The most important part of my scientific work is perhaps education. I love to teach. I like to provide the knowledge to those who can develop it, and whom I can learn. My educational activities consists four parts.Student’s Scientific Conference (TDK) consultation focusing on information security, electronic signature, e-government and e-commerce Diploma and thesis consultation and evaluation in these areas University lectures (ELTE, BME, ZMNE) Corporate awareness training courses and professional exam preparation courses
One of my labours of loves is education. That is why I tackle the leading of self-supporting laboratories, diploma projects and lectures on Budapest University of Technology and Economics, Eötvös Lóránd University and Zrínyi Miklós National Defense University. Besides these I regularly review papers on Scientific Students’ Associations and diploma works. In recent years more and more people found the website and asked me to be a consultant. The main topic were electronic signatures and e-government. Well, dear visitor, if you need an external consultant, any subject of the site, whether bluetooth security or electronic commerce or in any area of IT security, just send me an e-mail, I will help if I can. However, the conditions are as follows: Be accurate, keep yourself to what we talked, do not count on that I write the thesis for you, and take into account that this is not my principal employment, so it may take a couple of days, as long as I can answer.
Papers on Scientific Students’ Associations
I was the consultant of Adamkó Péter and Kollár Balázs on the Scientific Students’ Associations in 2005. Péter got prize to his paper “Role of viruses and worms in the information warfare” and Balázs was placed second with his paper “Electronic archiving system based on PKI”. I hereby congratulate them! With their permission you can download their paper from my web site.
Adamkó Péter: Role of viruses and worms in the information warfare (in Hungarian)
Kollár Balázs: Electronic archiving system based on PKI (in Hungarian)
In 2005 I was the external consultant of the diploma work of Borsos Bea. Her thesis is about the marketing strategy of a starting electronic store. This paper got an excellent classification on the Budapest Business School College International Management and Business Faculty of International Marketing. Those parts which can be publicised are available on this site.
Borsos Beáta: Marketing strategy of a starting electronic store (in Hungarian)
In 2006 I helped in three diploma works. Adamkó Péter analyzed the performance of content filtering firewalls, Kollár Balázs carried on the previously examined electronic archiving subject. Besides them I also helped to my sister, Krasznay Edit who wrote about the logistics of e-business.
Adamkó Péter: Performance measurement of content filtering firewalls (in Hungarian)
Kollár Balázs: Long term archiving with electronic signature (in Hungarian)
Krasznay Edit: Background logistics solutions of PREP e-marketplace (in Hungarian)
In 2008 I could introduced as an external consultant on Eötvös Lóránd University and Corvinus University of Budapest, Spala Ferenc and Oroszi Eszter honoured me to lead their thesis work. Their work also can be downloaded from the link below.
Spala Ferenc: Security questions of bluetooth devices (in Hungarian)
Oroszi Eszter: Social Engineering – Human resource as the critical factor of information security (in Hungarian)
In 2009 my list was expanded by the College of Dunaújváros. The thesis work of Ravasz Csaba deals with electronic signature and it took me back to my roots.
Ravasz Csaba: Digital signature in enterprise environment (in Hungarian)
Since then, I focus on thesis evaluation. Since 2010 I’m getting regular invitation from the Scientific Association for Infocommunications Hungary (HTE) to participate in the board of evaluation of their Thesis and Diploma Competition, and I’m proud to be the evaluator of many awarded thesis on Hétpecsét Association’s “IT Security Thesis and Diploma of the Year” competition.
Eötvös Lóránd University
According to the agreement of Kancellár.hu and Eötvös Lóránd Scientific University I hold a course about IT security from the spring semester of 2007 to 2009. I upload my course slides to this section. Since then I return to teach as a guest speaker.
1st class: The basics of information security
Keywords: History of information security, information theory, Shannon-Weaver model, entropy, confidentiality, integrity, availability, security policy, access control, Bell-LaPadula model, Biba model, Clark-Wilson model, Chinese Wall model.
2nd class: Risk management
Keywords: Assets, threats, vulnerabilities, CRAMM attack model, risk, quantitative, qualitative risk assessment, fault tree analysis, risk matrix, countermesures, PreDeCo principle, administrative controls.
3rd class: Access control
Keywords: Separation of duties, least privilege, threats of access control, identification, authentication, knowledge based, property based authentication, identity management, AAA model, LDAP, RADIUS, Single Sign-On, Kerberos, intrusion detection, IDS, ethical hacking.
4th class: Application developement security
Keywords: Open vs. closed source, threats of software environment, malware, threats of databases, secure application developement, Common Criteria.
5th class: Operation Security
Keywords: Operated elements of systems, operation of hardware and software, hardening, cluster, maintenance, patching, log management, data storage, backup, RAID, secure disposal, personel security, awareness and training, configuration management.
6th class: Cryptography
Keywords: Symmetric encryption, asymetric encryption, stream cipher, block cipher, substitution cipher, transposition cipher, key exchange, cracking, electronic signature.
7th class: Physical security
Keywords: Area protection, supply systems, electric networks, HVAC, electromagnetic protection, fences, lightning, surveillance, doors, windows, locks, security guards, fire protection, intrusion detection.
8th class: Network security
Keywords: Network topology, OSI model, TCP/IP, IPSec, network protocol vulnerability, firewall, DMZ, NAT, remote access, RAS, VPN, WLAN security.
9th class: Business continuity
Keywords: BCP, DRP, BRP, COOP, CoSP, CCP, CIRP, OEP, BIA, hot, warm, cold, mobile, mirror site, disaster.
Budapest University of Technology and Economics
Of course, I did not left my alma mater, I used to go back teaching to the BME where I make presentations about IT audit and security standards. The presentations held by me can be downloaded from the following sections.
1st class: Common Criteria
Keywords: Introducing CC, the current status, Common Evaluation Methodology, Protection Profile, Security Target, the functional security requirements and security assurance requirements, evaluation assurance levels (EAL)
2nd class: The ISO 27000 family
Keywords:Information Security Management System (ISMS), ISO 27001, ISO 27002, ISO 17799, security policy, the organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, acquirement, development and maintenance of information systems, information security incidents management, continuity of operations management, compliance with the requirements
Corporate awareness training courses and professional exam preparation courses
I often make information security training for enterprises. These are occur at two levels in my practice. On the one hand, I make security awareness training for staff of the company (I mainly appeared at the insurance companies), where they get familiar with the most serious threats. In such trainings it is very important to find the right tone with the students. I feel that I usually get used to it. Here is an example for the awareness education.
In the second level I generally used to meet with information security managers or operators and I used to talk 2-3 days, and I give detailed descriptions about the areas of IT security. The class is similar to the subjects taught at ELTE, but the presentations are assembled on demand. I can mention the course organized by the LSI Computer Education Center called “Information Security Manager training” as an example, such as HP’s enterprise security fundamentals course. Since 2009 I participate in the official CISA preparation course organized by Corvinno.