoring partnerships for the utilisation and com-
basis to the directors of futurIT regarding the project’s internal
mercial exploitation of R&D results.
operation, compliance with internal regulations, and any revealed
operating or management problems. We place particular empha-
The directors of futurIT regularly meet - primarily in a consultative
sis on ensuring that the PC does not merely reveal deficiencies
capacity - with recognised leading information security experts
related to operation and management, but also formulates suitable
from Hungary and abroad, for the purpose of discussing strategi-
recommendations for eliminating such problems.
cally important decisions and professional strategic guidelines,
as well as with university educators and the representatives of
The operative management body of futurIT is the Research
enterprises engaged in similar fields, all of whom assist in the
Working Committee (RWC), which consists of the consortium
preparation and researching of decisions through the provision
members’ delegated representatives. The RWC is responsible for
of position statements, recommendations and analyses.
coordinating implementation of the professional tasks related
to the basic and applied research conducted in the futurIT
research laboratories, ensuring the achievement of research and
5
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 9
consortium
The consortium members
Faculty of Information Technology, University of Pannonia
erable acclaim as a leading information security specialist, with
The degree courses in Information Technology were originally
a comprehensive data protection and data security methodology and
launched in 1991 at the University of Veszprém’s Engineering Faculty.
team of auditors that comply with all the relevant international and
The Information Technology Faculty, in its current form, was estab-
Hungarian standards. As one of Europe’s leading data recovery
lished on 1 September 2003, and operates within the framework of
firms, KÜRT has achieved worldwide recognition with its ground-
a flexible “Department” system, with research carried out in scientific
breaking data recovery technology. The company’s preventive
workshops, independently of the individual departments, under the
information management system encompasses over 40 different
supervision of an internationally renowned teaching staff. These
products, each of which can also be used individually. KÜRT has
research laboratories, and the faculty’s staff of twelve DSc-level
operated profitably from the outset, and has initial capital of HUF 20
professors, have also enabled the faculty to establish two PhD schools.
million, and equity of HUF 800 million in addition to its initial capital.
The research laboratories at the IT Faculty include, for example,
At present, the company employs almost 100 people. In the second
the Bio-Nanosystems laboratory, the Network Optimisation laboratory,
half of the 1990s KÜRT began the research and development of its
the CNN Applications laboratory, the Nanosensors laboratory and the
ISyS(r) framework for information security technology, for which it
Telecommunications laboratory. The organisation of teaching work
received the Ministry of IT and Telecommunications’ Innovation Award
is the responsibility of the individual departments. The faculty offers IT
in 2002. KÜRT’s first foreign subsidiary, KUERT Datenrettung Deutsch-
engineering training at all levels of higher education. In the 2006/2007
land GmbH, commenced operations in the German market at the
academic year the student body numbered more than 2,000. The
beginning of 2003, and in 2004 KUERT Information Management
faculty has established a number of separate organisational units
GmbH opened for business in Austria. From 2007 KÜRT began to move
for the purposes of conducting R&D work on a professional basis. These
into the Middle-Eastern markets, opening a subsidiary in Dubai under
include the Information Security and the Medical IT Systems research
the name of KÜRT Information Security LLC. This was also the year in
and development centres. The faculty also maintains close relations
which KÜRT Security LLC was established in the United States of America.
with a great many industrial partners, and its researchers contribute
KÜRT’s operations have complied with the ISO 9002 standards
to the scientific work carried out by the working committees of the
since 1997, and with the ISO 9001-2000 standards since 2002.
Veszprém Regional Committee of the Hungarian Academy of Sciences.
The company is also an approved NATO supplier.
KÜRT Co.
Albacomp Co.
KÜRT was established in 1989. Since then it has since grown from
ALBACOMP Co. is one of the longest-established and most successful
a Hungarian-owned small business into an international corporate
companies in the Hungarian IT market, and therefore a leading industry
group. Owing to its wealth of accumulated experience, and its staff
player. Currently employing a total of 440 people, in 2006 this Szé-
of highly skilled and innovative experts, KÜRT has earned consid-
kesfehérvár-based enterprise achieved sales revenue of HUF 15.5
6
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 10
billion. During this period a total of 37,300 personal computers were
coordinated jointly by the faculty’s teaching staff and KÜRT’s team
manufactured in the company’s assembly facility, of which 4,000 were
of IT specialists. KÜRT’s participation in overseeing the research
for export. Besides assembling computers, the name of ALBACOMP is
work guarantees that the research topics are relevant to the
also synonymous with a number of major network and systems
industry today.
integration projects. The company is an active participant in several
•
KÜRT and the University of Pannonia have jointly participated in,
government-backed IT development programs, such as the Sulinet
and successfully completed, a National Research and Development
Expressz (School-Net Express) scheme jointly launched by the
Program project in the framework of the Széchenyi Economic
ministries of labour affairs, information technology and education.
Development Plan.
As a supplier of integrated IT solutions, ALBACOMP supports muni-
•
KÜRT’s senior employees, working together with the teaching staff
cipalities in their efforts to develop local e-government infrastructure.
of the University of Pannonia, have participated as joint topic
The prime objective of ALBACOMP Co., as one of Hungary’s IT knowl-
leaders in several PhD training courses, and have overseen the
edge centres, is to enable creativity to flourish, and provide talented
writing of numerous successful dissertations.
specialists with opportunities and professional support for the
•
In 2005, within the framework of the Ányos Jedlik program, KÜRT
development of new products. The ALBACOMP R&D Centre, estab-
and the IT Faculty of the University, in a consortium led by KÜRT,
lished in the early 1990s, is known for its many unique innovations.
received a three-year funding grant to assist in the development
These include, for example, the e-Infopont touch-screen terminal, or the
of hybrid information security solutions that integrate human,
Personal Monitor. In addition to the above, the Albacomp R&D team
logical and physical security solutions, as well as the related
has developed numerous software applications and other bespoke IT
software and sensors.
solutions. Following a quality assurance and environmental manage-
•
Previous collaborations between KÜRT and ALBACOMP have
ment audit performed at the company, ALBACOMP has been granted
primarily been aimed at the joint implementation of IT, systems
ISO 14001:2004 environmental certification with respect to all its
and network building projects. The two companies have worked
operations, and had its ISO 9001:2000 accreditation renewed.
together to perform IT risk assessments, as well to develop and
Based on this the company has also successfully applied for
install a variety of information security systems, at several major
“NATO-approved supplier” status.
corporations and state institutions in Hungary.
•
From the 2000/2001 academic year, accredited higher-education
Past cooperation among the members of the consortium
courses for the training of IT Engineering Assistants were launched
•
KÜRT’s management and specialists have participated in the
off-campus, in Székesfehérvár. The teaching venue for these
educational work of the IT Faculty, through the holding of lectures,
courses is the regional headquarters of SZÜV Co., where, in the
since the year 2000. By giving these presentations the represen-
2002/2003 academic year, additional state-accredited degree
tatives of KÜRT impart, to the students, a unique set of practical
courses were launched for the training of Accounting Adminis-
IT skills that tie in closely with the theoretical content of the courses.
trators, Financial Administrators, Logistical Technology Mana-
The PhD research programs implemented at the IT Faculty - and
gement Assistants, Machine Industry Engineering Assistants and
those to be run within the framework of the futurIT project - are
Tourism Managers. SZÜV is a solely-owned subsidiary of ALBACOMP.
•
7
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 11
activities
Our activities
The past few decades, and in particular the last few years, have
and business organisations, and at the same time represents
seen a sea-change in attitudes towards security. Today, it is
a growing source of value. Information is an asset, and, like other
perfectly natural for the issue of risk-based information security
assets, it represents value - often irreplaceable or inestimable
to be approached as a matter of key concern in a wide range of
value - to its owners or users.
sectors and situations - from public transport, to the protection
of personal data, to the management of bank data. Organisations
The value of the information stored and managed in IT systems
these days no longer require products, but the continuous mainte-
is growing exponentially with each passing year. All forms of infor-
nance of the security level they need; it is not security devices they
mation may carry value - and this value must be protected, by pre-
want, but a secure operation, not alarms, but burglar-proof infra-
venting the information from falling into the hands of unauthorised
structure, not virus killers, but a virus-free operation. This state
persons, or from being lost or perhaps rendered unusable,
can only be achieved and maintained through the application
whether due to deliberate action or by accident. (It’s enough just
of appropriate security solutions that are comprehensive and at
to think of a database that contains medical dosages prescribed
the same time compatible with the organisation’s systems.
for patients at a hospital, or a disk containing an accountancy
firm’s client data, or a military commander’s notebook containing
confidential information.)
The confidentiality, integrity and availability of the information
stored in or accessible through systems is of critical importance in
maintaining competitiveness, profitability and growth. With the
proliferation of computers, enormous changes have taken place
not just in terms of the protection of information, but also in terms
of the information that needs to be protected. The emergence and
development of computer network systems has radically changed
the collection, processing, management and storage of information.
