National Repository of Grey Literature 19 records found  1 - 10next  jump to record: Search took 0.00 seconds. 
Web Application Penetration Testing
Hric, Michal ; Čermák, Igor (advisor) ; Hlaváč, Jindřich (referee)
The aim of the present thesis was to analyze the level of security of select open-source web applications based on penetration testing at various stages of testing, defined by the PTES methodology. This included application of new PETA methodology to perform web application penetration testing and the creation of new knowledge objects concerning penetration testing in the MBI portal. The open-source web applications Juice Shop, NodeGoat, XVWA and bWAPP were tested. The security of the web applications was evaluated as insufficient as at least one vulnerability with a high risk of exploitation was identified for each of the tested applications. For each vulnerability found in the application, recommended corrective measures to eliminate the associated risk is stated. When using the PETA methodology for penetration testing, the benefit was mainly in integrating of penetration testing in the context of IS/IT management in an organization based on application of the narrowed framework for IS/IT management. Finally, new knowledge objects in the MBI portal are listed and described. Objects created include a task concerning the process of penetration testing, a set of metrics for evaluating the success of penetration testing and roles linked to the task.
Implementing security policy in the company
Techlovský, Stanislav ; Čermák, Igor (advisor) ; Čelikovská, Martina (referee)
The aim of this diploma is description of the design of information security management system for the company implementing the international standards ISO/IEC 27000. The theoretical part deals with standards of ISO/IEC 27000 as well as practical guide for im-plementation into the information security management system in the company. Following part describes the current status of the security status of the company. The practical part analyzes the data collected from previous part on the basis of which is a copy of the draft introduction of information security management system in the company.
Security policy implementation in a selected company
Doležalová, Eliška ; Čermák, Igor (advisor) ; Čelikovská, Martina (referee)
This diploma thesis examines the process of preparation and implementation of a security policy as a means of information asset security management. The theoretical part describes security policies as an important part of information security management systems in a company and discusses the issue of virtual teams in terms of safety risks they pose for information security. This theoretical knowledge is applied in the practical part of the thesis where a security policy is composed for a small IT company with virtual team organization.
Cyber security from the perspective of business entities
Kameníček, Lukáš ; Buchalcevová, Alena (advisor) ; Čermák, Igor (referee)
This thesis deals with the issue of cyber security in enterprises. The main objective of this thesis is to compile a comprehensive overview of the issue of cyber security related to the Czech business entities. It is written in the context in Czech language and in less technical form. This thesis first identifies the current cyber threats, supported by examples of actual incidents. On the basis of the threats thesis defines the categories of business entities that are vulnerable to the threats, and with regard to the Czech legal system analyzes cybersecurity responsibilities. Above the legal obligations there are recommended measures and types of security tests that can check the level of cybersecurity. The output is also a methodological tool for better understanding of cyber security in companies which summarize acquired information and context in comprehensive tables. The expected contribution of this thesis is that summarized findings will serve to increase the level of IT security for Czech businesses.
Information systems security penetration testing
Klíma, Tomáš ; Doucek, Petr (advisor) ; Čermák, Igor (referee) ; Čapek, Jan (referee) ; Štubňa, Ivan (referee)
The aim of this dissertation thesis is to develop new methodology of information systems penetration testing based on analysis of current methodologies and the role of penetration tests in context of IS/IT governance. Integral part of this aim is evaluation of the methodology. The first part of the thesis is devoted to the presentation of history and current state of research in selected area, definiton of basic terms and introduction of role of the penetration tests. This part is followed by the review of relevant sources and comparative study of current methodologies with a goal to identify their weaknesses. Results from this study are further used as a basis for new methodology development. Classification of IS penetration tests types and testing scenarios are also included. The second part includes design of new methodology, at first its history, structure and principles are presented, then its framework is decribed in high level of detail. In the third part the reader can find (theoretical and practical) validation. The biggest scientific contribution is the methodology itself focused on managment of penetration tests (which is the area currently not sufficiently descibed). Secondary contribution is the extensive review and the comparative analysis of current methodologies. Contribution to the economic and technical (practical) application we can mainly see in the development of new methodology which enables companies to improve management of penetration tests (especially planning, operational management and implementation of countermeasures).
The Cyber Security Act and its impacts on obliged entities
Draganov, Vojtěch ; Čermák, Igor (advisor) ; Hájíček, David (referee)
The thesis looks into the act No. 181/2014 Coll. Cyber Security Act (hereinafter referred to as "CSA") and its impact on obliged entities with focus on the regional authorities of the Czech Republic. The thesis starts with introduction into the issue of the CSA and cybersecurity from the point of view of the state, subsequently it refocuses on the level of regulated organizations. The main pillar and contribution of the thesis is the CSA analysis with the aim to identify impact of the CSA in the obliged entities. Based on this analysis author designed the questionnaire survey of the CSA impact on the regional authorities. The survey relates to information security management system, kinds of burden stemmed from the CSA implementation, willingness to use funding from the European Regional Development Fund (ERDF) to implement the CSA, a possibility to outsource the cybersecurity and also opinions of the county council staff about the CSA. The survey shows that in spite of a pressure on standardization stemming from legal framework, county councils differs significantly in regard to information security management systems. On the other hand, respondents agreed on positive impact of the CSA on improvement of information and the cyber security although the CSA brings significant financial and organizational load to the organization. The survey also shows that some regional authorities only start to implement cybersecurity currently. The cybersecurity evolves in the researched organization quite dynamically and it would be beneficial to repeat the impact analyses again, after first wave of the CSA implementation will be finished.
