|
|
The Introduction of Information Security Management System in IT Enterprise
Riegl, Tomáš ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
This thesis deals with the introduction of information security management system in IT enterprise. It includes theoretical knowledge which are necessary for the understanding of this issue and their application for the analysis of the current state of information security, risk analysis and risk management. Last but not least for the actual implementation of information security management system in the company. The implementation of ISMS was divided into two phases. This thesis details the first phase.
|
|
| |
|
|
Application of Information Security Management in Public Administration
Trtílek, Ivo ; Krčál, Šimon (referee) ; Sedlák, Petr (advisor)
The diploma thesis deals with an application of information security management system in the organization of public administration and local government. It defines important terms and describes the best practices which are compliant with the ISO/IEC 27000. It contains draft of security manual that can be used as an organization tool for human resources security, IT and physical and environmental security of the organization.
|
|
|
Information Security Management in Healthcare Organization
Mikulová, Aneta ; Janečková, Eva (referee) ; Sedlák, Petr (advisor)
The topic of my thesis is "Information security management in healthcare organization." Medical facilities are generally the ones who should put emphasis on information security. For my thesis I chose aesthetic private clinic called Visage, I underwent safety analysis. The analysis showed that only a small part of the security process is documented in the clinic. This is particularly deficient in terms of business. There may be a leak of sensitive information on the health status of individual patients. It is necessary to better treat the handling of these data. The aim of this thesis is a security manual that will describe the personal, physical and IT security.
|
|
|
Options to ensure information security by defining a standard behavior of employees
Dvořák, Martin ; Říhová, Zora (advisor) ; Čapek, Jan (referee) ; Novák, Luděk (referee) ; Němec, Petr (referee)
Continually the number of transactions carried out electronically via the internet has grown, as well as the number of users of IT (information technology). In the same way are accruing transactions that may be at risk in terms of information security as well as an increasing number of security incidents threatening financial gain or thefts of sensitive information. Attackers carried out attacks in order to make financial gains using more sophisticated methods, sophisticated not only using information technology but also using social engineering techniques. This growing trend is known about by governments and measures are being taken to help increase the information security of the state. This is evidenced by the fact that the European Parliament recently approved the following Directive Directive of the European parliament and of the council concerning measures to ensure a high common level of network and information security across the Union and the ensuing law on cyber security (Act No. 181/2014 Coll.) adopted by the Parliament of the Czech Republic in the summer of 2014. This act orders organizations which are maintaining critical infrastructure to implement a system to evaluate cybersecurity events (user behavior). So far no unified approach to implement such systems has been defined. Author defines standardized methodology for implementation of systems which evaluate user behavior with focus on optimization of data which these systems have to process to ensure their efficient functionality.
|
guest ::