Information has become one of the key sources of innovation, and
As technology develops, so information - whether in the form of stored
as such, its value has grown considerably. The information
data and documents, or perhaps uttered in the course of meetings
systems and networks of organisations are increasingly facing
or telephone calls, or embodied in specific products or prototypes
a wide range of threats to their security, including computer fraud,
- is playing an increasingly important role in the life of institutions
spying, sabotage or deliberate abuse, as well as various environ-
8
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 12
mental threats. Incidents of damage (whether caused by computer
risks involved.
viruses, hacking or unintentional breakdown) have become more
FuturIT’s aim is to become a leading IT security research and
frequent and more serious in nature. About 80% of the security
training centre in the Central Transdanubian Region, in Hungary
incidents that affect operations are of an information technology
and in Central Europe, by providing cutting-edge training to leading
nature, and of these, more than 70% can be attributed to human
theoreticians and practical experts in the field and by utilising their
error or negligence.
expertise, as well as by developing IT security processes, methodologies and tools of a world-class standard, while closely moni-
As regards the state of IT security today, institutions, businesses
toring the latest technological and societal changes.
and individuals now generally possess data and databases of often
inestimable value, and many of them already use various tools and
The most effective means of reducing losses is to provide training
solutions designed to protect data and to prevent damage to it, but
and education, and to develop and ensure the uptake of suitable
very few are applying these in a rational, integrated system and
regulations, IT security methodologies and tools. The research and
using them to regulate their operations accordingly.
development activities and the training programmes of the
Regional Information Technology Security Knowledge Centre focus
The range of tools that can be used as building blocks for
on IT security, and it has been a basic criterion in designing the
constructing systems for attaining an optimum level of IT security
programmes that the R&D and the training projects should be
is wide and constantly expanding. There are also a growing number
closely related to IT security and information protection as well as
of standards and procedures with which these systems can be
to the latest international trends in the field, both in academe and
rated and certified. However, there are no systematic planning
in the market. The information security knowledge attainable
methodologies out there that could be used to achieve IT security
through the training programmes represents up-to-date, recog-
of a guaranteed quality using the tools available. There is an
nised and marketable expertise, and therefore the know-how
essential need in the field for such methodologies to be developed.
concentrated and generated here will also benefit the region’s
The growing plethora of IT systems and tools available in Hungary
economy as a whole.
as elsewhere, and the increasing mass and concentration of the
information being generated, represents new security challenges.
The very purpose of security systems dictates that they should be
Therefore, futurIT regards its most important tasks as being to
continuously upgraded in order to counter the constant advances
render the management of information secure and thus to develop
that are being made in the methods of attack, and to meet newer
methods and tools for protecting information, as well as to deter-
and ever-greater challenges. The security of a system is essentially
mine the extent of the potential benefits relative to the security
determined by how fast it can respond to new threats. It is for this
9
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 13
reason that futurIT has set, as the ultimate aim of its research, the
solutions to be developed as well as the methods and tools to
design and provision of IT security-development solutions that are
support the developments should be the usefulness of the function
capable of effectively maintaining risk-based security for the long term.
relative to the risk factors involved.
FuturIT’s R&D programmes focus on three essential IT security tasks:
With the spiral-model approach, the initial task is to determine
the requirements and to specify the risks involved. This is followed
•
Preventing the loss (or destruction) of information
by drawing up the plans for the developments, estimating the
•
Preventing information from falling into unauthorised hands
costs and preparing feasibility alternatives. The plans drawn
•
Ensuring business continuity.
up initially will serve as the basis for the developments of prototypes that can be certified on the part of users as well, and then
FuturIT supports the attainment and maintenance of IT security by:
for the implementation and testing work. Applying the principle
of preparing prototypes greatly reduces the uncertainty of R&D
•
developing IT security standards and methodologies
activities, since it allows us to develop the desired models on the
•
creating an IT security knowledge base
basis of the users’ broadly outlined ideas and of the information
•
providing education and training in the use of IT security
that has been obtained regarding the system.
standards, methodologies and tools
•
developing IT security tools
FuturIT maintains close contact with local businesses collaborating
•
designing, operating and certifying IT systems.
in its development projects or in the utilisation of its research
findings, as well as with the educational institutions involved as
FuturIT’s R&D activities are implemented through a risk-focused
international partners in its research and advanced training
spiral lifecycle model. Applying the model ensures a clear structure
programme. FuturIT’s establishment has created an opportunity
and straightforward means of implementing the various activities,
to create a concentrated repository of information technology and
as well as a solid basis for carrying out planning-phase tasks
information security expertise - expertise that is unparalleled not
through a uniform approach. When drawing up the concepts for
only in the region and in Hungary, but in the neighbouring countries
research projects, the aim is always to base the development work
as well. Thus, it should greatly increase the attraction of the
on our own ideas, and in the planning phase, our aim is to ensure
technical training offered here, and, due to the unique findings of its
that the system based on our ideas will be feasible, and that the
research and development, it should, through the activities of local
solutions will fully meet the needs of the end-users. It is an important
businesses, boost the region’s positive impact on the economy
characteristic of the spiral model that the criterion for selecting the
by increasing the value of the know-how of these companies.
10
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 14
RESEARCH PROGRAMMES
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 15
information security
National and industry-specific
information security systems
Information and the procedures
This specialist field, and the research and development tasks that
for obtaining, storing and mana-
it entails, require special expertise. No other research programs
ging it, as well as the related
of this nature, aiming to formulate industry-specific information
IT systems and networks, are
security solutions in partnership with universities and industry
all important business assets.
operators, are under way in Hungary at this time. A study of the
The rapid advancements being
current trends both in Hungary and abroad reveals that, while
made in IT in Hungary as well
similar concepts do exist with regard to specific areas of regulation,
as elsewhere, the growing mass of information generated and its
no comprehensive, IT-related methodologies such as those targeted
increasingly concentrated nature, are giving rise to a new set
by the futurIT research program are yet available.
of security challenges. For this reason, the objective of our
research and development program is to use the latest theoretical
Our research program also has the objective of consolidating
and practical results of scientific and industry research to develop
Hungary’s existing, heterogeneous information security regula-
IT procedures, methodologies and tools specifically to suit the
tions, and providing legislators with a set of recommendations that
requirements of the various specialist fields and sectors of industry,
take into consideration the latest advances in information technology,
and to provide support for their practical implementation.
and which also make it possible to take an integrated, holistic
approach to the management of information security.
As a result of the program, a range of security protocols, methodologies, tools and regulations with genuine practical value will be
created for the mapping, assessment and management of threats
and risks related to the use of IT resources, initially in those areas
of the economy where they are most urgently needed owing to
the scale of potential losses or high levels of vulnerability (e.g. the
health sector, civil administration, critical infrastructure, internal
security, national security, defence). Some of the research projects
focus on the prevention of losses resulting from flawed or erroneous information management and information security, while
others aim to minimise and manage any losses that do occur.
12
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 16
human security
Organisational and human security research
Our research project into organi-
procedures into business and operating process, and incorporate
sational and human resources
them into an all-encompassing security system. Our research and
security starts out from the
development in this area makes it possible to achieve the integrated
premise that although general
management and prevention of the security weakness inherent in
research into operational risks
organisational processes, and of the cognitive, causative and
does place emphasis on organi-
behavioural factors underlying human risks, as well as the imple-
sational and human risks, and
mentation of automatic security alerts with respect to threats
their implications with respect to business processes and potential
of this nature.
damage; it is incapable of providing satisfactory methodological
Our team of researchers, headed by Professor László Mérô, are
proposals for the system-level management of these risks. Our
working to ensure the predictability of human threats through
market research carried out in this field also provides evidence
a comprehensive analysis of communication processes, as well as
that, in today’s fiercely competitive environment, human resources
quantifying the potential damages resulting from a failure to
have taken on a special importance, which is accompanied by
eliminate human security risks. The research topics addressed
a corresponding increase in the significance of the risks arising
within the framework of the program are intended to assist in
from this source. The purpose of our research and development
identifying the security risks of organisational processes, and
project, launched jointly with human resources auditing specialist
assessing the human security implications of risk-courting and
ANIMA Polygraph Psychological Consulting Ltd, is to develop
risk-avoiding behaviour, as well as detecting instances of misleading
a methodology for analysing the risks related to human (and
communication and manipulative behaviour, and formulating
organisational) resources and assessing the role that these factors
methodologies for intervening in such cases.
play in company processes, and, through the systemisation of this
information, to develop reliable, automated systems for forecasting
and detecting human risks.
The existing human security solutions are not system-based;
indeed, they are often highly subjective in their nature, attempting
to assess levels of human security risk without first performing
a comprehensive analysis of the related processes. In Hungary,
futurIT was the first to initiate the analysis of human security risks
based on an objective methodology, to integrate these analytic
13
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 17
data recovery
Data recovery and data storage research
Data storage is undergoing a re-
features that would make it possible to carry out complex data
volution. Conventional magnetic
recovery assignments.
•
media are beginning to reach
“Storage” theory - This research explores the complex struc-
their technological limits, with
tures, risks and methodologies of data storage; how to
a variety of tricks being used to
structure a storage unit in order to facilitate easy data recovery,
further stretch these boundaries,
and how to restore the structure of a corrupted data storage unit.
•
while the use of flash-based
Solutions for the decrypting of Flash media. The data storage
devices is on the rise.
structure of flash devices is not standardised, with manufac-
However, it now appears unlikely that even flash will be the data
turers using a different solution for virtually every type of
storage technology of the future. One thing is certain: mankind
device. It is often impossible to determine the structure of
wants to store a growing mass of data, and some of this will
a faulty device simply by examining it, which means that
always be lost. There will always be data to recover.
another device of the type has to be decrypted, to ascertain
In the course of its data recovery operations KÜRT deals with storage
the storage structure. This is a highly complicated and labour-
devices and technologies that are constantly changing and evolving,
intensive mathematical and technological task. The aim of the
and so the company has to continuously develop new techniques
research is to automate this work, and provide software or
in order to achieve the required standards. However, despite these
other support for it.
