|
|
Managing Users as a Source of Risk
Pospíšil, Petr ; Konečný, Martin (referee) ; Sedlák, Petr (advisor)
This diploma thesis focuses on human resources mainly in Critical information infrastructure and Important information systems. Thesis focuses on the most frequent threats for users and design possible model of threat reduction. Integral part of results is designing of effective security awareness education program according to the Law on Cyber Security.
|
|
|
Information Security Management in Healthcare Organization
Hajný, Jiří ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
The diploma thesis focuses on implementation and deployment of information security management system (ISMS) into healthcare organizations. Specifies what is required to include in this process and what not to forget. It includes a risk analysis of a branch of the selected company, and for it is written a safety guide. Safety guide provides advice and recommendations regarding security in terms of human resources, physical security, ICT security and other aspects that should be included in the ISMS deployment in healthcare organizations. The work also reflects the newly emerging law on cyber security. It is expected that the law will also address cyber security in healthcare.
|
|
|
Application of the act and subsequent regulation on cyber security at state administration´s offices
Pech, Jan ; Čermák, Igor (advisor) ; Jícha, Karel (referee)
The thesis is focused on the Czech act no. 181/2014 Sb., on cyber security and subsequent regulations, introduces origin and importance of act, defines the state administration´s office which identifies important information systems according to regulations, and subsequently thesis detailed analyses act and regulation on cyber security in relation to the defined state administration´s office. Keynote of this thesis is show the real application of identified obligations of the act and regulation to the defined state administration´s office, especially a design, implementation and management of organizational and technical security measures, including the evaluation of real impact on information security. To achieve the set goals author of this thesis uses the analysis of legislation, and draws own conclusions from author´s position of a security technologist who actively participated in the design security policy, and implementation and management of security tools. The benefit of this thesis is complex overview of the security employees work at defined state administration´s office, overview of the real fulfilment obligations of the act and regulation of cybernetic security, and ultimately this thesis brings ideas for further development of technical security tools. This thesis can brings benefit to other important information systems administrators as a set of processes, proposals and recommendation for their own information security management system. This thesis is structurally divided into four main parts. The first theoretical part introduces origin, importance and impact of the act on state and private organizations. The second analytical part analyses act and subsequent regulations in relation to the defined state administration´s office. The third practical part shows the real application of organizational and technical security measures. The fourth last part evaluates the real impact of measures on information security.
|
|
|
CERT / CSIRT teams and cyber security
Rezníčková, Dominika ; Klíma, Tomáš (advisor) ; Veber, Jaromír (referee)
The main goal of this bachelor thesis is to provide brief description of contemporary situation in the field of cyber security and the role of national CERT team in it according to the newly adopted Law no. 181/2014 Coll., on Cyber Security and to make comparison of theoretical principles with their applying in praxis. Thesis is divided into two main parts. First one, a theoretical part, comprehends basic information on cyber security, cybercrime and security incidents and consequently focuses on roles of CERT / CSIRT teams in a perspective of security incidents and cyber security in general, reasons for a formation of the first CERT team and following development, its functions and responsibilities nowadays and finally the thesis presents possible opportunities of collaboration between CERT teams within international organisations and platforms. The second part of the thesis is practical and consists of content analysis of The Law on Cyber Security and its consequences and impacts. The main focus of the thesis is set up on explaining a role of a national team and its sphere of authority in the Czech Republic after the law has entered into force. To provide information about practical operation directly from the source, I will interview two cyber security specialists working in The National CSIRT Team of the Czech Republic called CSIRT.CZ, which is currently operated by the association CZ.NIC. Among other information, I will include a specific example of coordinating activity happened under the auspices of the team during the security incident. As a conclusion of this work is a summary of the achievements and benefits of work depending on the previous foreground and the comparison.
|
guest ::
