|
|
The Proposal for Implementation of Essential ISMS Sections at the Primary School
Kryštof, Tomáš ; Miloš,, Půlpán (referee) ; Sedlák, Petr (advisor)
This master thesis is concerned with the information security on a specific primary school. In the first and second part of this thesis there is an endeavor to provide basic theoretical starting points about ISMS issues, and to get an overview about the current state of the information security at the primary school. This is followed by the practical part where there is the proposal of suitable security steps and recommendation for solution of the most important tasks from the ICT management security perspective.
|
|
|
Increase Security Awareness at the Secondary and Higher Vocational Schools
Kornelly, Aleš ; Rybáková, Alena (referee) ; Sedlák, Petr (advisor)
This thesis describes the design and implementation of ISMS to a particular high school. The aim is to provide our own recommendations and suggestions to improve the current situation. Introductory section explains the various basic concepts related to ICT security, the next section describes the facilities of the school and the current state of the school. In the practical part are individually discussed the proposed security measures.
|
|
|
System for Audit Support of Information Security Management
Soukop, Tomáš ; Květoňová, Šárka (referee) ; Kreslíková, Jitka (advisor)
This master thesis describes creation of system for audit support of information security management. In the next chapters I will explain what is the information security, system of information security, audit system and what standards we have for this. Last but not least is described how to create a system for audit support. The whole design is created with usage of standards for quality management and information security management. System is oriented for web environment.
|
|
|
Information Security in Small Business
Priesnitz, Pavel ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
The aim of this master‘s thesis is the description of the information security implementation into a specific small business. The theoretical part of the paper summarizes the information of related standards and methods. The analytical part describes the process, information and ICT enviroment of a particular organization. The third part of this thesis focuses on a risk analysis and choosing and deployment the relevant controls and their objectives for ISMS implementation.
|
|
| |
|
| |
|
| |
|
|
Impact of regulations ISO 27001 and SOX on information security management in enterprises
Bystrianska, Lucia ; Bruckner, Tomáš (advisor) ; Tomčová, Zuzana (referee)
The master thesis has analytical character and focuses on information security issues in enterprises. The mail goal of this thesis is to evaluate the impact of implemented standard ISO/IEC 27001 and regulation by American law SOX to overall information security. In order to preform the analysis, two medium-sized companies from the segment of services were selected: the first one with ISO/IEC 27001 certification and the second one regulated by SOX. The structure of the thesis contributes gradually with its steps to meet the goal. The first three chapters provide a theoretical basis for the analysis of information security. They contain a summary of key processes and tools essential for ensuring the information security and are based on the best practices included within the latest standards and methodologies and on practical experience. These chapters provide the basis for an evaluation guidance including criteria groups and defined variants of implemented security, which is described in the fourth chapter. The analysis of information security and the impact of regulations is part of the fifth chapter of this document. The sixth chapter contains final assessment and comparison of the impact, which the regulations have on information security of the selected companies. The final chapter summarizes and evaluates the results achieved with regards to the goal.
|
|
|
ISO 9001:2008 compatible IT Management System Specification for IS/IT Non-intensive Small Businesses
Lozan, Petr ; Voříšek, Jiří (advisor) ; Pecha, Tomáš (referee)
Information systems and technologies (IT) are ubiquitous and play a significant role in everyday life of people and enterprises. Even the smallest organisations need to be sure, that their information systems are working properly, appropriately support their operations, are cost-effective and comply with regulations and other requirements. The service-based management approach to management of enterprise IT is the most promoted and widely used. But what if this approach is not equally suitable for enterprises of all sizes? This thesis presents an alternative approach to IT management, directly built on requirements of well-known International Standard ISO 9001:2008. For many people who know and understand ISO 9001 and its requirements, it should be easier to use their knowledge about management of quality for managing of IT than learn and implement IT service management and -- probably -- try to find out how to scale service management down to the environment of limited resources which is typical for small businesses. Author describes ISO 9001 as universal management system model and investigates requirements of ISO 9001:2008 related to information technology. Then attention is aimed to existing International Standards for various aspects of IT governance and management. Text describes main content of ISO/IEC 38500 for IT Governance, ISO/IEC 20000 for service management, selected standards from ISO/IEC 27000 series for information security management and ISO/IEC 19770-1 for software asset management. Next chapter shows mainly approach of COBIT5 and COBIT solutions suitable for small businesses -- COBIT Quickstart and COBIT Security Baseline. Last part of text explains, how ISO 9001:2008 was used and adapted to create the main subject of this thesis -- ISO 9001:2008 compatible IT Management System Specification for IS/IT Non-intensive Small Businesses.
|
|
|
Implementation of information security
Hübner, Michal ; Chlapek, Dušan (advisor) ; Bruckner, Tomáš (referee)
The work deals with the introduction of a system of information security management system in organizations. The work is divided into two parts. The first part is devoted to the theoretical foundations of information security, that the reader can understand what entails the implementation of information security. In the second part assessed the current status of security measures implemented in enterprises. The goal is to collect available information about security of information into one document. Another objective is to assess the current state of security measures implemented by firms and the subsequent dismantling of the results. The contribution of this work is to create a comprehensive theoretical paper on the introduction of measures to manage security information. Another benefit is the creation of a review of security measures implemented in selected companies.
|
guest ::