•
efforts there are aspects of the existing technologies that even
Restoration of the internal structure of JPG files - The boom in
KÜRT is unable or reluctant to deal with, owing to a lack of time or
digital photographic technology means that the problem of
the requisite skills. Students participating in the Data Recovery
repairing corrupted jpeg files, and developing algorithms for
and Storage laboratory first received theoretical training in KÜRT’s
this purpose, is encountered on a daily basis. Owing to the
Data Recovery Know How(tm), to familiarise them with KÜRT’s
high compression rates used, this represents a difficult ma-
current technological capabilities and main development areas.
thematical and logical challenge, even if only a few bytes
Then we involved them in specific research tasks.
of data have been corrupted.
Research areas
•
The logical structure of the latest NSS file system used by
Novell Netware, and methods for its recovery. Software-based
partial data recovery solutions are available in the market, but
they do not even come close to offering the broad range of
14
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 18
knowledge
management
Knowledge
management
programme
communication with clients, academic partners and visitors.
The Knowledge Management
programme supports the technical
2. Organisational development, including the creation of the orga-
activities conducted in the frame-
nisational units that will perform the various activities, after
work of the futurIT programme.
the infrastructure has been set up.
Its main objectives and the key
3. Establishing day-to-day operative processes that will enable the
functions it plays are as follows:
research teams and other internal and external experts to
connect with elements of the organisation’s knowledge base
•
and technical infrastructure.
Sharing the information and expertise gathered in the course
of the individual research programmes between the various
Currently, we are working on setting up the server infrastructure;
research projects
the server processes have been launched, and we are uploading
Central assessment and storage of the results generated by
the technical materials into the system as they are being prepared.
the individual research programmes
Key areas of the futurIT Knowledge Management programme
Finding the human resources required for the research
The Knowledge Management programme runs in parallel with
programmes and ensuring their availability
futurIT’s other activities, summarising and publishing the profes-
Seeing to the professional development of the researchers
sional findings of the various research programmes carried out as
and experts involved in the programme and providing career
a part of the overall project. The key areas that it will concern itself
counselling for them
with are as follows:
Communicating the findings of the research work to the academic
•
futurIT website
community and to the business sector as effectively as possible
•
security forum
Maintaining contact with other research centres and trade
•
journal, thematic and periodical publications
organisations
•
scientific articles
The Knowledge Management programme will strengthen futurIT’s
•
professional and educational articles
professional foundations and recognition in academic circles and
•
studies and analyses
the business sector alike, thereby contributing to the achievement
•
conference lectures
of the project’s key goals.
•
critical reviews for competitions and tenders
•
materials for competitions and tenders
Sub-tasks
•
membership in organisations
1. Creating the infrastructure that makes up the physical environment
•
futurIT talent management programme (in co-ordination with
•
•
•
•
•
necessary for operation, securing a presence on the internet,
University of Pannonia’s FIT talent nurturing programme)
15
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 19
futurIT
„Information Security
Knowledge Centre”
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 20
RESULTS
Task
II. Development of a standard
methodology for information
security solutions
18
Annual Report 2007 futurIT
Subtask 3:
Raising the standards and awareness
of information security in Hungary,
communication
Organisation, management and implementation
of vocational education, adult trainig programs
and social events
Launch, management and promotion
of scientific journal with review content
(1 year)
Adult training and vocational
further training materials
Publication of first issue of the
professional journal on the
futurIT portal, in PDF format
Documentation of conferences
Organisation and management of domestic and
international information security conferences
Documentation of the Student’s
Partnership Program
Up-to-date futurIT website,
description of the portal’s service
Formulation of the MSc training system,
compilation of syllabus, preparation of teaching
materials, launch of information security MSc
training, final examinations, dissertation
Subtask 2:
Launch of information security training
within the framework of engineering
MSc degree courses
Methodology for planning
secure IT systems
Documented risk analysis
methodologies and
threat maps
Comprehensive system of
information security protocols
Documented planning
and rating methodology
Product
UP FIT
UP FIT
KÜRT
-
-
UP FIT
-
UP FIT
-
UP FIT
-
-
-
KÜRT
KÜRT
KÜRT
KÜRT
KÜRT
-
KÜRT
KÜRT
KÜRT
Responsible
15. OCT.
15. OCT.
5. NOV.
5. NOV.
15. OCT.
15. OCT.
15. OCT.
15. OCT.
15. OCT.
15. OCT.
15. OCT.
15. OCT.
Deadline
Results (research papers/ procured equiment)
Setting up, continuous updating and
development of an information security
internet portal (3 years)
Compilation of information security
systems development
methodology
Drawing up of an information security
threats map
Compilation of IT and information
security protocols (by industry,
resource, threat)
Subtask 2:
Development of information
security tools
Subtask 3:
Assessment, analysis and
management of IT
threats and risks
Establishment and continuous updating
of a national-level information
security knowledge base
Subtask 2:
Formulation of a national information
security regulation system
Formulation of risk analysis methodology
and specialist-area risk
management methodologies
Formulation of information security
rating procedures
Professional content
Subtask 1:
Development of IT solutions security
planning and rating methodology
Subtask
Task
RET - stage 1 report materials
9:41
III. Information security
rating system and
tools development
07/11/5
IV. Development of an information
security training system
FuturIT_eng_ok.qxd
Page 21
Accounting period
accounting
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 22
results achieved
Results achieved in the last reporting period
As a Regional Knowledge Centre, futurIT, brings together the
The futurIT research, development and training programs concen-
expertise, research, education and development capacities of its
trate on three main aspects of information security:
partners, while also consolidating its network of international
relationships and base of practical experience, within the frame-
•
Preventing the loss (destruction) of information
work of close scientific, professional and business cooperation.
•
Preventing information from falling into the hands of unautho-
The results achieved in the first working stage of the project have
rised parties
contributed to boosting innovation and R&D capacities in the field
•
Ensuring business continuity
of information security. Meanwhile, through the organisation of
training programs, the project is generating a pool of qualified
The results of the project work will be used partly to devise means
labour for knowledge-intensive small and medium-sized enterprises,
of prevention, and partly - following the occurrence of a security
while spin-off companies and consortium members, through their
event - to develop ways of minimising the resulting damage.
own R&D activities, are creating new jobs for the graduating
Accordingly, futurIT supports information security, defined as the
specialists. As a result of the Centre’s basic and applied research,
achievement and continuous maintenance of a given state of oper-
businesses operating in the region are gaining access to marketable
ation, through implementation of the following tasks:
products and services, and new jobs are being created.
The results of the project are announced to the international
•
Creation of an information security knowledge base
community through specialist publications and at conferences.
•
Formulation of information security standards and methodologies
Through these - with the participation of renowned educational
•
Development of information security tools
institutions, as well as international industry organisations, specialist
•
Design, operation and certification of IT systems
authorities and enterprises - a global network of relationships is
•
Education, and promoting the use of information security
standards, methodologies, and information security tools
being formed, which will help to further improve the professional
•
standards, recognition and accessibility of the futurIT project, broaden
Raising the professional standards of information security in
the scope of research and development work, and generate new
Hungary, communicating and promoting a general awareness
opportunities for the practical application of research results, at
of such standards
a regional and even international level.
19
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 23
preparation
I. Project preparation
20
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 24
infrastructure
1. Supporting infrastructure
Launching
of
the
planned
conditions, futurIT will renovate the university premises that have
R&D activities of the Regional
been placed at its disposal using its own funds, and will create
Information Technology Security
the technological conditions and infrastructure required. Selection
Knowledge Centre assumes the
of the contractors and the implementation of the work will take
existence of a range of tools and
place in the context of a public tendering procedure.
resources that were not previously available to the consortium
members. Therefore, the initial setting up of the requisite infrastructure offers an opportunity to create a solid basis - one that
will constitute the foundations for the successful implementation
of later phases of the project.
The investment plans are essentially based on the infrastructuredevelopment tracks set by the R&D project entitled “Development
of a methodology for integrating logical, physical and human security
technologies through the application of tools based on intelligent
agents”, launched in 2005 as a part of the Ányos Jedlik programme.
Our aim is to create a working research environment of an international standard, acknowledged and respected in academic as
well as professional circles. Therefore, the premises in which the
centre is housed are currently being developed accordingly,
including the upgrading and expansion of the range of furnishings
and equipment.
No new property has been purchased for futurIT; the premises
were made available by Pannon University, in a central, muchfrequented location at the university campus (Building “I”). Due to
the technical condition of the premises and to the shortcomings of
the current equipment, in order to provide appropriate working
21
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 25
resources
2. Procurement of the resources
necessary for R&D
The aim of the project is to set
up research facilities that conform
to the exacting standards of the
international scientific community,
in which all the computer equipment and other resources necessary for performing the research
and development and creating a safe environment, as well as for
analysing the developed IT and information security solutions, are
available. Accordingly, modernisation of the Centre’s premises,
and expansion and upgrading of the equipment and resources
at its disposal, is currently in progress.
The procurement of new equipment has also commenced, within
the framework of a public procurement tender.
