|
|
Security and Risk Analysis in Practice
Calta, Filip ; Luc, Ladislav (advisor) ; Veber, Jaromír (referee)
This thesis describes issues of risk analysis and security of company assets. Theoretical part of the thesis looks into the terminology of the topic with closer familiarization of procedures that are commonly used in risk analysis solutions and in company information security. Practical part of the thesis is focused on application of risk analysis using ISO/IEC 27005 methods on a concrete company, which is focused on distribution and consultation in the field of audio and video technology business. In risk analysis qualitative methods of valuation are used. An output of the analysis could be seen in added annex. The output of this thesis should be a treatment that shall prevent creation of risks, which had been found in previously defined area. Scope of the study is focused on purchase and sale.
|
|
|
Spam, risks and countermeasures from the position of selected banking entities od Czech Republic
Kubů, Tereza ; Luc, Ladislav (advisor) ; Veber, Jaromír (referee)
This bachelor thesis focuses on the issue of an unsolicited mail, also known as a spam. Mo-reover, the thesis deals with preventive measures against these spams on the side of banking institutions operating in the Czech Republic.The objective of the theoretical part is to famili-arise a reader with basic characteristics of spam, its development, possible methods of its prevention and risks, which are related to the banking sector. In practical part of the thesis, a reader can find selected banking sectors operating on the Czech market. Those were analysed in the terms of providing adequate and good-quality information about the spam, its possible security risks and the security features of the internet banking. The outcome of the analysis is the evaluation of the quality of preventive steps of the Czech banks against the unsolicited mail.
|
|
|
Risk analysis of a municipality with extended powers Tyn nad Vltavou
DUDKOVÁ, Lucie
Risk analysis shows us what can happen, why it can happen, how it can happen, where it can happen and whom it will be affected. Risk analysis should bring an answer to the question of what action the city is subjected to threats, how much the city vulnerable to these threats, how can it be a high probability that the threat exploits a certain vulnerability and what impact it would have on the city could have. The general aim of the thesis was analysis of risk municipalities with extended powers Tyn nad Vltavou. The theoretical part was generally described legislation that is closely concerned with the issue of crisis management is very complex and is treated long line of laws, government regulations, as well as implementing regulations. Also, the basic concepts related to the issue of crisis management. Furthermore, in this thesis in theoretical part explains what they are threats and risks. The threat and risk becoming key concepts of security terminology. These concepts are closely linked and work together, so sometimes are confused or incorrectly used. On the basis of an analysis of the security environment in which the Czech Republic is, to identify specific threats to its security - security threats. It is listed here as well as the types of crisis situations, which are the basis for contingency planning. The methodical approach of risk analysis and the effectiveness of risk analysis is provided in relation to the selection methods of analysis and for what purpose can be selected. Another point is the emergency planning. Emergency planning is a preventive instrument whose sole aim is to identify existing risks and to raise awareness of possible risks in a given area, minimizing the harmful effects of emergencies on the lives and health of people, livestock, environmental, cultural and property, lay down measures to prevent or limiting the effects of the incident and the possible way of removing consequences. Mention is also emergency plan, structure and use of the municipality with extended powers. Another part is the crisis management of the municipality with extended powers. Area of crisis management from the perspective of the potential of state administration at the level of municipalities with extended powers is marked by the high complexity of dealing with the likely threat, because there are intertwined with all legal norms, regulations, decrees, instructions and guidelines. An important component of the theoretical part happens to the organizational rules of the municipal office of a municipality with extended powers in relation to the characteristics of the municipality with extended competence in crisis management and in a normal state. In terms of location analyzed town Tyn nad Vltavou was necessary mention of nuclear safety, radioactivity and princ iple of operation of the nuclear power plant. The practical part focuses on the gathering of available internal and general information and documentation concerning the town Tyn nad Vltavou and its surroundings and analysis of regulations, documents and methodologies related to the town Tyn nad Vltavou and its surroundings. The practical part presents characteristics of the administrative district of municipalities with extended powers Tyn nad Vltavou, the sociodemographic conditions, agricultural land resources, protection of the landscape and monuments, hygiene, environment, transport infrastructure, housing and recreation. It also states the threats and risks of the city and its surroundings, the composition of the Crisis Staff, Security Council and flood the city authorities. There is a risk analysis method KARS and given a semi-structured interview with a representative of the crisis management of the city. Processing and evaluation of acquired and now these results was performed in MS Word, MS Excel.
