National Repository of Grey Literature 4 records found  Search took 0.00 seconds. 
Extended model for the evaluation of information security controls
Fischer, Radek ; Doucek, Petr (advisor) ; Světlík, Marián (referee)
Subject of the thesis is to create extended model for the evaluation of information security controls. Evaluation of security controls is one from many processes of risk management which is part of information security management system ISMS. Thesis contains the outline of issue of information security and introduce various publications of information security management. Two of these publications were chosen and are used in this thesis. It is ČSN ISO/IEC 27001:2014 and NIST 800_53. These two standards are used for creation of introduced model. Model itself is introduced in second part of the thesis. Model is connecting security controls from these two standards. If organization implements security controls from NIST 800_53, meet requirements defined in ČSN ISO/IEC 27001:2014; Apendix A. This model is also customized for evaluation of security controls and giving feedback to evaluator about state of implementation of security controls. This evaluation process is setup as evaluation of NIST 800_53 security controls and after that these data are recalculated into percentage value of implementation of security controls from Apendix A. Results of this process are most valuable for risk management, for planning an implementation of security controls and for improvement of already implemented.
Procedures of information risk management of software companies.
Fischer, Radek ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
Subject of the thesis is to take up possibilities of practical using of the Risk analysis which is a part of the Information security management system. Thesis is focused on risk management for typical organization which creates information systems. Main part of the thesis is the description of "ČSN ISO/IEC 27005:2013 - Information technology - Security techniques -- Information security risk management" standard, how could this standard be applied and also contains the explanation of typical examples of assets which can be in similar types of organizations. Theoretical part is aimed on explanation of key words in literature and closer description of organizations which creates this standard. Practical part shows creation of the Risk analysis methodology according to different accesses that are contained in this standard. Thesis continues with application of specific part of this methodology in practice. Assumed contribution of this thesis is better understanding to the process of making the Risk analysis methodology and possibilities its application in practice.

See also: similar author names
4 Fischer, René
2 Fischer, Roman
Interested in being notified about new results for this query?
Subscribe to the RSS feed.