In the first stage, this equipment is comprised of the following:
•
PC-type computers (workstations and data recovery machines)
•
File servers
•
Network printing devices
•
Devices necessary for developing a computer network
•
Physical security devices (entry system, motion sensors, video
surveillance equipment)
•
Software (in the first phase, primarily software supporting
the working group’s activities, and training)
•
Office and training software packages
•
Risk analysis support software
22
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 26
organisation
3. Organisational structure
The targets of futurIT’s research and development organisation are
research into their given field. The heads of the laboratories are
determined partly by the objectives of futurIT’s long-term strategy,
recognised experts in their academic field, and usually oversee
and partly by the expectations arising from the special characteristics
research teams of 4-10 specialists - researchers and PhD
of the individual research programs, and the specific tasks necessary
students - per laboratory, and are allocated clearly defined objectives
for their implementation. The research and development work is
and resources for the achievement of the tasks set forth in the
organised along the lines of the departmental system that has been
individual subprograms.
successfully applied at the University of Pannonia’s IT Faculty for
many years. Specialists from the various fields, and the participants
It is also possible for two or more research laboratories to cooperate
in specific research subprograms, carry out their work grouped
in the implementation of a given program, or individual projects
into “research laboratories”. Each of the research laboratories
within it. Or, if necessary, a single laboratory can participate in
focuses on a clearly-defined field of research or set of scientific
several R&D projects simultaneously, and the same applies to the
questions. The laboratories carry out both basic and applied
participating researchers and PhD students.
financial system
4. Financial management system
The system for regulating the financial operations of futurIT (planning,
evaluating the success of research and development programs;
accounting, controlling) builds on the currently effective Financial
and a system of individual performance appraisal, for assessing
Management Regulations of the University of Pannonia, since
the achievements of individuals participating in the work of futurIT.
futurIT functions as a partially autonomous separate budgetary
This financial management system makes it possible to measure
unit of the university.
the achievement of set strategic, operational and management
The monitoring, controlling and evaluation of futurIT’s financial
targets within a consolidated controlling framework. An additional
performance is performed using a three-level Balanced Score Card
benefit of the system is the ability to judge, based on the indicator
system of interrelated indicators: strategic-level performance
values at any given time, whether and to what extent it is necessary
ratios for the comprehensive measurement of performance in terms
to make changes to the entire project, the individual programs
of the achievement of long-term goals; project-level indicators for
or procedures related to their operative management.
23
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 27
it security
II. Creating an uniform methodology
background for IT security solutions
24
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 28
planning
1. A planning and rating
methodology for IT solutions
Systems and software develop-
At present, security solutions are typically regarded as a cost
ment is a key issue in Hungary
factor, although recent research suggests that money spent on
today, owing to the pivotal role
security is an investment.
that IT plays in the economy and
government administration. The
The gradual emergence of security-aware development and ope-
development and maintenance of
rating methods, and their increasingly widespread use, is leading
competitive systems and a soft-
to a shift in focus towards proactive (as distinct from reactive)
ware development industry is indispensable for enabling
methods of protection. Several methodologies already exist for
Hungarian enterprises to participate in the global economy.
ensuring that sufficient attention is paid to the management of
security problems that arise in the course of designing computer
The management of security problems can no longer be regarded
equipment, applications and systems. These are expected become
as simply an IT-related question. Today, the use of IT resources is
widely available in the market by 2010, which means that the
integral to administrative processes, which means that besides
timing of our efforts to develop resources of this type could not
protecting the technologies themselves, it is also imperative to
be better.
protect the information management processes that they support.
Over the coming 5-10 years, the software development methodologies, architectural solutions and operating practices that
enable IT devices and systems to be used more securely will be
introduced, and their use will become more widespread. In terms
of increasing the general level of security, the appearance of
methodologies that enable more secure software development will
have an especially pronounced impact.
The majority of security problems can be traced back to software
development flaws. Currently, no comprehensive set of methodologies and resources is available for the development of secure
software at anything like the speeds demanded by the market.
It is important to recognise that just because a software applica-
25
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 29
tion has adequate functionality, it is not necessarily secure.
Although quality software development does help to eliminate
security problems, the production of secure software entails
additional cost. There is a need for strict controls on the project
and support environments; the managers with responsibility for
user systems must take responsibility for the security of the project and its support environment. They will have to ensure that
all proposed changes to the system are investigated to establish
how they will affect the security of the system or its operating
environment. It is also necessary to formulate an effective set
of development regulations.
Since the security of IT equipment and systems is largely dependent
on the skills and knowledge of their operators and users, we also
need to list, among the prerequisites for secure operation, the raising
of users’ and operators’ awareness of security issues. Ensuring
the security-awareness of users and operators is primarily
a question of training.
In the course of the project we have studied the most important
systems development methodologies and software solutions in
use, which could serve as a basis for security awareness development. The systems development methodology used in the project
combines the most important elements, performance indicators
and documents of the various systems-development methodologies analysed (SSADM, RUP, MSF, SPICE, CMMI - Safety
Extension), and integrates them to form a target-oriented solution.
26
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 30
regulatory system
2. A national information
security regulatory system
The emergence of computers
with a set of recommendations that take into consideration the
has not only led to an increased
latest advances in information technology, providing them with
demand for information security,
a set of guidelines for the comprehensive regulation of infor-
but the nature of the informa-
mation security.
tion to be protected has also
undergone a series of profound
The purpose of developing a national information security
changes. The development and
regulation system is to formulate a comprehensive and consistent
evolution of networked computer systems has fundamentally
measurement, analysis, regulation, testing, rating and certification
transformed the ways that information is gathered, processed
methodology, which can serve as a basis for making the operation
and stored. Various organisations find themselves faced with the
of IT and information systems more secure, reliable, transparent,
problem that their stored information is vulnerable to threats
straightforward and efficient.
such as data theft, computer fraud and espionage, as well as fire,
flood and other environmental hazards.
In future, the completed regulatory system could function as
a set of guidelines for the complex management of information
The complex and diverse nature of security threats makes it
security at organisational level. These could be used to implement
necessary to simultaneously employ numerous protective mecha-
a set of Hungarian regulations for ensuring information security,
nisms, which, at the same time, need to be interoperable and
based on consistent principles and in compliance with international
seamlessly integrated with each other in order to ensure effective
standards and recommendations.
protection. However, there is a limit to the level of security that
can be achieved exclusively through technical means, which is
The consolidated regulatory system will also provide the manage-
why support must be provided in the form of effective regulatory
ment and specialists of organisations with a comprehensive
and controlling methods.
overview of information security-related expectations and
requirements, as well as offering guidance, in all stages of
Through the development work to be performed at futurIT, in
IT developments, for the planning, implementation, assessment
the interests of consolidating Hungary’s existing, heterogeneous
and maintenance of information security.
information security regulations, we aim to provide legislators
27
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 31
risks
3. Assessment, analysis
and management of IT threats and risks
The likelihood of risk factors
Our research shows that threats to the security of IT systems have
impacting the operating processes
now become so complex that the general application of formal risk
of companies and organisations,
analysis methods to analyse IT risks gives rise to a number of
and the potential resulting dam-
serious problems. Such techniques are unsuitable for resolving
ages, are varied. Organisations
the problems related to raising security levels, especially with
in Hungary and the central-eastern
regard to protecting against new threats. However, IT risk analysis
European region are increasingly
can also be performed using methods that focus directly on IT
dependent on information technology, which raises the question
security measures, making it possible to achieve more easily
of how to develop secure IT systems. One of the most important
interpretable results at a much lower cost.
aspects of this is the assessment, analysis and management of
IT threats and risks. To ensure their own security, organisations
Our research shows that, to ensure successful implementation,
must be aware of the weak points and risks inherent in their
risk analysis processes need to focus - even in the short term - on
own IT systems, as well as the security measures that they can
ensuring that available resources are always channelled to where
implement in order to minimise such risks.
they are most effectively capable of reducing security risks.
Accordingly, within the framework of the futurIT project, we aim
Our analyses reveal that locally available resources and security
to develop comprehensive, consistent methodologies for the
measures are usually insufficient to deal with the new types of
efficient and effective assessment, analysis and management
challenges and threats that have to be surmounted in order to
of IT threats.
strengthen and develop security at a given organisation. A common
problem is that certain factors which are critical at local level,
say, for a given organisational unit or specialist department, may
not be regarded as important by the rest of the organisation.
To compound the problem, the organisation often does not possess
accurate information in this regard, since professionally prepared,
scientifically grounded and comprehensive threat assessments
and risk analyses are few and far between.
28
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 32
it security
III. IT security qualification
and development of devices
29
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 33
certification
1. Security certification of IT solutaions
International industry associations
information security differs, as do the procedures for IT operation,
and standards organisations, as
the regulation of matters related to information security technologies,
well as their counterparts at the
and the management and controlling of information security systems.
appropriate national and local
levels, are constantly developing
To ease the interpretation and management of the various guide-
and expanding the standards and
lines, we have begun analysing the key elements and conclusions
guiding principles related to infor-
of the following key standards and recommendations:
mation, its management, information security, and the related
•
ITIL (IT Infrastructure Library)
procedures and devices.
•
COBIT (Control Objectives for Information and Related Technology)
In this regard, it is essential for us to be able to negotiate the tangled
•
ISO/IEC 15408 (CC-Common Criteria)
web of standards, standardised procedures, guiding principles,
•
BS7799 - ISO/IEC 17799:2005
and measurement and auditing procedures. Professionals working
•
ISO/IEC TR 13335
in this field are expected, as a basic requirement, to be capable of
•
ISO/IEC 27001:2005
using the most appropriate procedures in every area and for every
•
NIST SP 800 (National Institute of Standards and Technology,
task. The applicability of standards pertaining to IT, security and
Computer Security Resource Center)
•
MEH ITB recommendations 8 and 12
•
MIBÉTS guidelines
•
MIBIK guidelines
30
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 34
development
2. Development of information security tools
In light of the methodological
does help to eliminate security problems, the production of
principles applied in the project,
secure software always entails additional cost. There is
over the coming 5-10 years it is
a need for strict controls on the project and support environments.
likely that the software develop-
Under the standards analysed in the course of our research
ment methodologies, architec-
(especially the CMMI - Safety Extension), the responsible
tural solutions and operating
managers must ensure that all proposed changes to the system
practices that enable IT devices
are investigated to establish how they will affect the security of
and systems to be used more securely will be introduced, and that
the system or its operating environment. It is also necessary to
their use will become more widespread.
formulate an effective set of development regulations.
