|
| |
|
|
Evaluation of preparedness of a business for an implementation of ISO 27001 using Gap analysis
Zrcek, Tomáš ; Čermák, Igor (advisor) ; Šašek, Jaroslav (referee)
The aim of the thesis is to evaluate the preparedness of an information security management system (ISMS) in a logistic company JASA s.r.o. for a certification by standard ISO/IEC 27001:2013. This enterprise oscillates between small and medium enterprise. It has already implemented the certificate on quality management ISO 9001:2008. For this reason, in the thesis there are presented advantages for a company that already has implemented one of ISO standards and decides to implement another. First of all, the present state of information security management system in Jasa s.r.o was compared to other businesses functioning in the Czech and European market. Then the company control environment was evaluated accordingly to the requirements of standard ISO/IEC 27001:2013. Furthermore, a scheme was created in order to evaluate specific controls based on the impact risk that could arise in case of ignoring the suggested recommendations. In the last part, the controls were evaluated accordingly to difficulty, so that the company can find cheap and fast solutions with adequate impact. The main contribution of the thesis is the evaluation of the approach to solve information security in one of many enterprises that are afraid or are starting to notice the increasing amount of security threats. This approach may be chosen by other companies that decide to go the similar way.
|
|
|
Management informační bezpečnosti
Janíček, Kryštof ; Čermák, Igor (advisor) ; Čelikovská, Martina (referee)
Information Security Management System (ISMS) gets superior level of importance. This paper focuses on Information Security Management and International Information Security Standards ISO/IEC 27001 and ISO/IEC 27002 (IISS). First par of thesis reviews the historical context and introduces the field to gain better understanding of following elaborate analysis of the changes, benefits, threats and consequences of ISMS. This paper objective to analyse older and newer issues of IISS based on comparative approach to evaluate benefits and risks of these changes, that ultimately reflect possible future developments.
|
|
|
Návrh na zvýšení infromační bezpečnosti v IS menší organizace na základě výsledků penetračních testů
Mazal, Jakub
Mazal, J. Proposal to increase information security IS in small organization based on the results of penetration tests. Brno: Mendel University, 2013. This thesis deals with the system of information safety and security of the computer network in a small business. Furthermore, the work deals with penetration tests and instruments that are used for penetration testing. With the tests carried out in a specific organization is evaluated safety and eventually steps are designed to increase information security in a particular organization.
|
|
|
Návrh inovace podnikové sítě středního rozsahu.
Goldammer, Martin
The work deals with the innovation of large-scale enterprise networks focusing on security according to current safety standards. This paper presents network analysis and subsequent proposal for the solution of the problem. There is also economic aspect of the proposed solution.
|
|
|
Analysis of the state of information security in the environment of municipality Strakonice
Hejhal, Tomáš ; Doucek, Petr (advisor) ; Veber, Jaromír (referee)
This thesis is about information system analysis of municipality Strakonice with focus on its security side in comparison with security standards ISO/IEC 27000. This thesis has three main parts. The first part is about theory to the topic, respective about organization's basic information and relevant laws and standards. Second part include information system risk analysis of city Strakonice with suggestions reducing individual risks with establishing countermeasures or this risk providing with insurance. In case of low risk can be this risks accepted. Third part is about current state of information security. Benefits and purpose of this thesis is to write up risk analysis for IS of municipality Strakonice and write up analysis of current state of information security with recommendations for improvement.
|
|
|
Information security management system in small business
Kraus, Vojtěch ; Doucek, Petr (advisor) ; Veber, Jaromír (referee)
This thesis discusses information security management and information security management systems in small businesses. The goal and prospective added value of this thesis is to provide with a set of practical comments and recommendations for those who implement and/or administer an information security management system in the delicate environment of a small enterprise. First part of the thesis contains theoretical definition of information security and information security management systems. Also, this part describes standards relevant to this thesis. Second part defines the concept of "small business" and discusses possible options of designing ISMS in such business so that it complies with standards mentioned above and is an effective as well as affordable solution which does not demand excessive amount of company's resources. Third and final part of this thesis is analysis of ISMS of a specific company that fits the definition of small business -- BDO IT a.s.
|
|
|
Integration of ISMS/ISO 27001/ISO 27002 to RWE company
Peroutka, Tomáš ; Bruckner, Tomáš (advisor) ; Chlapek, Dušan (referee)
The main theme of this diploma thesis is Information Security Management System (ISMS) which is based on security standard ISO 27001 and ISO 27002. This thesis is one part of the project of integration ISMS to company RWE. First goal is analysis of actual documentation of RWE. Second goal is proposal of ideal structure of ISMS documentation. Third goal is assignment the parts of RWE documentation to ideal structure of ISMS documentation. Analysis of actual documentation used knowledge about RWE documentation to create overview table with all documents and their relations. Ideal structure of ISMS documentation was based on selected parts of ISO 27001 and multicriterial analysis. Third goal of this thesis was reached by assignment parts of RWE documentation to selected parts of ISO 27001 from the second goal. Contribution of this diploma thesis is the ideal structure of ISMS documentation and form of old RWE documentation assignment, because these goals are usual steps of PDCA cycle of ISMS but they are described briefly and sparsely in security standards and works related to ISMS.
|
|
|
Information security metrics
JÍNA, Karel
The aim of this bachelor thesis is to provide an overview about how the level of information security is solved and evaluated in practice. The readers will learn what metrics are, what are they used for and what role do they play in the Information Security Management System (ISMS). The system itself is being explained as well. The practical part presents execution of a research concerning the status of information security in several organizations and a proposal of several candidate metrics that could be used in the environment of Jihočeská univerzita.
|
|
|
Security of Enterprise VoIP Telephony Networks
Šolc, Jiří ; Pavlíček, Luboš (advisor)
This thesis focuses on enterprise VoIP telephony network security. Introduces brief comparison of old analog and digital voice networks and IP telephone networks with special focus on VoIP system security. The goal of the thesis is to identify the risks of implementation and operation of VoIP technologies in enterprise environment and so thesis brings some conclusion how to minimalize or avoid these risks. First two chapters briefly introduce the development of telephony technologies with differentiation of enterprise telephone network from public telephone networks. Further it describes individual technologies, digitalization of voice, processing the signal and VoIP protocols and components. Third chapter focuses on infrastructure of telephony networks with special interest for architecture of IP telephony and ways of establishing call processing. It describes data flows for further security risk analysis, which this technology came with. Fifth chapter is about enterprise security standards in common and is trying to describe information security management system (ISMS) adopting VoIP technology. Individual security threats and risks are described in sixth chapter, along with known methods how to avoid them. Final parts of thesis concludes of two real situation studies of threats and risks of VoIP technologies implemented in environment of small commercial enterprise and medium size enterprise, in this example represented by University of economics. These chapters conclude theoretical problems shown on practical examples.
|
guest ::
