|
|
Information security management system project
Kameníček, Lukáš ; Kotek, Luboš (referee) ; Fiala, Alois (advisor)
This diploma thesis analyses the current state of information security management in an organization. In the theoretical part of the thesis general concepts are described as well as the relations between risk management and information security, applicable laws and standards. Further, the theoretical part deals with the risk analysis and risk management, strategies, standard procedures and methods applied in this field. In the practical part a methodology is suggested for information risk analysis in a particular organization and appropriate measures are selected.
|
|
|
The Introduction of Information Security Management System in IT Enterprise
Riegl, Tomáš ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
This thesis deals with the introduction of information security management system in IT enterprise. It includes theoretical knowledge which are necessary for the understanding of this issue and their application for the analysis of the current state of information security, risk analysis and risk management. Last but not least for the actual implementation of information security management system in the company. The implementation of ISMS was divided into two phases. This thesis details the first phase.
|
|
|
Implementation of ISMS in the Commercial Company
Dejmek, Martin ; Soška, Libor (referee) ; Sedlák, Petr (advisor)
This master thesis deals with the implementation of information security management system in the company. It summarizes the theoretical background in this field and uses it to analyze the current state of information security, as well as analysis and risk management and not least the actual implementation of ISMS in the particular company. This work also contains three groups of measures that reduce the impact of identified risks and which also implements an essential parts of ISMS.
|
|
| |
|
|
Security and Risk Analysis in Practice
Calta, Filip ; Luc, Ladislav (advisor) ; Veber, Jaromír (referee)
This thesis describes issues of risk analysis and security of company assets. Theoretical part of the thesis looks into the terminology of the topic with closer familiarization of procedures that are commonly used in risk analysis solutions and in company information security. Practical part of the thesis is focused on application of risk analysis using ISO/IEC 27005 methods on a concrete company, which is focused on distribution and consultation in the field of audio and video technology business. In risk analysis qualitative methods of valuation are used. An output of the analysis could be seen in added annex. The output of this thesis should be a treatment that shall prevent creation of risks, which had been found in previously defined area. Scope of the study is focused on purchase and sale.
|
|
|
Vulnerability assesment tools
Charvát, Michal ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
This bachelor thesis is focused on a specific area of information systems security, which is called vulnerability assesment. Vulnerability assesment is executed with special tools called vulnerability scanners. In the the beginning of the first part I will introdukce the area of information systems security and its breaf history, the basic terms of vulnerability assesment and related topics, such as penetration testing. In the following part few test will be executed using some of the chosen available and free tools and then analyze its results. The main criteria will be the number and criticality of the given vulnerabilities. Finally the user-friedly aspect of each tool will be evalueted, which could be a little subjective matter.
|
|
|
Security evaluation of the PHP application according to OWASP ASVS standard
Sůva, Jakub ; Mészáros, Jan (advisor) ; Buchalcevová, Alena (referee)
The goal of this bachelor's thesis is to verify security level of web application. Verification is based on the standard called OWASP ASVS 2013 Beta especially on its first level of requirements. To achieve the goal thesis uses semi-automated white box penetration tests and interview. The thesis is limited to testing of PHP web applications and it is divided into two main sections, theoretical and practical. The theoretical part is mainly focused on introducing penetration testing of web applications in general. Cardinal part is description of OWASP ASVS 2013 Beta. A research of automated testing tools is done in the practical section. One of the tools is chosen afterwards to make the testing of web application more efficient. Practical part is mostly focused on the tests themselves. The end result is comprehensible report with outcomes and their interpretation.
|
|
|
Web application security
Matušek, Václav ; Palovský, Radomír (advisor) ; Pinkas, Otakar (referee)
The Bachelor thesis deals with the security of web applications. The main aim is to create complex view of most frequent attacks in practice and also to describe possibilities in prevention of the attacks. The prevention is described for both, user's and developer's side. Thesis contains also information about their origin and reminds the attacks from the past. It includes review of the standards and Czech legislation, which affect the security or define proper way how to develop the application. Important output of this thesis is also list of rules, which helps the developer to design secure application.
|
|
|
Information Security Risk Analysis in company operating in the distribution of healthcare and beauty products
Genský, Oliver ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This thesis processes the risk analysis topic, which is included in the overall information security management system. Thesis is divided into two parts; theoretical and practical. Terms and processes used in the risk analysis are included in the theoretical part. This section also describes standards that offer best practices of information security management, based on historical experience in variety of businesses. The defined terms and the chosen standards and methods are thereafter applied in the practical section, where risks of a particular business are analyzed and afterwards supported by an evaluation of risks and proposed solutions. This work is concluded by an overall information security report, which is consulted with the lead management of the business.
|
|
|
Vulnerability Management in the Corporate IT Infrastructure
Hronek, Tomáš ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
The present thesis deals with the area of vulnerability management and its relation to information security. Its main purpose is to set the topic of vulnerability management in context of company information security and to explain its relationship to related disciplines. In the practical part, selected vulnerability assessment tools are compared and methodology is applied to determine the criticality of the vulnerabilities identified in relation to the provided IT services. The objectives were achieved by literature review, personal consultations with employees responsible for information security at J&T Bank and by comparing the results of several tools for assessing vulnerability (Nessus, Retina, OpenVAS, Nexpose, Tripwire). To date, there has not been published a thesis devoted exclusively to the topic of vulnerability management. This thesis is the first one to provide comparable results of vulnerability scanning of the same targets. Equally valuable is the application of Common Vulnerability Scoring System to determine the criticality of the vulnerabilities identified in relation to delivered IT services.
|
guest ::
