|
|
Market analysis of security software
Doležal, Ladislav ; Benáčanová, Helena (advisor) ; Řezníček, Dušan (referee)
In this thesis, I analyze the global supply of security software (for operating system Win-dows) with a focus on anti-virus programs, which currently mostly implicitly include vari-ous modules of security software. In the first part of my thesis, I will focus on the clarification of issues related to IS / IT se-curity and cybercrime. I describe here the security IS / IT in general, describes the basic concepts and information safety, so that readers gain a basic understanding of this issue. I explain the concept of cybercrime and characterize its main crime. The second part will focus on the clarification of issues relating to security and safety not only domestic, but also corporate computers. I further characterize the greatest threats of our time for PC users and the possibility of prevention. In the third part, I will analyze the security software market analysis due to their market shares and qualifying tests conducted by recognized independent organizations, so to currently provide their full offer. Using the survey I will find out what is the awareness on the selection and use of antivirus software, and on this basis determine what antivirus software are most popular by users.
|
|
|
Management and Control of Servers and User Devices in the Context of Information Security
Jech, Vladimír ; Novotný, Ota (advisor) ; Doucek, Petr (referee) ; Čapek, Jan (referee)
Securing user devices and servers requires a complex approach which includes not only the configuration of the device itself but also many other factors. The goal of this thesis is to present principles of a new guideline aimed at security and management of user devices and servers in the context of information security. The first part of this paper is devoted to the analysis of existing industry standards, frameworks, guidelines, and other collections of best practice commonly used in the management of informatics and information and IT security. The analysis is complemented with a field research conducted among forefront specialists. Based on the analysis and research, a new methodic concept for the management and control of user devices and servers security called DEVSEC is described in the next part. The concept is constructed with emphasis on security requirements, security measures, processes, resources and the overall security assurance process. The last part of the paper provides results of the final research aimed at testing the concept in the envitonment of one financial firm and also results of another field research among security specialists. The DEVSEC contributes to the theory of management of informatics as well as to its practice. The concept represents a complex approach to the management and control of security of servers and user devices as well as a new guideline ready for practical utilization.
|
|
|
Information security and risk management in a particular company.
Slávková, Daniela ; Hykš, Ondřej (advisor) ; Plášková, Alena (referee)
The aim of the thesis is to apply the methodology of qualitative risk analysis according to ISO/EC/27005:2011 and to increase awareness of existing threats and impacts on information assets and to create possible security precautions to minimize identified threats in a particular company. The thesis is divided into five chapters. Introductory chapter explains the basic concepts of information security and risk management in the organization that are necessary for understanding of the principles and the importance of information security. The second chapter deals with the international standards aimed at information security and briefly describes ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27005. The following two chapters form a smooth transition from the theoretical to the practical part. The third chapter characterizes selected company and describes the current state of information security in the company. The fourth chapter forms the methodological apparatus of qualitative risk analysis, compiled in accordance with ISO/IEC 27005:2011. It also contains a list of relevant threats, to which an asset of the company is exposed. The last chapter is conducted to qualitative risk analysis, together with the draft of the precautions to minimize the risks. The practical section shows that by the implementing the proposed action the company will reduce existing risks to acceptable levels and will significantly improve the protection of information assets.
|
|
|
Utilization of SIEM systems for network events monitoring
Kopřiva, Milan ; Čermák, Igor (advisor) ; Habáň, Přemysl (referee)
In the last years we can observe an increasing number of security incidents varying in their focus, motives and success rate. Attacks are often conducted by very skilled organized groups with high knowledge base and they are increasing in their sophistication and efficiency. Because of those reasons information security is now one of the main fields of interest of IT experts. This thesis deals with Security information and Event Management technology and its usage for the detection of potentially harmful activity in a company's internal network. In the first chapter the elementary concepts of security are placed into the context of this thesis. Next chapter deals with security information and event management technology itself, its clear definition and describing the main functionality. The end of the theoretical part is dedicated to the author's view of the future and also to the problems concerning the implementation of SIEM solutions including return on investment calculation which has certain specifics in security field. Main benefit coming from this thesis is a clear description and creation of use cases aimed at the detecting suspicious activity in internal computer networks combined with their deployment in SIEM solution in real environment. The practical part of this thesis is dedicated to the configuration of the chosen device and its connection to the SIEM solution, and the assessment of usability of security events generated by the threat detecting device. Based on this assessment the use cases will be modelled and then deployed in the test environment. This thesis aims to bring on overall view into the security information and event management technology, starting with its definition and base functions. The primary goal of this thesis is use case designing for real time threat detection in a practical environment.