Our research has shown that the majority of security problems
Since the security of IT equipment and systems is largely
can be traced back to software development flaws. Currently,
dependent on the skills and knowledge of their operators
no comprehensive set of methodologies and tools is available for
and users, we also need to list, among the prerequisites for
the development of secure software at anything like the speeds
secure operation, the raising of users’ and operators’ awareness
that the market requires. It is important to note that just because
of security issues. Ensuring the security-awareness of users
a software application is adequate in terms of functionality, it is
and operators is primarily a question of training.
not necessarily secure. Although quality software development
31
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 35
training
IV. Implementing information
security training system
32
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 36
PhD education
1. PhD education and research
in information security
FuturIT actively involves students
Among the research topics related to the knowledge centre,
at the Information Technology
students displaying exceptional talent and academic ability are
PhD School of the University of
currently invited to apply to conduct research into the
Pannonia in its research and
“Synthesising of integrated security systems”.
development work.
During the recent period, three PhD students defended their
The purpose of the training is
dissertations on subjects related to information security. (The relevant
to provide exceptionally talented
data is included in the indicator spreadsheet.) At present a total
students with the opportunity to gain practical experience, through
of four students are engaged in studies based on an individual
participation in cutting-edge research into information security,
syllabus, but one that is closely tied in with futurIT’s research and
and to receive comprehensive specialist training that will enable
development activities and objectives.
them to eventually become leading experts in the fields of
In the long term we plan to extend the PhD training abroad,
information security and data protection, with an outstandingly
through cooperative partnerships with other universities engaged
high theoretical understanding of these subjects.
in similar activities elsewhere in the European Union.
33
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:41
Page 37
MSc education
2. MSc education in information security
The training and education courses
program are making excellent progress, and during the current
launched by futurIT are closely tied
period three dissertations have been defended.
in with the Knowledge Centre’s
research and development pro-
Accredited Bachelors (BSc) and Masters (MSc) courses in infor-
grams. The results of research
mation security
and development work are incorporated into the training materials,
The need to raise the profile of information security, as well as the
thereby ensuring that the skills imparted are as up-to-date as possible.
growing demand for appropriately qualified IS professionals, has led
The involvement of PhD students in the research and development
us to launch programs of accredited higher-education training,
projects ensures that, besides acquiring theoretical knowledge,
provided at two levels within the national education system. The
they also gain the necessary academic and practical experience.
scientific work carried out at the Centre, and the use of its results,
The training programs also draw on the “know-how” knowledge
ensure that the study programs will produce highly skilled profes-
base related to the project’s research and development programs.
sionals. The BSc course in information security has already been
The Centre’s education and training program is comprised of the
launched, while the syllabus and lectures for the MSc course have
following types of courses:
been prepared, and are awaiting approval by the Hungarian
Accreditation Committee. The study programs impart the very latest
PhD (post-graduate education in Hungary and abroad)
skills in this field, with special regard to information and areas of
theoretical and practical research that are highly relevant even
internationally.
The purpose of the training is to provide exceptionally talented
students with the opportunity to gain practical experience, through
participation in cutting-edge research into information security,
and to receive comprehensive specialist training that will enable
them to eventually become leading experts in the fields of information security and data protection, with an outstandingly high
theoretical understanding of these subjects. In the long term we
plan to extend the PhD training abroad, through cooperative partnerships with other universities engaged in similar activities elsewhere in the European Union. The first participants in the PhD
34
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 38
Vocational training, adult education
For organisations, besides being able to draw on the specialist
FuturIT communicates knowledge, protective techniques and
expertise of information security professionals, the general promotion
guidelines related to information security risks, risks that
of information security awareness is also a priority. In response to
are growing in parallel with technological development,
this need, we develop a variety of vocational and adult training
through the publication of scientific results and the holding of
courses, either on a regular or one-off basis. The training materials
lectures and seminars, in order to draw society’s attention to
are largely built upon the results of the Centre’s research and
the potential dangers.
development work, as well as the training experience accumulated
•
by the participating consortium members, and our university and
Organisation of conferences
For the purpose of ensuring that the results of scientific
industrial partners.
research can be more effectively utilised and marketed, and to
The Centre also performs the following activities, which are tied in
promote information security awareness, the Centre regularly
closely with its education and training program:
organises conferences with the participation of leading
Hungarian and visiting foreign specialists in both theoretical
•
Promotion of information security awareness, communication
and practical fields of information security.
35
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 39
awareness
3. Raising awareness and professional standards
of information security in Hungary
The objective of the futurIT project is to lead the way in information
conferences on a regular basis, the Centre holds workshops both
security research, development and education in the central Trans-
at home and abroad, and publishes specialist journals to present
danubian region, in Hungary and central Europe as a whole, through
the latest results of specific research areas.
the high-level theoretical and practical training of senior industry
The futurIT research, development and training programs concentrate
professionals, the development of world-class information security
on three main aspects of information security: preventing the loss
procedures, methodologies and tools, and the provision of support
(destruction) of information, preventing information from falling
for their practical implementation. The scope of activities extends
into the hands of unauthorised parties, ensuring business continuity
from the conducting of basic research to the sale of fully developed
Besides leveraging the benefits of its unique position, in the long
products through spin-off companies. In addition to all of this, futurIT
term futurIT aims to build a global network with the participation
aims to become an international information security knowledge
of renowned Hungarian and foreign educational institutions, inter-
base and conference centre.
national professional associations, specialist authorities and enter-
The futurIT project will help to stimulate innovation and boost R&D
prises. With the assistance of this network, the quality, recognition
capacity in Hungary, and through the vocational training programs
and accessibility of the training program can be further improved,
will generate a pool of qualified labour for knowledge-intensive
research and development operations expanded, and additional
small and medium-sized enterprises, while the spin-off companies
opportunities created for the practical application of research results
and consortium members, through their own R&D activities, will
at a local, regional and even an international level.
create new jobs for the graduating specialists.
By developing IT security methodologies and tools, assisting in the
The education and training program of the futurIT project will
development of knowledge-intensive industries, and concentrating
enable the Information Technology Faculty of the University of
R&D capacities, and, through this, by increasing competitiveness,
Pannonia to impart the latest skills in fields that are expected to
the Knowledge Centre’s activities also complement the EU’s current
retain their importance over the long term, and to provide its PhD
research framework program (EU FP 7).
students with highly relevant technological research topics. The
We are especially keen to form partnerships with leading international
Centre’s basic and applied research work will help businesses
organisations that are active in the following areas, which are cur-
operating in the region to develop saleable products and services,
rently being afforded priority globally and in the EU in particular:
thereby stimulating job creation.
•
Protection of infrastructure and services
Besides its specialist publications and conferences, the results
•
Restoration of security and operation in emergencies
achieved by the knowledge centre will also be presented and propa-
•
Integration and interoperability of security systems
gated, both internationally and in Hungary, through its products
•
Security and society
and the work of foreign students. As well as organising industry
•
Coordination and structuring of security research
36
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 40
INDICATORS
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 41
dissertations
PhD dissertations
Three students completed their Ph.D. dissertations in 2007. The table below presents the key data related to their doctoral work:
Name
Subject
Institution
Consultant
Time of defence
Péter Ludik
Methodological and technical
ELTE University
Tibor Remzsô
May 2007
opportunities for creating and imple-
Faculty of IT Department
Pannon University
menting a virtual learning environment
for Information Systems
Information Visualization
ELTE University
Tibor Remzsô
Faculty of IT Department
Pannon University
Andrea Major
June 2007
for Information Systems
István Heckl
Synthesis of separation networks:
University of Pannonia’s FIT
Ferenc Friedler
simultaneous application
Department for Applied
Pannon University
of separation methods based
Computer Technology
June 2007
on various attributes
Their results are expected to be applied in various phases
can be applied in designing educational computer applications and
of the project. The findings related to the virtual learning environment
in disseminating the completed materials.
(Péter Ludik) can be used in creating our electronic education
István Heckl’s results can be used in our educational activities
systems and distributing adult education materials. Similarly, the
and in developing optimal network (e.g. information security)
results relating to the visualisation of information (Andrea Major)
applications.
38
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 42
university research
PhD, post-doctorate and university research positions
Since the 2006 academic year, Information Security has been
referencing of the developed synthesis procedures with the results
included among the PhD subjects taught at the PhD School of the
of existing security certification procedures.
University of Pannonia’s IT Faculty. The course involves designing
Several researchers with a background in mathematical modelling
a methodology for the mathematical description, synthesis, certi-
are contributing, on a part-time basis, to developing the theoretical
fication and development of security systems. Two PhD scholars,
background for the security systems. The internationally renowned
and two PhD candidates who have already gained their pre-degree
professor of operational research, István Maros - who has recently
certificates, are currently studying this topic at the University of
left his post at the Imperial College, London, to return to Hungary
Pannonia. Their work includes the formal description and modelling
- is also contributing his expertise to the research conducted within
of business processes and the IT systems supporting them, defining
the framework of the futurIT project. We succeeded in attracting
the relationship between existing information security certification
Maros back to his home country in September 2006 to participate
procedures and process engineering procedures, the development
in the implementation of a research project funded through the
of an algorithmic method for the optimal synthesis of business
Ányos Jedlik program, and he currently holds a professorial chair
processes from an information security standpoint, and cross-
at the IT Faculty of the University of Pannonia.
