National Repository of Grey Literature 2 records found  Search took 0.00 seconds. 
Extended model for the evaluation of information security controls
Fischer, Radek ; Doucek, Petr (advisor) ; Světlík, Marián (referee)
Subject of the thesis is to create extended model for the evaluation of information security controls. Evaluation of security controls is one from many processes of risk management which is part of information security management system ISMS. Thesis contains the outline of issue of information security and introduce various publications of information security management. Two of these publications were chosen and are used in this thesis. It is ČSN ISO/IEC 27001:2014 and NIST 800_53. These two standards are used for creation of introduced model. Model itself is introduced in second part of the thesis. Model is connecting security controls from these two standards. If organization implements security controls from NIST 800_53, meet requirements defined in ČSN ISO/IEC 27001:2014; Apendix A. This model is also customized for evaluation of security controls and giving feedback to evaluator about state of implementation of security controls. This evaluation process is setup as evaluation of NIST 800_53 security controls and after that these data are recalculated into percentage value of implementation of security controls from Apendix A. Results of this process are most valuable for risk management, for planning an implementation of security controls and for improvement of already implemented.
Information Security Management System in the company BluePool s.r.o.
Menčík, Jan ; Veber, Jaromír (advisor) ; Světlík, Marián (referee)
This master thesis deals with the topics Information Security Management by the group of ISO/IEC 27000 norms and implementation of the Information Security Management System (ISMS) in one particular company. The theoretical part describes the group of norms ISO/IEC 27000 and the legislation and institutions related to these norms. Then the theoretical framework of a risk analysis is introduced. The benefits and possible obstacles when implementing the ISMS in an organization with emphasis on small businesses is described at the end of the theoretical part. The practical part includes a complex risk analysis and measures to be taken for the revealed risks. Furthermore, it involves the settings of the information security internal rules in the company Bluepool s.r.o. with regard to the risk management and information security policy. The conclusion of this part puts forward a proposal of the process and examples of implementation, time schedule and budget for implementation of adopted measures.

Interested in being notified about new results for this query?
Subscribe to the RSS feed.