|
|
Extended model for the evaluation of information security controls
Fischer, Radek ; Doucek, Petr (advisor) ; Světlík, Marián (referee)
Subject of the thesis is to create extended model for the evaluation of information security controls. Evaluation of security controls is one from many processes of risk management which is part of information security management system ISMS. Thesis contains the outline of issue of information security and introduce various publications of information security management. Two of these publications were chosen and are used in this thesis. It is ČSN ISO/IEC 27001:2014 and NIST 800_53. These two standards are used for creation of introduced model. Model itself is introduced in second part of the thesis. Model is connecting security controls from these two standards. If organization implements security controls from NIST 800_53, meet requirements defined in ČSN ISO/IEC 27001:2014; Apendix A. This model is also customized for evaluation of security controls and giving feedback to evaluator about state of implementation of security controls. This evaluation process is setup as evaluation of NIST 800_53 security controls and after that these data are recalculated into percentage value of implementation of security controls from Apendix A. Results of this process are most valuable for risk management, for planning an implementation of security controls and for improvement of already implemented.
|
|
|
Choose authentication method for logging in to the electronic banking at the same time as cancellation of GRID cards authentication
Mazák, Matej ; Doucek, Petr (advisor) ; Veber, Jaromír (referee)
The aim of this Master thesis is to choose appropriate authentication method for logging in to the electronic banking. The chosen solution will serve as an additional factor for authentication and authorization of client and at the same time as the replacement of the outdated security method GRID card. Development and direction of the electronic banking is explained in the theoretical part of the thesis. Further on, the advantages of this channel that are provided to clients and bank, are described. Some of the trends which daily affect the direction of the electronic banking are also described. Security is very important part of the electronic banking and that is why it is mentioned in the each part of this thesis. The practical part contains proposed cancellation procedure of GRID cards and proposal of the new solutions that could replace them in the future. It also contains selection and description of evaluation criteria and multi-criteria evaluation of the selected solutions. Saaty method and scoring method were used to determine the weight of the particular criteria. Conclusion of the thesis compares achieved results of the individual authentication methods and assets of this Master thesis.
|
|
|
Strategy for the development of education in the field of ICT security at universities
Sulanová, Monika ; Doucek, Petr (advisor) ; Korber, Karel (referee)
The thesis deals with the problems of education in ICT security experts at universities in order to design a strategy for the development of education in present degree courses that dealing with this issue. The theoretical part focuses on the definition of ICT security and to familiarize the reader with the basic concepts of information security management and management of cyber security and gives an overview of the overall development of ICT security and the current trends in this area. It also describes the current situation on the labor market in relation to ICT security and the education of professionals in this field and characterizes the existing recommendations for education in ICT security. Practical part focuses on analyzing the current education ic ICT security and on analyzing the knowledge and skills requirements of the labor market to professionals in this area. Defines the basic professional role and knowledge domains that should be covered by this role. In the analytical part they are evaluated current profiles of graduates Master's degree programs focused on this area in order to find gaps in the knowledge base of graduates based on the requirements of the labor market and the existing recommendations. The results of the analysis are input to define a strategy on education in ICT security, which gives basic recommendations on how to eliminate the shortcomings.
|
|
|
Core banking systems
Chadima, Antonín ; Doucek, Petr (advisor) ; Oškrdal, Václav (referee)
This diploma thesis deals with the topic of core banking systems. The main objective is to analyze the implementation of the SEPA payments into the payment module. The theoretical part defines the concept of core banking systems and its history. It also compares conventional approaches to core banking systems with Islamic ones. The theoretical part also includes chapters about implementation approaches, the most common challenges in implementation and architecture of core banking systems. Next part of thesis is about the basic modules of core banking systems. The practical part is about the analysis of requirements on core banking systems. Especially the requirements that are mandatory from legislation perspective. These are SEPA payments, PSD2 and instant payments. Gap analysis is used as the main method. We chose SEPA payment implemetation as the requirement that we will analyse. There are two possible solutions that can be used. The first one is the customization of the current payment module and the second solution is implementation of the payment hub. The conclusion of the thesis focuses on the best solution for each of two types of bank institutions. The main acquisition of the thesis is the recommended solution for two different types of banks. And second of all, the conclusions which was founded in this thesis should be used for another requirements such as PSD2, the introduction of instant payments, and more.
|
|
|
Cyberbullying
Králová, Lucie ; Doucek, Petr (advisor) ; Nedomová, Lea (referee)
The thesis deals with the issue of cyberbullying at the University of Economics in Prague. In the theoretical part is defined cyberbullying, describes the individual elements, specifics, used tools and forms of cyberbullying. There is also described cyberbullying in relation to the law of the Czech Republic and several other countries. The thesis also included the results of several studies and the best-known cases of cyberbullying. The practical part presents the evaluation and analysis of the results of the quantitative research from the University of Economics in Prague. The result is an analysis of the incidence of cyberbullying among students of the university and recommendations on how to behave on the social networks in order to prevent cyberbullying.