39
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 43
students
Students partnership program
The aim of the student
a sound knowledge of the English language, as well as a high level
partnership program
of commitment to the field of information security. All of these
is to involve some of
attributes are essential for fulfilment of the high professional
the most promising
standards and ambitious targets of the project.
university students
For participating students, the student partnership program
in the research and
provides an opportunity to conduct pioneering research in the field
development activities
of information security, while the publications and other forms
of the futurIT project. This provides them with an opportunity
of communication engaged in by the Centre place particular
to gain first-hand experience of the world-leading development
emphasis on raising awareness, within society, of information
work carried out at futurIT, and to acquire skills that will enable
security and other related matters. The program is closely
them to work to the highest professional standards after graduating.
integrated with the unique talent-nurturing system of the
The program begins with a strict selection procedure, during
University of Pannonia’s Information Technology Faculty.
which we assess the applicants’ commitment to research and
The 11 students who are currently participating in two research
development, gain a picture of their personal abilities, commitment,
programs - the development of a Data Recovery Technology and
and the quality of work that they can be expected to contribute to
an Integrated Security product range - began their work within the
the project. Naturally, students joining the program are also
framework of the program at the start of the year.
expected to achieve outstanding academic grades, and have
40
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 44
competition
24-hour programming competition
sponsored by futurIT
University of Pannonia, Faculty of Information Technology,
The students were given 24 hours to meet the challenge. The nec-
27-28 March 2007
essary hardware was provided, but the software had to be written
or else gleaned from the internet by the competitors themselves.
The Faculty of Information Technology at the University of Pannonia
For the purposes of addressing the problem, the teams of students
traditionally endeavours to train high numbers of competent IT
also had to create an optimal test environment.
professionals, while ensuring that those who display outstanding
ability are given every opportunity to excel. One means of achieving
this is to hold a range of competitions that provide an opportunity
for participants to showcase their expertise and abilities outside
the classroom environment, by solving complex practical tasks
while working to a short deadline.
To summarise their results, the participants had to hold a theoretical presentation and a live, practical demonstration, each lasting
five minutes. Many of the members of the winning team are now
working on research and development projects at futurIT.
The competition was sponsored by the University of Pannonia,
This year’s competition focused on bringing students face to face
KÜRT Information Security and Data Recovery Co., the futurIT
with an increasingly relevant and practical issue related to IT secu-
Integrated Security Research and Development Centre, the
rity: how much time is needed to steal data from a computer using
Ministry of Education, Sicontact Ltd. and Continental Teves
only a camera aimed at the computer’s monitor?
Magyarország Ltd.
Further information and images: http://www.irt.vein.hu/verseny/
41
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 45
adult training
Adult training
As part of the adult training
The trainers were all senior consultants from KÜRT, with decades
programme, KÜRT held a number
of practical experience behind them (Norbert Oroszi, Attila Papp
of 3-day practical IT risk-
and Ferenc Frész).
management training sessions
The training course was based around the following key topics:
in October and December 2006,
in partnership with the IQSOFT
John Bryce Training Centre.
Day 1 - Assessing the state of an IT system:
The participants on the courses - professionals with theoretical
knowledge - had an opportunity to learn from practical experience
• Project launch (on the IT side)
gained from dozens of risk management projects.
• Analysing the information technology
• Analysing the IT processes
The training course focused on reviewing the theoretical back-
• Analysing relevant threats
ground, implementing risk management solutions, determining
possible errors that can arise and how to avoid them, analysing the
Day 2 - Assessing the expectations of the business side:
difficulties and the various ways of tackling them, and discussing
and solving specific problems through case studies.
• Project launch (on the business side)
• The practical tools of assessment
The aim of the training course was to present the practical
• Determining parameters
application of risk management to theoretical experts and
• Assuring that life goes on without IT
decision-makers. The sessions primarily focused not on theoretical
knowledge, but on practical difficulties and how to solve them,
Day 3 - Creating the optimum security level:
while also emphasising the importance of performing the essential
paper work that accompanies the associated regulatory tasks.
• Implementing the project
• Evaluation scales
Participants also had a chance to practice preparing and using work
• Determining the optimum risk level
materials related to the implementation of risk management solutions.
• Risk management at work in an organisation
42
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 46
transfer
Technology transfer
The purpose of technology transfer is to ensure the practical
Demand for the developed methodologies, and for software and
application of results achieved within the context of futurIT, and
hardware products, is high among large corporations, who benefit
the localisation of existing international research findings that
from leveraging the technologies produced by the subprojects.
futurIT requires for its operation. The technology transfer activities
This means that the results of the research are highly marketable
performed at futurIT draw on the work of the Knowledge
in Hungary, the European Union and even globally. A good example
Management laboratory, which performs the collation and presen-
of this is the recent signing of a declaration of intent between
tation, in a professional context, of the results of research
futurIT and the European-US-Middle-Eastern security conglomerate
programs carried out within the framework of the projects, and
Alacera International (www.alacera.com), which plans to purchase
publication of the best practices developed.
the results of the laboratories’ research.
The target groups of stakeholders who will benefit from technology
In the future, it will be possible to sell the spin-offs to a variety
transfer, and the techniques employed during the transfer process,
of target groups at various stages in the companies’ life cycles.
differ greatly depending on the nature of the different types
of research and development results.
We primarily intend to raise the initial capital for the spin-offs
through the involvement of “angel investors”. In this case, a small
The results of basic research are utilised by futurIT through its
equity stake would be offered in exchange for a low investment share.
publications and the elaboration of methodologies. The results
of applied research and product development are not commercially
We plan to make the successful spin-offs - those that already have
exploited by the laboratories themselves, since they are geared
a number of successful reference projects under their belt - avail-
exclusively towards the development side of operations, which
able to industry investors and venture capitalists, thereby attracting
is what gives them their comparative advantage in this respect.
substantial capital investment to ensure the long-term sustainability
Instead, futurIT establishes spin-off companies specifically to
of the development work commenced.
perform the sales of developed products. The scientific knowledge
that these spin-offs require in order to sell the products is received
from the university, while the business and professional skills
are provided by specialists from the commercially-oriented
consortium partners.
43
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Process
based IT
security
applied
research
Page 47
IT security
methodology
integration
IT security
research
laboratory
IT SECURITY
KNOWLEDGE
BASE
Functional and
security requirement system
IT security
qualification
methodology
IT security
auditing
methodology
IT Security
Certification
Center
IT risk analysis
methodology
Supporting authorities in
IT related issues
Preparing IT
security draft
Security qualification of IT
devices and systems
IT security
system
methodology
Development IT
security devices
IT security
methodology
Device based
IT security
applied
research
INVENTION
IT security
certification
IT security PhD
programme
IT Security
Education
Centre
School-based higher
education of IT security
Education and training of
IT security professionals
INNOVATION
DIFFUSSION
Social awarness of IT
security communication
conferences
Conferences
On 23 November 2006 the conference entitled Intelligent Systems
Systems. The symposium also provided an opportunity to discuss
- Symposium of Young Researchers 2006, was held in Budapest
and debate our results to date, as well as ongoing research projects.
by the Artificial Intelligence department of the John von Neumann
Computer Society. The purpose of this one-day symposium, held
KÜRT held its highly successful industry conference entitled:
in the main hall of the Hungarian Academy of Sciences Computer
Hey! Do we still have time for that? - The relationship (or lack
“H
and Automation Research Institute (MTA SZTAKI) in Kende utca,
there of) between business processes and information manage-
was to give an overview of the work of researchers into theoretical
ment” on 17 May 2007. The conference aimed to highlight the
and practical questions related to intelligent systems, to provide an
need to improve communication between business and informa-
insight into the current state of Hungarian workshops established
tion technology, in order for IT to provide optimal support for enter-
for this purpose, and to debate the challenges and problems
prises and the achievement of business goals. Within this frame-
currently faced by researchers, educators and IT professionals.
work KÜRT presented its new business solutions and various ele-
At the conference, researchers from the IT Faculty of the University
ments of its product range designed to facilitate the strengthening
of Pannonia presented the results of their research into multi-agent
of such relationships.
systems and applications. The title of their presentation, which
attracted a great deal of interest, was: Combinatorially Accelerated
On 7-9 June 2007, the Hungarian Operational Research Society,
Branch and Bound Algorithm for the Synthesis of Security
the Bolyai János Mathematics Society and the Economic Modelling
44
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 48
Society, jointly organised the 27th Hungarian Operational
chains, the design, management and risk analysis of information
Research Conference at Balatonôszöd, attended mainly by scien-
security systems.
tists conducting research into the theoretical and methodological
University of Pannonia, Faculty of Information Technology
branches of operational research. The conference’s organising
Hungarian Academy of Sciences, Veszprém Regional Committee
committee placed particular emphasis on the presentation of
applications and case studies, and lectures about the results
Guest speakers
of completed or ongoing operational research. At the conference,
•
researchers from the IT Faculty of the University of Pannonia
Lorenz T. Biegler, Department of Chemical Engineering,
Carnegie Mellon University
presented their model for the specification and optimisation
•
of security systems in the P-graph methodology applications
Hans Georg Bock, Interdisciplinary Center for Scientific
Computing (IWR), University of Heidelberg
section. The title of the presentation was: The Use of P-graph
•
Methodology for the Definition and Synthesis of Security Systems.
J. Frederic Bonnans, The French National Institute for
Research in Computer Science and Control (INRIA)
The conference provided an opportunity for peer assessment
•
of the developed mathematical model, and thus represented
Dorit S. Hochbaum, Haas School of Business and Department
of IE&OR, Etcheverry Hall, University of California
an important landmark in the research program.
