|
|
Cloud Computing Audit for Small and Medium Enterprises
Kroft, Karel ; Svatá, Vlasta (advisor) ; Juříček, Jan (referee)
Cloud computing brings to the world of information systems many opportunities but also new risks. The main one is decreased customer ability to directly control the security of information and systems, because administration responsibility passes to providers. This thesis focuses on cloud services auditing from the small and medium enterprises perspective. In introduction, this work defines information system audit terminology, characterizes cloud services and analyzes international legislation. Standardization organizations, published standards and methodologies that are widely respected in IT field are introduced. For the trust mediation in the cloud are important independent third-party audits and organizations specializing in the examination and control of cloud providers. The assumptions list is assembled on this basis to support screening process and to check, whether enterprise, service providers and services are ready for creating efficient and safe cloud system. The assumptions are applied to selected cloud service providers.
|
|
|
Manage of internal Service desk in medium and large companies
Labant, Patrik ; Pour, Jan (advisor) ; Růžička, Bohuslav (referee)
This thesis is focused on managing the internal Service desk in medium and large companies. In the theoretical part is firstly defined what it's ICT service and how it is managed. It is followed by a characteristics of theoretical Framework ITIL, which deals with ICT services management. Then, a further theoretical framework COBIT is characterized, which also deals with the management of services, and these two frameworks are compared. The practical part consists of case study. A case study is based on analysis and evaluation of the current status of internally provided service Service desk at ALS Czech Republic. The analysis and evaluation is based on the knowledge and information contained in the theoretical part. The outcome of this work is general guidance for management of internally provided service Service desk in medium and large companies.
|
|
|
Matters of definition of application business owner role
Hák, Martin ; Svatá, Vlasta (advisor) ; Novák, Richard (referee)
This thesis maps the situation in information technology management on the interface between informational services delivery and business users with focus on one of the key roles -- service owner. From the theoretical point of view it's done on the basis of common IT methodologies, from the practical point of view on the basis of comparison of four insurance companies. The thesis concludes possible definitions of the role with regard to benefits achievable for the studied companies.
|
|
|
Management and Control of Servers and User Devices in the Context of Information Security
Jech, Vladimír ; Novotný, Ota (advisor) ; Doucek, Petr (referee) ; Čapek, Jan (referee)
Securing user devices and servers requires a complex approach which includes not only the configuration of the device itself but also many other factors. The goal of this thesis is to present principles of a new guideline aimed at security and management of user devices and servers in the context of information security. The first part of this paper is devoted to the analysis of existing industry standards, frameworks, guidelines, and other collections of best practice commonly used in the management of informatics and information and IT security. The analysis is complemented with a field research conducted among forefront specialists. Based on the analysis and research, a new methodic concept for the management and control of user devices and servers security called DEVSEC is described in the next part. The concept is constructed with emphasis on security requirements, security measures, processes, resources and the overall security assurance process. The last part of the paper provides results of the final research aimed at testing the concept in the envitonment of one financial firm and also results of another field research among security specialists. The DEVSEC contributes to the theory of management of informatics as well as to its practice. The concept represents a complex approach to the management and control of security of servers and user devices as well as a new guideline ready for practical utilization.
|
|
|
Implementation of multiproject management in terms of IT department of international business organization
Tůma, Pavel ; Chlapek, Dušan (advisor) ; Hausmann, Oto (referee)
The diploma thesis deals with the implementation of multiproject management in terms of international business organization and its IT department. The aim of this thesis is to describe the current state of project management in the IT department using methodology for measuring the maturity of processes. Define the management requirements for project portfolio tool, establish criteria for the selection and also tools comparison. After choosing the tool which satisfies all the requirements and criteria, proposal for implementation of this tool will follow. The conclusion is devoted to a summary of the results and proposals for change, to encourage improvement in the level of maturity of the project management process and project portfolio.
|
|
|
Information Security in the context of ITIL
Korous, Petr ; Bruckner, Tomáš (advisor) ; Chlapek, Dušan (referee)
The diploma thesis discusses information security management in the context of ITIL framework. In the introductory part is explained the concept of information security, its importance and main goals. In subsequent chapters, the work aims to explore methodologies, frameworks and standards related to information security and internal control. Selected frameworks and models and described and compared with each other based on different criteria. The comparison is also one of the benefits of the work because similar topics which compare different models of internal control and information security are quite rare in the literature. The practical part of the thesis forms new methodology on basis of researched models and standards, including ISO 27000, ITIL and COBIT. This methodology provides a relatively simple way to evaluate the level of information security in an organization. It uses process capability model which is applied on selected company. Another benefit of the thesis is the developed methodology and its demonstration on a selected company.
|
|
|
Audit informačního systému společnosti Terms a.s.