Biometric systems
Lisý, David ; Sigmund, Tomáš (advisor) ; Čermák, Igor (referee)
This bachelor work is about biometrics and it´s application in practice. Theoretical part describes the main principles of biometrics and all of the common technologies and methods. Practical part consists of analysis and assessment of applying biometrics in Czech radio building in Prague. Practical part covers even description and comparison of potentially suitable products. That comes with choice of the best one, as a conclusion of practical part. The main goal of this work is to provide general and basic knowledge about biometrics including demonstration of analysis it´s application in practice.
Application of the act and subsequent regulation on cyber security at state administration´s offices
Pech, Jan ; Čermák, Igor (advisor) ; Jícha, Karel (referee)
The thesis is focused on the Czech act no. 181/2014 Sb., on cyber security and subsequent regulations, introduces origin and importance of act, defines the state administration´s office which identifies important information systems according to regulations, and subsequently thesis detailed analyses act and regulation on cyber security in relation to the defined state administration´s office. Keynote of this thesis is show the real application of identified obligations of the act and regulation to the defined state administration´s office, especially a design, implementation and management of organizational and technical security measures, including the evaluation of real impact on information security. To achieve the set goals author of this thesis uses the analysis of legislation, and draws own conclusions from author´s position of a security technologist who actively participated in the design security policy, and implementation and management of security tools. The benefit of this thesis is complex overview of the security employees work at defined state administration´s office, overview of the real fulfilment obligations of the act and regulation of cybernetic security, and ultimately this thesis brings ideas for further development of technical security tools. This thesis can brings benefit to other important information systems administrators as a set of processes, proposals and recommendation for their own information security management system. This thesis is structurally divided into four main parts. The first theoretical part introduces origin, importance and impact of the act on state and private organizations. The second analytical part analyses act and subsequent regulations in relation to the defined state administration´s office. The third practical part shows the real application of organizational and technical security measures. The fourth last part evaluates the real impact of measures on information security.
Evaluation of preparedness of a business for an implementation of ISO 27001 using Gap analysis
Zrcek, Tomáš ; Čermák, Igor (advisor) ; Šašek, Jaroslav (referee)
The aim of the thesis is to evaluate the preparedness of an information security management system (ISMS) in a logistic company JASA s.r.o. for a certification by standard ISO/IEC 27001:2013. This enterprise oscillates between small and medium enterprise. It has already implemented the certificate on quality management ISO 9001:2008. For this reason, in the thesis there are presented advantages for a company that already has implemented one of ISO standards and decides to implement another. First of all, the present state of information security management system in Jasa s.r.o was compared to other businesses functioning in the Czech and European market. Then the company control environment was evaluated accordingly to the requirements of standard ISO/IEC 27001:2013. Furthermore, a scheme was created in order to evaluate specific controls based on the impact risk that could arise in case of ignoring the suggested recommendations. In the last part, the controls were evaluated accordingly to difficulty, so that the company can find cheap and fast solutions with adequate impact. The main contribution of the thesis is the evaluation of the approach to solve information security in one of many enterprises that are afraid or are starting to notice the increasing amount of security threats. This approach may be chosen by other companies that decide to go the similar way.
Framework for on-line service security risk management
Mészáros, Jan ; Buchalcevová, Alena (advisor) ; Čermák, Igor (referee) ; Doucek, Petr (referee) ; Jirovský, Václav (referee)
This dissertation thesis is dedicated to on-line services security management from service provider's and service consumer's viewpoints. The main goal is to propose a framework for on-line services security risk management, to develop a supporting software tool prototype and to validate them through a case study performed in a real-world environment. The key components of the proposed framework are a threat model and a risk model. These models are designed to fit specific features of on-line services and the surrounding environment. A risk management process is an integral part of the framework. The process is suitable for frequent and recurrent risk assessments. The process comprises of eight steps, related roles and responsibilities are defined for each step. The process execution results in identification and execution of proper tasks which contribute to treatment of identified security risks and deficiencies. Documentation and reporting of an overall level of on-line services security over time is possible if the process is executed on a regular basis. The proposed framework was validated through a case study performed in a large enterprise environment.

National Repository of Grey Literature : 19 records found   1 - 10next  jump to record:
Interested in being notified about new results for this query?
Subscribe to the RSS feed.