•
Etienne de Klerk, Department of Econometrics and Operations
Research, Faculty of Economics and Business Administration,
Veszprém Optimization Conference: Advanced Algorithms (VOCAL
Tilburg University
2006), Veszprém, 13-15 December 2006
•
The VOCAL conference presents the latest findings into optimization
Yurii Nesterov, Center for Operations Research and
Econometrics (CORE), Catholic University of Louvain (UCL)
algorithms, through a series of presentations held by internationally
•
acclaimed researchers. The guest speakers give an overview of
András Prékopa, Rutgers Center for Operations Research
(RUTCOR), Rutgers, The State University of New Jersey
the current state of continuous and discrete optimization, including
•
the complexity and convergence characteristics of the algorithms,
Annick Sartenaer, Departement of Mathematics, Notre-Dame
de la Paix University (FUNDP)
and their fields of application. The purpose of the event is to create
an opportunity for researchers and developers working in theoret-
Participants
ical and practical fields to meet and share their expertise in the
Researchers from numerous countries on four continents have
context of a prestigious international conference.
submitted presentations for the 2006 conference (Algeria,
Besides introducing the mathematical theory behind the proposed
Belgium, South Africa, United States, United Kingdom, North
optimization methods, the presentations also explore the potential
Cyprus, France, the Netherlands, India, Iran, Canada, Hungary,
areas for their application in an engineering setting. These include,
Nigeria, Norway, Slovenia, Turkey).
for example, complex industrial processes, logistical supply
45
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 49
resources
Resources
Key person
Consortium member
Tasks
Time expenditure (day)
Chief Researhcer
Dr. Sándor Kürti
Zoltán Homola
József Kmetty
János Kürti
Attila Papp
Tibor Remzsô
Botond Bertók
Ferenc Friedler
Tamás Terlaky
Thokozani Majozi
Zoltán Kovács
István Maros
Gyula Simon
Zsolt Tuza
Sándor Dominich
JúliaGóth
Rozália Lakner
KÜRT Co.
KÜRT Co.
KÜRT Co.
KÜRT Co.
KÜRT Co.
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
II/1,2; III/2
II/3; III/2
II/1,2; III/2
II/1,2; III/2
II/3; III/2
II/1,2; III/2
IV/2,3
IV/2,3
IV/2,3
IV/3
II/3
II/1,2; III/2
IV/2,3
IV/2,3
II/1,2; III/2
II/1,2; III/2
II/1,2; III/2
100
100
100
100
100
75
50
25
20
13
10
10
10
10
5
5
5
Researcher
Krisztián Harnos
Zoltán Kertész
Ferenc Kovács
Michael Wellington
KÜRT Co.
KÜRT Co.
KÜRT Co.
KÜRT Co.
II/1,2; III/2
II/1,2; III/2
II/1,2; III/2
II/1,2; III/2
100
100
75
75
Research and development associate
István Megyeri
Róbert Nemkin
Gábor Szekeres
Tamás Kürti
Róbert Adonyi
László Halász
Attila Keresszegi
Károly Kalauz
Károly Sarkadi
Zoltán Süle
Tünde Tarczali
Orsolya Ujvári
KÜRT Co.
KÜRT Co.
KÜRT Co.
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
University of Pannonia
II/1,2; III/2
II/1,2; III/2
II/1,2; III/2
IV/2,3
IV/2,3
IV/2,3
IV/2,3
IV/2,3
IV/2,3
IV/2,3
IV/2,3
IV/2,3
100
100
100
75
37
30
30
25
25
25
25
25
46
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 50
Key person
Consortium member
Tasks
Time expenditure (day)
Orsolya Kristóf
Anita Stahl
Csilla Raffai
University of Pannonia
University of Pannonia
University of Pannonia
IV/2,3
IV/2,3
IV/2,3
13
13
6
Administrative staff
Katalin Virág Cziráki
Júlia Sárossi
Timea Blaskó
KÜRT Co.
KÜRT Co.
KÜRT Co.
50
50
25
Other (student)
Sum
II/3
26
Sum:
Full time equvalent number of staff
1867
7.78 people
Activity distribution
Administrative staff: 7%
Other (student): 1%
Chief Researcher: 39%
Research and
development associate: 34%
Researcher: 19%
2006-2007
Indicators 2006-2007
Indicators/Publications
Planned
National publications
25pcs
Actual
technical
6pcs
general
48pcs
International publications
1pcs
technical
2pcs
47
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 51
Indicators/Positions
Planned
Actual
PhD researcher jobs
6 people
6 people
Postdoctoral jobs
4 people
4 people
Researcher jobs
5 people
7 people
PhD dissertation
3 people
3 people
BSc and MSc students
20 people
20 people
Training students
20 people
14 people
Indicators/Professional Programmes
Planned
Actual
Conference lectures
25pcs
26pcs
Conferences
3pcs
2pcs
KÜRT 2007 Conference
Veszprém Optimization Conference:
Advanced Algorithms (VOCAL)
media
Media appearences
RET professional
22.11.2006 • Attila Papp • Integration of security systems • Hadmérnök special 2006
23.11.2006 • Z. Süle, B. Bertók, F. Friedler • Combinatorially Accelerated Branch and Bound Algorithm for Process Synthesis,
Symposium of Young Intelligent Systems Researchers • SZTAKI
01.05.2007 • Simon, G., M. Molnár, L. Gönczy, B. Cousin • Dependable k-coverage algorithms for sensor networks • CD-ROM ISBN 14244-1080-0 Proceedings of the Instrumentation and Measurement Technology Conference - IMTC 2007
08.05.2007 • Attila Papp • Dock leaves to cure nettle stings • Computerworld XXXVIII évf 19 sz
07-09.06.2007. • Z. Süle, B. Bertók, F. Friedler • The application of P-graph methodology for the definition and synthesis of security
systems • 27th Hungarian Operations Research Conference, Balatonôszöd
15-17.10.2007. • Simon, G., L. Szabados, A. G. Tóth • Model-based code generation for fast-deployment security applications • 2nd
International Workshop on Secure Information Systems (SIS’07), Wisla, Poland
Attila Papp • Integration of security systems • Computerworld XXXVII évf 40 sz
48
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 52
media
Media appearences
RET PR
16.02.2006 • Tamás Kürti • Veszprém knowledge centre • Gazdasági Rádió •
16.02.2006 • Sándor Kürti, József Kmetty, Zoltán Gaál Dr. • More secure information handling • Piac & Profit
17.02.2006 • József Kmetty • KÜRT in development project with university • Népszabadság
17.02.2006 • Sándor Kürti, József Kmetty, Tamás Kürti, Zoltán Gaál Dr., Ferenc Friedler Dr. • Researchers for security - partnership
between KÜRT Co. and Veszprém University • Veszprém Megyei Napló
21.02.2006 • Zoltán Gaál Dr., József Kmetty • Information Security R+D Centre opens under partnership between KÜRT and Veszprém,
University (www.terminal.hu ) • www.terminal.hu
02.03.2006 • Tamás Kürti, Zoltán Gaál Dr. • Top security for information • Népszabadság
19.05.2006 • Miklós Boda, Tamás Kürti, György Beck • Support depends on results • NKTH
01.06.2006 • Ferenc Friedler Dr. • Contributing to the region’s development • Veszprém Megyei Napló
14.06.2006 • Sándor Kürti • Esti Judit • Integrated Information Security • Kossuth Rádió
15.06.2006 • Sándor Kürti • Fehér Mariann • Fidesz hacks Socialist Party’s server • Klub Rádió
03.08.2006 • Sándor Kürti • Veszprém knowledge centre
25.02.2007 • Tamás Kürti • Like the American dream - in Hungary (Veszprém Megyei Napló, 25 February 2007) • Veszprém Megyei Napló
01.04.2007 • István Megyeri, Zoltán Kertész, József Kmetty • Flash data recovery • M1/Delta •
10.05.2007 • University participates in program • Veszprém Megyei Napló
08.06.2007 • Tamás Kürti, Árpád Tóth G., Ferenc Friedler Dr. • Tsec • Napló Online
08.06.2007 • Tamás Kürti, Árpád Tóth G., Ferenc Friedler Dr. • US-Hungarian cooperation - Security systems development centre being
formed • Veszprém Megyei Napló
11.06.2007 • Tamás Kürti, Árpád Tóth G. • Tsec • Computerworld Online, Hirtv.hu, HWSW.hu, IT.News, Hirado.hu, Menedzsmentfórum,
PC World, Portfolio.hu, Primonline, Terminal, MTI, EuroAstra Internet Magazin
11.06.2007 • Tamás Kürti, Ferenc Friedler Dr. • Tsec • Eduport.hu, Infovilag, EuroAstra
49
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 53
media
Media appearences
12.06.2007 • Tamás Kürti, Árpád Tóth G., Ferenc Friedler Dr. • Tsec • Piac & Profit Online, Infomedia, Origo, Biztonsagportal,
Computerworld, HR Portal, Veszprém index, Vilaggazdasag Online, Tranit-hu, aHirek.hu
14.06.2007 • Tamás Kürti • Girnt József • Tsec • Napi Gazdaság
14.06.2007 • Tamás Kürti, Árpád Tóth G., Ferenc Friedler Dr. • Tsec • Metro, FM Portal
16.06.2007 • Tamás Kürti, Ferenc Friedler Dr. • Tsec • Webbusiness
19.06.2007 • Tamás Kürti • Kováxs M. Veronika • Tsec, University of Pannonia/Security Systems • Metro
21.06.2007 • Tamás Kürti • Tsec • Echo TV
21.06.2007 • Tamás Kürti, Ferenc Friedler Dr. • Tsec • Echo TV
21.06.2007 • New technology centre established • METRO •
21.06.2007 • Tamás Kürti, Ferenc Friedler Dr., Árpád Tóth G. • New technology centre established • METRO
KÜRT professional