Eremiáš, Karel ; Svatá, Vlasta (advisor)
Práce shrnuje problematiku auditu informačního systému a tyto poznatky následně využívá při provedení auditu informačního systému v reálné společnosti. Audit je prováděn pomocí metodiky COBIT a respektuje nejen požadavky metodiky kladené na audit ale i speciální požadavky, které stanovila organizace. Práce zároveň ověřuje použitelnost metodiky COBIT při provádění auditu v podmínkách středně velké české společnosti.
|
|
|
Methodologies of information services management, their comparison and impacts on corporate ICT efficiency
Novák, Tomáš ; Voříšek, Jiří (advisor) ; Kufner, Vladimír (referee)
This diploma thesis engages with methodologies of managing processes in informatics. This thesis takes into account ITIL, COBIT and ITGPM frameworks considering primarily aspects of setting-up and ensuring SLAs of the services provided by informatics. The author of this thesis has chosen this topic with regards to his profession where as project manager has met typical problems related to the development as well as to the operation of information systems. The goal of this work is to find out what is the approach of each of the considered methodologies to SLAs and their fulfilment. In the second part the thesis is aimed in practical impact of SLAs to the development and operation phases of the service lifecycle. In the first part of the thesis, the given objectives are met on a theoretical level, where is for each of the selected methodological frameworks captured its approach to the issues related to an information service operation, its parameters and their ensuring. Next goal, still on theoretical level, is to find out, whether the individual methodologies (approaches) can be combined together in order to reach the needed quality of a service. In its second part is the thesis aimed on practical analysis of the SLA impact on the development and operational activities. As an example, the author describes necessary adjustments to the processes of both, the provider and the customer of any informatics service, beginning from the initial analytical phases to the live mode of the service. The practical part combines approaches of the given frameworks and adds author's experiences gained in the domain. In the end of the thesis, findings and conclusions resulting from the captured facts are briefly summarized, including the author's opinion and recommendations.
|
|
|
IS Audit - Theory and Practice
Fišera, Martin ; Svatá, Vlasta (advisor) ; Kalina, Jaroslav (referee)
The thesis covers the issue of IS audit in all its breadth. On the basis that this is a very complex area, it was necessary to divide the work into several logical and subsequent chapters. Quality and audit are the key words for this job. Therefore is them given the whole first chapter that chronologically describes the evolution of these concepts. Interpretation of quality is widely described since the Greece and Rome ancient, through Total Quality Management approach to the current understanding of the normative frameworks issued by ISO. There is the term audit continuously followed in the chapter of the concept of quality, whose development is also described in detail in chronological order starting from the reading public accounts to the current form of IS audit. Especially, we focus on development of the definition of audit and the relationship between the financial audits and IS. The second - last - part of the chapter is devoted to a detailed description of the reasons for the application of IS audit in practice. Because of the large specifications of the IS audit is this characteristic position in practice given the second chapter. This chapter contains not only description of the characteristics but also a brief outline of the issue of outsourcing and CloudComputing in relation to the audit of IS. The third chapter is devoted to a normative base of IS audit. Due to a large number of normative frameworks there are analysed only selected representatives in the chapter. These include the ISO / IEC 20000, COBIT, ITIL and others. They are thoroughly described, evaluated and compared to other possibly relevant for the definition of relations and benefit evaluation. The last chapter deals with design process of IS audit at a conceptual level. The aim is to freely continue on the normative base discussed in the previous chapter and a simple, versatile, easily applicable and adaptable IS audit process regarding defined limits.
|
|
|
Matters of definition of process owner role
Hejda, Jan ; Říhová, Zora (advisor) ; Tománek, Martin (referee)
The aim of this thesis is to map how the most common process-oriented methodologies and standards govern the issue of process ownership, define the role of a process owner and a comparison of these with a current practice in the corporate environment. The first part describes the theoretical concepts related to process management, including a description of selected methodologies. The following part is a questionnaire and its description followed by the expected responses based on previous theories. The last, third, part of the thesis contains an analysis based on the data obtained from the questionnaire respondents compared with the stated hypotheses and its evaluation.
|
guest ::
