WP3 – Research and Expert Activities
A4 Research Activities
Work package WP3 focuses on research and expert activities in the field of cyber and information security. It bridges academic knowledge with practical experience, creating a space for addressing current professional challenges, transferring results into practice, and building the centre's expert background.
The activity is carried out in two consecutive tasks. A4 – Research activity is dedicated to exploring new approaches, methods, and technologies in the field of CIS and generating original research outputs. A5 – Expert activity focuses on specialist advice, analyses, and practical support based on the results and experience of the expert team.
Scientific publications
Theses
- Bc. Artem Davydenko PhD.: Vizuálny a lidarový SLAM pre potreby mobilných robotov (Bachelor's thesis), 2025
- Mykyta Makhorin: Webové rozhranie pre teleoperáciu lietajúcich vozidiel (Bachelor's thesis), 2025
- Ján Spišák: Distribuovaná edge architektúra riadenia vybraných laboratórnych modelov (Master's thesis), 2025
- Olexandr Isak: Zvýšenie bezpečnosti autentifikácie zariadenia internetu vecí prostredníctvom PAM modulov (Bachelor's thesis)
- Jakub Szabados: Grafické prostredie pre konfiguráciu kontajnerizovanej platformy na spracovanie dát (Bachelor's thesis), 2025
- Mykhailo Tsaruk: Inteligentná navigácia lietajúcich vozidiel (Bachelor's thesis), 2025
- Samuel Vilkovský: Aplikácia metód reinforcement learning-u na autonómnom riadení lietadla v simulačnom prostredí (Bachelor's thesis), 2025
- Mykhailo Starov: Zber a analýza vitálnych funkcií pacienta v reálnom čase za využitia smart hodiniek (Master's thesis), 2026
- Pavol Slivoň: Neinvazívne meranie vitálnych funkcií človeka (Master's thesis), 2026
A5 Expert activity
Within the scope of this activity, a comprehensive information and cybersecurity management model has been created, tailored to public administration bodies of the Slovak Republic. The proposal is based on a rigorous analysis of three key pieces of legislation:
- the Cyber Security Act,
- the Act on Information Technologies in Public Administration,
and the implementing Decree No. 179/2020 Coll., including the current wording that reflects the requirements of the NIS2 Directive.
Its aim is to bridge the gap between legislative obligations and their practical implementation in the daily operations of authorities, cities, and municipalities.
The model rests on three interconnected pillars:
- The first is a catalogue of universal security measures, which brings together 21 measures organised according to the NIST CSF 2.0 taxonomy and simultaneously maps each measure to the areas of the Cyber Security Act, the areas of Decree 179/2020, as well as the international standards ISO/IEC 27001:2022 and CIS Controls v8.
- The second pillar is a hybrid maturity model that combines the strengths of the CMMI, C2M2, and NIST CSF frameworks, assessing each measure on a scale of six levels from non-applied (0) to optimising (5).
- The third pillar is a multi-criteria prioritisation system that takes into account risk impact, the criticality of protected assets, the interdependencies of measures, and the rate of legal compliance.
A key benefit of the model is the direct linking of maturity levels to the categories of entities defined by the decree. Thanks to this, each entity can clearly see where it stands in relation to legal requirements and what specific steps will move it higher. The prioritisation weights are set differently depending on the type of entity, as legislative compliance carries relatively more weight for a smaller municipality, whereas risk impact on assets is decisive for a central authority. The results are reflected in an implementation roadmap divided into four phases, which respects the mandatory prerequisites between measures and proposes a realistic timeframe of 24 months. The model also accounts for a “non-applied” level, since not every measure applies to every entity. However, such a decision must always be formally justified by a risk analysis.
The output is intended for security managers, coordinators, and authority management who need to objectively assess the current state of security and plan its improvement. It represents a practical tool for bridging legislation and real-world operations, and it is one of the expert outputs of the Competence and Educational Centre for Cyber and Information Security of TUKE.