|
|
Security of Web Portals in Public Administration
Rašín, Petr ; Tyrychtr, Jan (advisor) ; Veronika, Veronika (referee)
The thesis is concerned with the issues of web portals security which are operated by the public sector in the Czech Republic. The theoretical part describes the basic terms and principles of public administrative with an emphasis on the computerization of the public administrative (or so called the eGovernment). In connection with the cybernetic security act there are described the standards of the information security management system ISO/IEC27001 and ISO/IEC27002 and the current OWASP methodology, which is focused on the area of web application´s security. Furthermore there is formulated the specific methodology of testing the web portal´s security of municipalities in the Czech Republic, the identification of weaknesses and interpretation of the ascertained outcomes. The methodology is verified within the case study of web portal´s security testing of particular municipalities. The established outcomes are documented, evaluated and the owners of web portals are given the recommendations to improve the level of their application´s security.
|
|
|
The Implementation of ISMS in a Small Company
Svoboda, Milan ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The diploma thesis focuses on proposing an information security management system (ISMS) in a small company. This publication includes theoretical facts, which are needed to understand and design a ISMS. The design proposal of the ISMS itself is based on an analysis of the current status of the company's information security. The proposed security measures are based on the actual state of information security within the company, and on recommendations stemming from the ISO/IEC 27000 standard.
|
|
|
Assessment and a Proposal for Information Security in the Organization
Rybáková, Alena ; Šarbort, Jakub (referee) ; Ondrák, Viktor (advisor)
This diploma thesis deals with the issue of information security in the organization. Author's effort is to gain a broad overview of connections, which will then be evaluated in the final section, providing concrete recommendations. In this thesis it is discussed information security management system, service management system and cyber security, both in theory and in terms of real application in a particular organization. The aim is to provide own recommendations for improvement.
|
|
|
Cyber risk in banking
Linert, Jan ; Teplý, Petr (advisor) ; Stádník, Bohumil (referee)
The bachelor thesis deals with the cyber risk in banking industry. Its main goal is to stress the imporatance of cyber risk both verbally and numericaly and review the approach of banks to this risk. The first part of this thesis specifies what cyber risk is and how it fits among other operational risks, presents the common cyber-attacks and archetypes of cyber criminals, later it delves into the cyber risk in Czech Republic and at the end of this part it mentions the legislation that covers the cyber risk. The second part of this thesis examines the cyber risk from three different angles: the amount of security threats from the analyses of security experts, the importance of cyber risk to the bankers from market analyses and evolution of the regulatory capital for operational risk from annual reports of chosen banks and the statistical data of EBA, ECB and ČNB.
|
|
|
The Cyber Security Act and its impacts on obliged entities
Draganov, Vojtěch ; Čermák, Igor (advisor) ; Hájíček, David (referee)
The thesis looks into the act No. 181/2014 Coll. Cyber Security Act (hereinafter referred to as "CSA") and its impact on obliged entities with focus on the regional authorities of the Czech Republic. The thesis starts with introduction into the issue of the CSA and cybersecurity from the point of view of the state, subsequently it refocuses on the level of regulated organizations. The main pillar and contribution of the thesis is the CSA analysis with the aim to identify impact of the CSA in the obliged entities. Based on this analysis author designed the questionnaire survey of the CSA impact on the regional authorities. The survey relates to information security management system, kinds of burden stemmed from the CSA implementation, willingness to use funding from the European Regional Development Fund (ERDF) to implement the CSA, a possibility to outsource the cybersecurity and also opinions of the county council staff about the CSA. The survey shows that in spite of a pressure on standardization stemming from legal framework, county councils differs significantly in regard to information security management systems. On the other hand, respondents agreed on positive impact of the CSA on improvement of information and the cyber security although the CSA brings significant financial and organizational load to the organization. The survey also shows that some regional authorities only start to implement cybersecurity currently. The cybersecurity evolves in the researched organization quite dynamically and it would be beneficial to repeat the impact analyses again, after first wave of the CSA implementation will be finished.