11.01.2006 • László Csôsz • Sláger Rádió, Bochkor Gábor • Data recovery at Nasa • Sláger Rádió
13.01.2006 • György Dolánszky • Szilvay Balázs • Friday 13th virus • Kossuth Rádió
19.01.2006 • Géza Molnár • Beregi Nagy Edit • Why the lifespans of CDs and DVDs are getting shorter • Info Rádió
19.01.2006 • József Kmetty • Kárász Róbert • Is there currently a sure-fire form of protection against hackers? • Echo TV
23.01.2006 • Sándor Kürti, Géza Molnár • Kálmán Alida • Why the lifespans of CDs and DVDs are getting shorter • Duna TV
23.01.2006 • Géza Molnár • Lukács Csaba • Data storage media - data-loss rates • Magyar Nemzet
23.01.2006 • György Dolánszky • Girnt József • Free telephony - Skype • Napi Gazdaság
26.01.2006 • György Dolánszky • Obrusánszky Borbála • Internet hazards • Privát Kopó Magazin
02.02.2006 • József Kmetty • Bárány Róbert • Question marks surrounding CD data recovery • TV2
17.02.2006 • Sándor Kürti • Kósa Melinda • Fidesz hacks Socialist Party’s server • M1, M2, TV2
12.08.2006 • Géza Molnár • Data loss storm • Info Rádió
50
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 54
media
Media appearences
14.08.2006 • Ferenc Frész • Litauszky Balázs • Biometric codes • Info Rádió
22.08.2006 • Sándor Kürti • Bercsény Luca • Finnish decree on company monitoring of employees’ emails, the risks of corporate email
(data theft...) • Klub Rádió
10.01.2007 • Sándor Kürti Sándor, István Megyeri • Data recovery from flash memory • Kossuth Rádió-Digitális
06.02.2007 • György Dolánszky • Kránitz Balázs, P. Kiss Zsuzsa • Data loss / Data protection • Kossuth Rádió - Napközben
12.02.2007 • György Dolánszky • Kántor Endre • Radio Cafe
01.04.2007 • Ferenc Frész • Security awareness • Számítástechnika - CIO supplement
13.04.2007 • József Kmetty • Does IT make the state more transparent? • IT business
18.04.2007 • Géza Molnár • Demand for data • Interfax, EuroAstra, Hírvadász, SG, Digitalage, TRANZIT, Napló, MenedzsmentfórumStaféta, Veszprém Megyei Napló
19.04.2007 • Géza Molnár • Demand for data • Computerworld, Infovilág, Biztonsagportal.hu, 3hackers.hu, Hirfal.hu, Számítástechnika online
20.04.2007 • Dea Csuba • Data recovery • Magyar Computer Club
24.04.2007 • Géza Molnár • Demand for data • IT business
01.05.2007 • Cebit, log analysis • Chip
15.05.2007 • Gábor Szekeres • Demand for data • Echo Tv
08.06.2007 • Sándor Kürti • Vermes Péter • Data protection, data recovery • Asztallap (The monthly journal of Mensa Hungary)
19.06.2007 • Data recovery • Computerworld
06.07.2007 • Sándor Kürti • Kovács Anita • Data recovery, foreign expansion • Lánchíd Rádió
49
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 55
programmes
Professional Programmes
RET professional
23.11.2006 • Symposium of Young Intelligent Systems Researchers, Budapest, SZTAKI • Combinatorially Accelerated Branch and Bound
Algorithm for Process Synthesis • Z. Süle, B. Bertók, F. Friedler
13-15.12.2006. • Veszprém Optimization Conference Veszprém, Hungary • Advanced Algorithms (VOCAL) • Botond Bertók, Zoltán Kovács
01-03.05.2007 • Proceedings of the Instrumentation and Measurement Technology Conference IMTC 2007 Warsaw, Poland
• Dependable k-coverage algorithms for sensor networks • Simon, G., M. Molnár, L. Gönczy, B. Cousin
07-09.06.2007 • 27th Hungarian Operations Research Conference • Use of P-graph methodology for the definition and synthesis of security systems • Z. Süle, B. Bertók, F. Friedler
15-17.10.2007. • 2nd International Workshop on Secure Information Systems (SIS’07), Wisla, Poland • Model based code generation for
fast-deployment security applications • Simon, G., L. Szabados, A. G. Tóth
KÜRT professional
13.04.2006 • Microsoft • Information management, or: Beyond our capabilities? • Sándor Kürti, Ferenc Frész, Sándor Zsilinszky
19.09.2006 • HM presentation • Information management, or: Beyond our capabilities? • Sándor Kürti, Ferenc Frész, Sándor Zsilinszky
17.05.2007 • KÜRT Conference • The relationship (or lack thereof) between business processes and information management • Balázs
Dakó, Richárd Pécsi, László Bartal, Balázs Balázs, Sándor Zsilinszky, Ferenc Frész, Norbert Oroszi, Attila Papp, György Kis
26.09.2007 • ITBN (IT Security Day) • Security intelligence: cure and prevention in IT • Tamás Kürti
08.06.2006 • Internet boat • 7th European Internet Boat - Hungarian innovation and skills export in IT • Kmetty József
50
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 56
financial indicators
Financing, summary of financial indicators
Cost categories
Budgeted
Aid
Own resources
Total
Actual
Staff compensation
44,260
42,000
86,260
20,256
Employer contributions
14,640
0
14,640
6,564
External contracting
30,000
16,000
46,000
32,722
Other financial expenditure
15,500
25,000
40,500
61,149
Purchase of intangibles
12,000
0
12,000
30,675
41,000
0
41,000
0
157,400
83,000
240,400
151,366
Purchase of machines,
plant and equiment
Total
53
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 57
Budgeted costs for the first phase of work
Purchase of machine,
plant and equiment: 17%
Staff compensation: 36%
Purchase of intangibles: 36%
Other financial expenditure: 17%
Employer contributions: 6%
External contracting: 19%
Actual costs of the first phase of work
Purchase of machine,
plant and equiment: 0%
Staff compensation: 13%
Purchase of intangibles: 20%
Employer contributions: 4%
External contracting: 22%
Other financial expenditure: 41%
54
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 58
monitoring
Monitoring
RESULTS
Commercially viable results of the project
the project
• Number of newly developed*
3pcs
• Number of jobs created as a result of the project
• Products
0pc
• at enterprises
• services
0pc
• at research centres
6pcs
• technologies
0pc
• - of which: research posts
6pcs
• applications
0pc
• prototypes
0pc
0pc
(Note: full-time equivalent)
Economic value
• Number of patents pending*
• Hungarian
0pc
• PCT
0pc
• foreign
0pc
• How many of the following were participated in the centre’s activities
• Number of patents issued
• research centres
3pcs
• enterprises
2pcs
• Number of new enterprises established
0pc
• Hungarian
0pc
• Revenue of newly established enterprises (HUF)
0pc
• PCT
0pc
• Were the results of the projects exploited commercially?
NO
• foreign
0pc
• Generated as a result of the project:
• Extra sales revenue
• Number of other industrial property rights*
(e.g. trademarks, design protection, etc.)
0pc
0 HUF
- of which: export sales revenue
0 HUF
• Cost reductions
0 HUF
Scientific results
Social value
• Publications (including lectures)
• Hungarian (number X impact factor)
• Did the project contribute to
54pcs
• international (number X impact factor)
• sustainable growth and environmental protection?
2pcs
• equal opportunities?
YES
• security?
YES
0pc
• reduction of regional disparities?
YES
YES
• other (Y/N), please specify
• Number of dissertations
• PhD
3pcs
• MTA Doctorate
• Did the research lead to a new international project?
YES
NO
• Have the results of the project been publicly announced (Y/N).
(under review)
In what manner?*
Human resources
• Are the results of the project being utilised
for the purposes of education/training?
YES
YES
• to the general public
YES
(in BsC Courses)
Other, special monitoring indicators specific to the project
• How many of the following were involved in the project:
• university students
• within the industry
NO
20pcs
• PhD students
6pcs
• young researchers
6pcs
• Number of researchers who gained a doctorate as a result of
55
Annual Report 2007 futurIT
FuturIT_eng_ok.qxd
07/11/5
9:42
Page 59
contact
Contact Information
Tamás Kürti
Prof Ferenc Friedler
Balázs Minárovits
Head of futurIT
Head of Consortium
Technical manager AlbaComp
H-1112 Budapest, Péterhegyi street, 98
H-8200 Veszprém, Egyetem street, 10
H-8000 Székesfehérvár, Mártírok street 9.
kurti.tamas@kurt.hu
friedler@dcs.vein.hu
info@albacomp.hu
our team
Our team
56
Annual Report 2007 futurIT
FuturIT_borito_eng.qxd
07/10/26
17:29
Page 1
futurIT Information Security Knowledge Centre
H-8200 Veszprém, 10. Egyetem street • Telephone/Fax: +36 88 624 025
This publication was prepared within the framework of the Péter Pázmány Program,
with the assistance of the National Office for Research and Technology.
Published by the Pannonia Regional Knowledge Centre - futurIT Information Security Knowledge Centre
Publisher: Dr. Ferenc Friedler
Grafic design: Arttom Grafika
Printing: TradeORG Nyomda