|
|
A feedback profiling model for cybersecurity education and training
Lazarov, Willi ; Kuchař, Karel (referee) ; Martinásek, Zdeněk (advisor)
The need to educate users to some extent in cybersecurity is undeniable given the ever-increasing cyber threats. However, the approach to education and training cannot be simply generalized due to the different environments, technical backgrounds, and age groups of users. In addition, it is also important to proactively monitor, evaluate, and provide feedback to the individuals being taught or trained. The master's thesis addresses these challenges through the research and development of a feedback profiling model for effective cybersecurity education and training. The thesis first begins with a discussion of methods and techniques for cybersecurity education. Subsequently, the problem addressed is described in more detail, followed by the design of the proposed solution in the form of the profiling model with automatic feedback. The model, which consists of a profiling matrix, a profiling algorithm, and a learning curve, was first created and expressed mathematically without considering the properties of a particular cyber range platform and programming language, especially for easy replication, modification, and extension. Independently, the profiling model was implemented and subsequently integrated into the Brno University of Technology Cyber Arena (BUTCA) platform to validate the model on learning data from students of grammar schools, technical high schools, and universities. The resulting solution of this thesis brings to the cybersecurity field a new innovative approach to the evaluation of learned and trained users with an emphasis on individual feedback and continuous learning.
|
|
|
Cyber Escape Room
Kubík, Hynek ; Burda, Karel (referee) ; Fujdiak, Radek (advisor)
This thesis explores the synergetic potential of escape games and cybersecurity education. It begins with an overview of the principles of cyber security and their importance, followed by a detailed analysis of the typologies of escape games and current trends both in the Czech Republic and internationally. Different educational frameworks and models in cybersecurity are explored, along with an analysis of tools such as Cyber Threat Defender and CyberCIEGE. The study also includes survey analysis and suggests methodologies for creating educational materials and escape games focused on cybersecurity. The findings show the effectiveness of using escape games as a dynamic tool to enhance cybersecurity education.In the practical part, this thesis focuses on designing methodologies and scenarios for escape games along with subsequent testing and optimization of the scenarios
|
|
|
Virtual reality cyber gym
Nguyen, Van Phuc ; STODOLA,, Jiří (referee) ; Číka, Petr (advisor)
Diplomová práce představuje návrh a implementaci kybernetické tělocvičny pro virtuální realitu, která integruje imerzivní technologie pro modelování sítě. Na základě teorií z oblasti kybernetické bezpečnosti a sítí, virtuální reality, studie vytváří teoretický rámec. Je uvedena analýza SOTA, která přezkoumává použití VR v oblasti kybernetické bezpečnosti. Metodicky práce využívá Unreal Engine 5 pro vytvoření syntetického 3D prostředí a návrh interaktivních principů objektů ve virtuálním světě. V rámci praktické části práce je podrobně popsána architektura systému, interakce mezi IT komponentami, simulující podmínky reálného světa, přenesené do virtuální reality. Implementace zahrnuje programování platformy s důrazem na problémy a jejich řešení. Výsledky a diskuse analyzují efektivitu simulátorů pro výcvik v kybernetické bezpečnosti, rámovanou stanoveným teoretickým rámcem. V závěru studie jsou uvedena doporučení pro budoucí zlepšení a praktické využití.
|
|
|
Ensuring availability and security in industrial networks
Zatloukal, Zdeněk ; Fujdiak, Radek (referee) ; Holasová, Eva (advisor)
Currently, a key aspect of industrial automation is ensuring a high level of security, reliability, and data availability in industrial communication networks. Given the rising cyber threats, it is essential to develop and implement advanced strategies for protecting industrial infrastructures. This thesis aims to perform a comprehensive analysis and development of security solutions for industrial networks, focusing on the Modbus RTU/TCP and MQTT communication protocols, which are crucial for the effective management of modern industrial operations. The work employs methodological approaches that combine theoretical research with practical experiments. It includes an analysis of existing protocols, the design of communication security through these protocols, and their subsequent testing in a controlled industrial environment to verify security, efficiency, and reliability. The analysis revealed significant deficiencies in the security of existing systems and led to the integration of new security measures into the industrial switchgear, which significantly improved the protection of data and communication infrastructure. The implemented solutions demonstrate significant progress in protecting industrial networks against various types of attacks. This thesis represents a significant contribution to the field of industrial network security. The results of the work provide valuable information for the further development of security technologies in the industry and offer practical guides for engineers and technicians who are working on improving the security status of industrial systems.