|
|
|
Information Security Risk Analysis in company operating in the distribution of healthcare and beauty products
Genský, Oliver ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This thesis processes the risk analysis topic, which is included in the overall information security management system. Thesis is divided into two parts; theoretical and practical. Terms and processes used in the risk analysis are included in the theoretical part. This section also describes standards that offer best practices of information security management, based on historical experience in variety of businesses. The defined terms and the chosen standards and methods are thereafter applied in the practical section, where risks of a particular business are analyzed and afterwards supported by an evaluation of risks and proposed solutions. This work is concluded by an overall information security report, which is consulted with the lead management of the business.
|
|
|
Safety and risk analysis in practice
Hlahůlek, Jakub ; Luc, Ladislav (advisor) ; Mildeová, Stanislava (referee)
The aim of this work is getting acquainted with the safety of the companie's assets. To practicly verify the information methods of security management on companies implemented through adequate standards. Then perform risk analysis on a specific company and assess the most serious risks. In conclusion propose safety measures to prevent risks which have been analyzed in cooperation with the owner of this company.
|
|
|
Procedures of information risk management of software companies.
Fischer, Radek ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
Subject of the thesis is to take up possibilities of practical using of the Risk analysis which is a part of the Information security management system. Thesis is focused on risk management for typical organization which creates information systems. Main part of the thesis is the description of "ČSN ISO/IEC 27005:2013 - Information technology - Security techniques -- Information security risk management" standard, how could this standard be applied and also contains the explanation of typical examples of assets which can be in similar types of organizations. Theoretical part is aimed on explanation of key words in literature and closer description of organizations which creates this standard. Practical part shows creation of the Risk analysis methodology according to different accesses that are contained in this standard. Thesis continues with application of specific part of this methodology in practice. Assumed contribution of this thesis is better understanding to the process of making the Risk analysis methodology and possibilities its application in practice.
|
|
|
Utilization of SIEM systems for network events monitoring
Kopřiva, Milan ; Čermák, Igor (advisor) ; Habáň, Přemysl (referee)
In the last years we can observe an increasing number of security incidents varying in their focus, motives and success rate. Attacks are often conducted by very skilled organized groups with high knowledge base and they are increasing in their sophistication and efficiency. Because of those reasons information security is now one of the main fields of interest of IT experts. This thesis deals with Security information and Event Management technology and its usage for the detection of potentially harmful activity in a company's internal network. In the first chapter the elementary concepts of security are placed into the context of this thesis. Next chapter deals with security information and event management technology itself, its clear definition and describing the main functionality. The end of the theoretical part is dedicated to the author's view of the future and also to the problems concerning the implementation of SIEM solutions including return on investment calculation which has certain specifics in security field. Main benefit coming from this thesis is a clear description and creation of use cases aimed at the detecting suspicious activity in internal computer networks combined with their deployment in SIEM solution in real environment. The practical part of this thesis is dedicated to the configuration of the chosen device and its connection to the SIEM solution, and the assessment of usability of security events generated by the threat detecting device. Based on this assessment the use cases will be modelled and then deployed in the test environment. This thesis aims to bring on overall view into the security information and event management technology, starting with its definition and base functions. The primary goal of this thesis is use case designing for real time threat detection in a practical environment.
|
|
|
Exopolitics and Security in the 21. Century
Zelinka, Ladislav ; Prorok, Vladimír (advisor) ; Lisa, Aleš (referee)
The thesis introduces a new field of social sciences, the exopolitics, and poses a question, whether extra-terrestial intelligence constitutes a threat to security. The problem is discussed through analysis of primary data, which are in particular these: official documents, studies, letters, memoranda, witnesses' testimonies, official statements and other reliable evidence. Theoreticaly I refer to the existing exopolitical literature, mainly of M. Salla, and two selected papers. The aim is to show that the exopolitical study is actual, legitimate and well-founded and deserves more attention and credit. The thesis wishes to give an inspiring appeal to promote further study of the field through academia and other educational institutions.