|
|
|
Methodology for website localization from the perspective of webdesign
Čermák, Radim ; Doucek, Petr (advisor) ; Strossa, Petr (referee) ; Hřebíček, Jiří (referee) ; Dědič, Filip (referee)
Internet and websites are today one of the most important communication channels of almost all companies. They offer a simple, fast and effective way of communication, which is also available worldwide in a few seconds. With the globalization of market, more and more companies try to expand their business beyond the territory of the home state. In the current time of start-ups is the Internet also often a medium that allows formation of new spheres of business for which the website is absolutely essential channel. This type of business is internet based and has very often international ambitions from the very beginning. Given that each country (or region) can be seen as distinctive culture, it is advisable to locate websites for the needs of the foreign country. This is exactly the theme of this thesis. The concrete objective of this thesis is to offer a methodology for website localization in terms of webdesign. The basic building block is the delimitation of a multidisciplinary theoretical framework that examines the concept of culture and extensive literature review allowing current insight into the linking of website and culture, i.e. cultural website localization. Suitable method for gripping such a complex concept as a culture emerge from a theoretical framework as well. As the most appropriate method were determined Hofstedes cultural dimensions, which are then used for the analysis of cultural determination of web elements. Data collection for the purpose of analysis of web elements cultural determination is performed using a content analysis of websites from nine different countries. The results of the analysis are compared and synthesized with the findings stemming from a literature review. The final artifact of this thesis, a methodology for website localization from the perspective of web design, is based on this ground. Validation of the proposed methodology is done on the basis of assessment of the methodology for a domain of web design. This assessment is based on interviews with experts from different countries as well as presentation of concrete example of methodology use within a midsize website.
|
|
|
State Censorship of the Internet and the Methods of Circumvention
Kolář, Martin ; Doucek, Petr (advisor) ; Hološka, Jiří (referee)
This Master thesis deals with the subject of state censorship of the Internet. The objective of the thesis is to map the techniques of state censorship of the Internet and the methods of circumvention. In the first part, the author introduces organisations and projects that investigate state Internet censorship in the world. Subsequently, the author depicts inspection methods of communication and the Internet filtering techniques. The following part focuses on the principles of circumventing Internet censorship. It also describes various techniques of the circumvention of the censorship. Another objective of the thesis is to test the practical methods of circumventing Internet censorship. As a destination for the measurement the author has chosen PRC where he scrutinised the state of Internet censorship and tested the success rate of circumvention methods. The presented outputs serve as an overview of the techniques of the state censorship of the Internet and the methods of its circumvention, and can be used as a foundation for further work.
|
|
|
Using cloud-based technology in company: Decision making model for selection of the groupware
Topolová, Ivana ; Kubálek, Tomáš (advisor) ; Doucek, Petr (referee) ; Hnilica, Jiří (referee)
The thesis deals with decision-making about how to operate the system for communication and collaboration in a company - groupware. Compares two different ways of operating systems. Using cloud-based services and systems which the company operates on its own hardware. In the thesis the decision-making model is created. The essential criterion for decision making are total cost of ownership (TCO), the work therefore contains a procedure to calculate the TCO. Decision-making model and the calculation procedure is tested using simulation and in the case study. The simulation also responds to issues of economic suitability cloud-based systems in small and in large companies.
|
|
|
Development of concept Blue Ocean strategy
Chiziţcaia, Oxana ; Doucek, Petr (advisor) ; Novotný, Jakub (referee)
The subject of this thesis are two terms, start-ups and strategies blue oceans. The aim is therefore to realize characteristic development of the strategy and the concept of start-up and subsequent analysis of the key success factors of start-ups, in correspondence to the strategy. Output objective is to formulate recommendations on the business segment, investors. The above primary terms are initially defined and subsequently integrated in terms of the practical analysis selected start-ups, which is also based design of this work. The work was divided into two parts, theoretical and practical. The theoretical part identifies and traces the development of the strategic concept at the time, according to the primary authors of publications strategy. Then I present the designation start-up and subsequent key factors. Subsequent practical part is converted, through analysis and comparison, theoretical background in practice. This section presents the start-ups Crowdholding and Emuj and subsequently evaluated their key success factors. In another part I implements assessment of the factors of their success in terms of key aspects of the Blue Ocean strategy. Outputs are recommendations for potential investors in terms of controversy over business plans. The conclusion summarizes the theoretical and practical part of the thesis.
|
|
|
Information systems security penetration testing
Klíma, Tomáš ; Doucek, Petr (advisor) ; Čermák, Igor (referee) ; Čapek, Jan (referee) ; Štubňa, Ivan (referee)
The aim of this dissertation thesis is to develop new methodology of information systems penetration testing based on analysis of current methodologies and the role of penetration tests in context of IS/IT governance. Integral part of this aim is evaluation of the methodology. The first part of the thesis is devoted to the presentation of history and current state of research in selected area, definiton of basic terms and introduction of role of the penetration tests. This part is followed by the review of relevant sources and comparative study of current methodologies with a goal to identify their weaknesses. Results from this study are further used as a basis for new methodology development. Classification of IS penetration tests types and testing scenarios are also included. The second part includes design of new methodology, at first its history, structure and principles are presented, then its framework is decribed in high level of detail. In the third part the reader can find (theoretical and practical) validation. The biggest scientific contribution is the methodology itself focused on managment of penetration tests (which is the area currently not sufficiently descibed). Secondary contribution is the extensive review and the comparative analysis of current methodologies. Contribution to the economic and technical (practical) application we can mainly see in the development of new methodology which enables companies to improve management of penetration tests (especially planning, operational management and implementation of countermeasures).
|
guest ::