|
|
|
Analysis and design of an effective solution for integration of Web Application Firewall into SOC architecture
Hynek, Vojtěch ; Komosný, Dan (referee) ; Kubánková, Anna (advisor)
The thesis deals with the issue of integration of Web Application Firewall into the environment of Supervisory Security Center. The result of this thesis is an analysis of current integration options along with identification of the most common attacks on web applications. Using the analysis performed, the best suited WAF was selected along with its integration method. Furthermore, the thesis contains a detailed description of the chosen integration and its subsequent testing. Testing of the correctness of the firewall, its stress testing and its effect on the network delay was performed. A part of the thesis also describes the integration of WAF into a real SOC environment. The integration involves connection to log management and traffic monitoring technologies. At the same time, a custom integration with the MISP platform has been developed, which makes it possible to create dynamic rules for the WAF. The integration includes the creation of a custom parser, correlation rules and a test scenario. The last part of the thesis is devoted to the analysis of the impact of the WAF integration on the prevention and detection of cyber threats, which includes an evaluation of the emerging alerts over a period of one month.
|
|
|
The Impacts of a Ransomware Attack: Risk Management and Implementation of the Minimal Security Standard
Syrovátková, Lucie ; Alena,, Rybáková (referee) ; Sedlák, Petr (advisor)
The aim of the thesis is to implement cyber security in a small company as a result of a suffered ransomware attack based on the requirements of the Minimal Security Standard, which is a support material for entities that are not regulated by the Cyber Security Act in the Czech Republic. The main goal is achieved through the three main parts into which the thesis is divided. The introductory part is a theoretical support for the remainder of the thesis and contains the main concepts and areas that are used in the thesis. The analytical part focuses on the description of a possible vector of a ransomware attack and its consequences. In the second part of the analytical chapter, the current situation of the company is assessed in comparison to the requirements of the Minimal Security Standard. The last part proposes specific security measures, creation of security policies adapted to the company's capabilities and an economic evaluation.
|
|
|
Mapping Cyber Security Measures: From Legislation to Technical Implementation
Hopp, Jiří ; MSc, Mezera Michal, (referee) ; Sedlák, Petr (advisor)
In my thesis, I focused on creating a systematic tool for mapping technical measures and mitigations to national legislative cybersecurity requirements. I conducted an analysis of the addressed issue, which revealed opportunities for developing the tool and revealed forthcoming changes in legislative requirements based on the EU directive NIS2. In the following part of the thesis, I described the design and development of the mentioned tool in the form of a table. The tool met the client's requirements and mapped relevant technical measures to individual points of the current and NIS2-derived legislative requirements. Based on consultations with the client, I determined that the objectives outlined in the thesis were successfully met and that the developed tool will be utilized in a real-world environment.
|
|
|
Impact of IIoT security on proactive maintenance of company's assets
Chomyšyn, Maxim ; Vladimír,, Türkon (referee) ; Sedlák, Petr (advisor)
This work examines possible safety risks associated with the operation of IIoT technologies in industrial production. The content of this document is an analysis of used IIoT technologies, their purpose and method of implementation into production processes and the company's technology strategy. The outcome of this analysis will serve to develop possible risk scenarios and their associated impacts. Finally, I recommend possible changes that either eliminate these risks completely or at least minimize them.
|
|
|
Building security awareness at the Faculty of Business and Management
Volfová, Jana ; Ondrák, Viktor (referee) ; Sedlák, Petr (advisor)
This diploma thesis is focused on Security Awareness Education at the Faculty of Business and Management. It consists of three main parts: theoretical, analytical and practical considerations. The theoretical part is the introduction to basic terms, processes and analysis to help understand the thesis. The analytical part includes an introduction to the chosen organization and the implementation of analysis, which were presented in the theoretical part. The practical part contains, among other things, the actual proposals for Security Awareness Education at the faculty and its benefits.
|
|
|
Hacktivism: Politics, Crime, or Fun?
Raška, Jindřich ; Froehling, Kenneth (referee) ; Kotásek, Miroslav (advisor)
Cílem této bakalářské práce je zanalyzovat fenomén zvaný hacktivismus, jeho význam, dopady na společnost a motivaci jeho aktérů. Termín hacktivismus se skládá ze dvou následujících termínů; aktivismus, který bývá ve většině případů politicky motivovaný a hacking, jenž se jedná o kriminální činnost za účelem zneužití chyby nebo nedokonalosti výpočetního systému. Za účelem efektivního dosažení svého cíle, se aktéři hacktivismu, stejně jako jiní aktivisté, většinou organizují do skupin. Práce je též zaměřena na motivaci a následky konání těchto organizovaných skupin, zejména na skupinu s názvem Anonymous, s exemplárními příklady jejich akcí z minulosti.
|
guest ::