|
|
|
The preparedness of the Emergency Medical Service of Zlin Region for Crisis Situations
MANA, Štěpán
Impacts of global climate changes in the form of repeated natural disasters are becoming a part of the day-to-day life of the present-day society. The issue of preparedness for extraordinary and crisis situations is becoming more and more topical. The Czech Republic is no exception; it regularly faces heavy rains, floods or snow. The key prerequisite for successful management of these emergencies is an effective prevention and preparedness in the form of crisis plans or crisis preparedness plans. The objective of my thesis is to find out whether Emergency Medical Service of Zlín Region is sufficiently prepared for the occurrence of emergencies and to propose solutions if shortcomings are identified. The Emergency Medical Service of Zlín Region constitutes a basic component part of the Integrated Rescue System of Zlín Region. As a provider of emergency medical services, it is included in the Crisis Plan of Zlín Region. Capacity for action and the activities of the Emergency Medical Service of Zlín Region have to be ensured not only in day-to-day operation, but also if an emergency occurs and continues. The theoretical part of my thesis provides a general overview of emergency and crisis planning, competencies of administrative authorities with respect to emergency medical services in case of an emergency situation announcement, traumatology plan and pandemic plan. This chapter includes also characterization of the legal entity of Emergency Medical Service of Zlín Region and description of special antropogenic and natural threats. The theoretical part is followed by qualitative research, which involves in particular a detailed study of available professional resources in printed and electronic form, especially crisis and emergency planning documents of Zlín Region and internal documents of Emergency Medical Service of Zlín Region. The practical part of the thesis contains an analysis of external and internal threats at respective ambulance stations of Emergency Medical Service of Zlín Region. The external risks analysis is based on the Crisis Plan of Zlín Region and Emergency Plan of Zlín Region, while the internal risks analysis is based on an expert estimate of potential risks at respective ambulance stations of EMS ZR. I assigned the potential impact on the activity of EMS ZK to each identified risk in the risk analysis. The outputs from the analysis became the main source for the preparation of the crisis preparedness plan. The analysis of external risks confirmed that agility and EMS ZK activities may disrupt in particular the following threats: natural flood (ambulance station in Zlín Peroutkovo nábřeží, Uherské Hradiště, Vsetín), special flood (ambulance station in Zlín - Peroutkovo nábřeží, Karolinka, Vsetín), risks arising from climatic conditions (especially heavy snow in Wallachia), disruption of pharmaceuticals and medical supplies (secondary consequence of the crisis) and electricity cuts (especially ambulance stations that do not dispose of emergency power unit). The thesis result is a proposal of Crisis Preparedness Plan of Medical Emergency Service of Zlín Region. A legal entity or an individual who secures the performance of measures resulting from the regional crisis plan is responsible for the preparation of the crisis preparedness plan. The particulars and manner of preparation of the crisis preparedness plan are described in detail in the Government Decree No. 462/2000 Coll., which implements the provisions of Sec. 27(8) and Sec. 28(5) of Act No. 240/2000 Coll., on Emergency Management and Amendment to Some Acts. When drafting the plan I proceeded according to valid legislation. This plan is an internal document of the legal entity to solve the challenges of security in crisis situations.
|
|
|
Risk management in agricultural business
KUNZ, Martin
The main goal of this thesis is evaluation of economy in farm management with a focus on risk assessment in business, cost-benefit analysis, evaluation of sales and evaluation of received grants. In fisrt part I studied themed books and articles by authors who are engaged in this issue. In the main theoretical part of this thesis provides ideas and the most important views of these books and some practical schemes. In the practical part of this thesis is risk analysis, as well as sales and distribution graphical representation of sales, horizontal and vertical analysis of overhead business, summary of action grants for business. The end of this thesis is dedicated to summary of the results of practical part.
|
guest ::