|
|
|
Návrh postupů pro ověření odolnosti podnikové LAN proti síťovým útokům
Janza, Čeněk
Čeněk Janza, Suggest procedure for check corporate LAN resistance against the network attacks. Bachelor thesis. Brno: Mendelova Univerzita, 2014. The bachelor thesis deals with penetration tests and methods in testing the resili-ence of enterprise networks against external attacks. It describes the basic ele-ments without safety nets, the most common types of attacks and their principles. It also describes the tools used in the real world, and displays the results.
|
|
|
Information Security in the context of ITIL
Korous, Petr ; Bruckner, Tomáš (advisor) ; Chlapek, Dušan (referee)
The diploma thesis discusses information security management in the context of ITIL framework. In the introductory part is explained the concept of information security, its importance and main goals. In subsequent chapters, the work aims to explore methodologies, frameworks and standards related to information security and internal control. Selected frameworks and models and described and compared with each other based on different criteria. The comparison is also one of the benefits of the work because similar topics which compare different models of internal control and information security are quite rare in the literature. The practical part of the thesis forms new methodology on basis of researched models and standards, including ISO 27000, ITIL and COBIT. This methodology provides a relatively simple way to evaluate the level of information security in an organization. It uses process capability model which is applied on selected company. Another benefit of the thesis is the developed methodology and its demonstration on a selected company.
|
|
|
Adequate information security
Drtil, Jan ; Molnár, Zdeněk (advisor) ; Čapek, Jan (referee) ; Lukáš, Luděk (referee)
Abstract 1) Goal of the thesis There is an assumption that companies are nowadays spending money on IT Security not according to the importance of the information for the company. In order to prove it or not, this thesis is about to check it. In case that this is true, the aim of this thesis will be to find out the methodology that can be used to verify, whether money are spent effective and efficiently or not. 2) Aiming of the thesis From the content point of view the focus of this work is information security methodics. From the research point of view the research was conducted on medium and small organisations in automotive, mainly due to the fact that automotive industry is an important part of our national economy (approx. 8% of GDP). 3) Outcomes of the thesis From the theory point of view the definition of "adequacy" of the information security was set. Adequacy consists of two parts -- the value of information, and the importance of information. The way how to determine both value and importance was found as well. From the reality point of view there was a finding that researched organisations do not undergo any systematic approach in the information security, what can negatively impact the frequency and importance of security incidents in the organisations. One of the main results of the research is the fact that in case there is a need to make effective and efficient information security based on the support of the management of the company. Finally, the next result is creating and verification of the "Adequate information security methodology", which can be used by managers in order to increase effectiveness and efficiency of the sources spent on information security. There is an extension of this Methodology covering the individuality of the decision maker and circumstances that influence him.
|
|
|
Analysis of the state of information security in the environment of municipality Strakonice
Hejhal, Tomáš ; Doucek, Petr (advisor) ; Veber, Jaromír (referee)
This thesis is about information system analysis of municipality Strakonice with focus on its security side in comparison with security standards ISO/IEC 27000. This thesis has three main parts. The first part is about theory to the topic, respective about organization's basic information and relevant laws and standards. Second part include information system risk analysis of city Strakonice with suggestions reducing individual risks with establishing countermeasures or this risk providing with insurance. In case of low risk can be this risks accepted. Third part is about current state of information security. Benefits and purpose of this thesis is to write up risk analysis for IS of municipality Strakonice and write up analysis of current state of information security with recommendations for improvement.
|
|
|
Registr IT rizik
Kohout, Karel ; Doucek, Petr (advisor) ; Luc, Ladislav (referee)
The theoretical part of the thesis analyzes several selected methodologies and best-practices related to information technology risks management, with focus on documents and guidance developed by ISACA. It builds a set of ideas and basic requirements for effective model of an IT risk register. Strong emphasis is placed on mapping CobiT 4.1 based Risk IT to COBIT 5. The practical part describes implementation of an exploratory web-based IT risk register in Python programming language utilizing the Django framework and employs concepts from the analysis.
|
|
| |
guest ::