|
|
|
Framework for on-line service security risk management
Mészáros, Jan ; Buchalcevová, Alena (advisor) ; Čermák, Igor (referee) ; Doucek, Petr (referee) ; Jirovský, Václav (referee)
This dissertation thesis is dedicated to on-line services security management from service provider's and service consumer's viewpoints. The main goal is to propose a framework for on-line services security risk management, to develop a supporting software tool prototype and to validate them through a case study performed in a real-world environment. The key components of the proposed framework are a threat model and a risk model. These models are designed to fit specific features of on-line services and the surrounding environment. A risk management process is an integral part of the framework. The process is suitable for frequent and recurrent risk assessments. The process comprises of eight steps, related roles and responsibilities are defined for each step. The process execution results in identification and execution of proper tasks which contribute to treatment of identified security risks and deficiencies. Documentation and reporting of an overall level of on-line services security over time is possible if the process is executed on a regular basis. The proposed framework was validated through a case study performed in a large enterprise environment.
|
|
|
Web application security
Matušek, Václav ; Palovský, Radomír (advisor) ; Pinkas, Otakar (referee)
The Bachelor thesis deals with the security of web applications. The main aim is to create complex view of most frequent attacks in practice and also to describe possibilities in prevention of the attacks. The prevention is described for both, user's and developer's side. Thesis contains also information about their origin and reminds the attacks from the past. It includes review of the standards and Czech legislation, which affect the security or define proper way how to develop the application. Important output of this thesis is also list of rules, which helps the developer to design secure application.
|
|
|
CERT / CSIRT teams and cyber security
Rezníčková, Dominika ; Klíma, Tomáš (advisor) ; Veber, Jaromír (referee)
The main goal of this bachelor thesis is to provide brief description of contemporary situation in the field of cyber security and the role of national CERT team in it according to the newly adopted Law no. 181/2014 Coll., on Cyber Security and to make comparison of theoretical principles with their applying in praxis. Thesis is divided into two main parts. First one, a theoretical part, comprehends basic information on cyber security, cybercrime and security incidents and consequently focuses on roles of CERT / CSIRT teams in a perspective of security incidents and cyber security in general, reasons for a formation of the first CERT team and following development, its functions and responsibilities nowadays and finally the thesis presents possible opportunities of collaboration between CERT teams within international organisations and platforms. The second part of the thesis is practical and consists of content analysis of The Law on Cyber Security and its consequences and impacts. The main focus of the thesis is set up on explaining a role of a national team and its sphere of authority in the Czech Republic after the law has entered into force. To provide information about practical operation directly from the source, I will interview two cyber security specialists working in The National CSIRT Team of the Czech Republic called CSIRT.CZ, which is currently operated by the association CZ.NIC. Among other information, I will include a specific example of coordinating activity happened under the auspices of the team during the security incident. As a conclusion of this work is a summary of the achievements and benefits of work depending on the previous foreground and the comparison.
|
|
|
Cybersecurity
Fleischmannová, Veronika ; Havlová, Radka (advisor) ; Dubský, Zbyněk (referee)
This master thesis entitled Cybersecurity deals with cybersecuriy issue. The theoretical part defines basic concepts related to cybersecurity and cyber threats classification. The practical part deals with a case study regarding disputes between China and the US in cyberspace. The goal will be to test a hypothesis that China and the United States are at cyberwar with each other.
|
|
|
Cyber security and legislation of the Czech Republic
Kratochvíl, David ; Doucek, Petr (advisor) ; Veber, Jaromír (referee)
Contemporary society is increasingly influenced by computers and internet environment and it meets with issues related to cybercrime. There are already a number of laws, whether at EU or national governments, which are trying to reduce or prevent risks associated with hackers, cyber terrorism or any other illegal activities in cyberspace. Thesis "Cyber security and legislation of the Czech Republic", is divided into two main parts. In the first theoretical part, the reader apprise with cybercrime in general. You can read about methods of investigation, types of illegal activities and how to prevent such practices. The second part consists of an analysis of the current legislation of the Czech Republic, EU and Legislative intent of the law on cyber security. I will describe the bill, analyze and appraise its benefits to society. In conclusion of this thesis, I will summarize the achievement of results and objectives of the work.
|
guest ::
