|
|
Decision Risks Management Methods
Janošík, Petr ; Chudý, Peter (referee) ; Kreslíková, Jitka (advisor)
This thesis deals with the matter of risk managament in IT projects. It explains the importance of risk management in such projects and shows different ways and methods of managing and analyzing the risks. After explaining the basic concepts and the various phases of risk management the text focuses on two methods of risk analysis - the fault tree analysis of event tree analysis. Use of both methods is explained for both quantitative and qualitative analyses. The second half of the work includes the design of an application for the support of risk analysis employing the methods of fault tree analysis and event tree analysis. This is followed by a description of the implementation of the proposed system in a web environment using jQuery, Nette Framework and Dibi.
|
|
| |
|
|
The Tool for Penetration Tests of Web Applications
Dobeš, Michal ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
The thesis discusses the issues of penetration testing of web applications, focusing on the Cross-Site Scripting (XSS) and SQL Injection (SQLI) vulnerabilities. The technology behind web applications is described and motivation for penetration testing is given. The thesis then presents the most common vulnerabilities according to OWASP Top 10. It lists the principles, impact and remediation recommendations for the Cross-Site Scripting and SQL Injection vulnerabilities. A penetration testing tool has been developed as a part of this thesis. The tool is extendable via modules. Modules for detection of Cross-Site Scripting and SQL Injection vulnerabilities have been developed. The tool has been compared to existing tools, including the commercial tool Burp Suite.
|
|
|
Information security management system project
Kameníček, Lukáš ; Kotek, Luboš (referee) ; Fiala, Alois (advisor)
This diploma thesis analyses the current state of information security management in an organization. In the theoretical part of the thesis general concepts are described as well as the relations between risk management and information security, applicable laws and standards. Further, the theoretical part deals with the risk analysis and risk management, strategies, standard procedures and methods applied in this field. In the practical part a methodology is suggested for information risk analysis in a particular organization and appropriate measures are selected.
|
|
|
Software for seeking vulnerable computers in network
Krkoš, Radko ; Pelka, Tomáš (referee) ; Polívka, Michal (advisor)
This thesis concerns about computer system and network infrastructure security. It describes the topic of security holes and vulnerabilities and discusses possibilities for computer attack defense. Common security holes and client and server systems configuration errors are described. There are stated simple rules and advices for configuring network environment according to security and minimalization of failure or violation risk due to security holes and vulnerabilities. Thesis adresses approaches of security hole detection in programs and devices entrusted to administrator, device and security holes inventory control and prevention possibilities. Thesis describes how to execute self security audit and how to process its results. It suggests techniques and methods to administer network, server, or intranet during its lifespan according to security. It also analyses existing available software and evaluates its features and resources with regard to security topic. Software is chosen to simplify work for administrator in some or more parts of security management like network condition analysis, error and vulnerability detection in computer systems, network infrastructure, web applications or applications for network alternation detection. Thesis recommends requirements for security audit application and discusses eligible features in regard of functionality and added value. Created set of scripts simplifies administrator's work by automating common and time consuming tasks and delivers information in compact and simple form, what makes the work more comfortable and shortens the reaction time to crises such as discovery of new security hole or security breach.
|
|
|
The Introduction of Information Security Management System in IT Enterprise
Riegl, Tomáš ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
This thesis deals with the introduction of information security management system in IT enterprise. It includes theoretical knowledge which are necessary for the understanding of this issue and their application for the analysis of the current state of information security, risk analysis and risk management. Last but not least for the actual implementation of information security management system in the company. The implementation of ISMS was divided into two phases. This thesis details the first phase.
|
|
|
Implementation of ISMS in the Commercial Company
Dejmek, Martin ; Soška, Libor (referee) ; Sedlák, Petr (advisor)
This master thesis deals with the implementation of information security management system in the company. It summarizes the theoretical background in this field and uses it to analyze the current state of information security, as well as analysis and risk management and not least the actual implementation of ISMS in the particular company. This work also contains three groups of measures that reduce the impact of identified risks and which also implements an essential parts of ISMS.
|
|
| |
|
|
Security and Risk Analysis in Practice
Calta, Filip ; Luc, Ladislav (advisor) ; Veber, Jaromír (referee)
This thesis describes issues of risk analysis and security of company assets. Theoretical part of the thesis looks into the terminology of the topic with closer familiarization of procedures that are commonly used in risk analysis solutions and in company information security. Practical part of the thesis is focused on application of risk analysis using ISO/IEC 27005 methods on a concrete company, which is focused on distribution and consultation in the field of audio and video technology business. In risk analysis qualitative methods of valuation are used. An output of the analysis could be seen in added annex. The output of this thesis should be a treatment that shall prevent creation of risks, which had been found in previously defined area. Scope of the study is focused on purchase and sale.
|
|
|
Vulnerability assesment tools
Charvát, Michal ; Veber, Jaromír (advisor) ; Klíma, Tomáš (referee)
This bachelor thesis is focused on a specific area of information systems security, which is called vulnerability assesment. Vulnerability assesment is executed with special tools called vulnerability scanners. In the the beginning of the first part I will introdukce the area of information systems security and its breaf history, the basic terms of vulnerability assesment and related topics, such as penetration testing. In the following part few test will be executed using some of the chosen available and free tools and then analyze its results. The main criteria will be the number and criticality of the given vulnerabilities. Finally the user-friedly aspect of each tool will be evalueted, which could be a little subjective matter.
|
guest ::
