|
|
Business Continuity Management in ITIL and CobiT methodologies
Holub, Jan ; Svatá, Vlasta (advisor) ; Toman, Prokop (referee)
This work deals with the importance of information for organizations and threats to the safety of IS / ICT, which the organization faces. Further about the information safety management according to ISO 27001 and 27002. The main goal of this work is to describe approaches to business continuity management using the BS 25999-1 and BS 25999-2 and specifics for the IT service continuity management according to ITIL and CobiT methodologies. This work searches for interactions and differences between the procedures for continuity management. In the final part the procedure is shown for the introduction of BCM in a telecommunications company on the sample process.
|
|
|
Integration of ISMS/ISO 27001/ISO 27002 to RWE company
Peroutka, Tomáš ; Bruckner, Tomáš (advisor) ; Chlapek, Dušan (referee)
The main theme of this diploma thesis is Information Security Management System (ISMS) which is based on security standard ISO 27001 and ISO 27002. This thesis is one part of the project of integration ISMS to company RWE. First goal is analysis of actual documentation of RWE. Second goal is proposal of ideal structure of ISMS documentation. Third goal is assignment the parts of RWE documentation to ideal structure of ISMS documentation. Analysis of actual documentation used knowledge about RWE documentation to create overview table with all documents and their relations. Ideal structure of ISMS documentation was based on selected parts of ISO 27001 and multicriterial analysis. Third goal of this thesis was reached by assignment parts of RWE documentation to selected parts of ISO 27001 from the second goal. Contribution of this diploma thesis is the ideal structure of ISMS documentation and form of old RWE documentation assignment, because these goals are usual steps of PDCA cycle of ISMS but they are described briefly and sparsely in security standards and works related to ISMS.
|
|
|
Assessment of approaches to security risk analysis
Koudela, Radek ; Doucek, Petr (advisor) ; Vachuda, Jan (referee)
Risk management is a process through which organizations are methodically devoted to the risks associated with their activities in order to get the biggest benefit from their business. It is also a rapidly developing field, where there is a variety of different approaches, methods, methodologies and standards in which may be little confusing. Therefore, this work offers a comprehensive and systematic view on the issue of risk analysis and management. Risk analysis is a cornerstone for effective security management of each company used for identification, description and quantification of risks, which should lead to acceptance of suitable measures for risk treatment. That is the reason why it requires a careful and methodical procedure described in this work. The main objective of this work is to analyse different approaches to risk analysis and management and thus highlight the importance of information security and protection of corporate assets. This approaches need to be understood as a different levels of detail of conducted risk analysis which will depend on initial maturity level (according to the CMM -- Capability Maturity Model) of information security process. The theoretical part of this thesis will explain relevant methodologies, techniques and procedure of risk analysis based on the ISO 27005 standard. From this part reader should learn what risk analysis is, what is it used for, how can it be carried out and what standards and methods can be used. The practical part will solve a real risk analysis project, which will demonstrate application of information obtained in the theoretical part.
|
|
|
Implementation of information security
Hübner, Michal ; Chlapek, Dušan (advisor) ; Bruckner, Tomáš (referee)
The work deals with the introduction of a system of information security management system in organizations. The work is divided into two parts. The first part is devoted to the theoretical foundations of information security, that the reader can understand what entails the implementation of information security. In the second part assessed the current status of security measures implemented in enterprises. The goal is to collect available information about security of information into one document. Another objective is to assess the current state of security measures implemented by firms and the subsequent dismantling of the results. The contribution of this work is to create a comprehensive theoretical paper on the introduction of measures to manage security information. Another benefit is the creation of a review of security measures implemented in selected companies.
|
|
|
Information security metrics
JÍNA, Karel
The aim of this bachelor thesis is to provide an overview about how the level of information security is solved and evaluated in practice. The readers will learn what metrics are, what are they used for and what role do they play in the Information Security Management System (ISMS). The system itself is being explained as well. The practical part presents execution of a research concerning the status of information security in several organizations and a proposal of several candidate metrics that could be used in the environment of Jihočeská univerzita.
|
|
|
Company network security monitoring
Kališ, Martin ; Pavlíček, Luboš (advisor) ; Matuška, Miroslav (referee)
Main focus of this work is on computer network security monitoring. In first part basic definitions for the area are formed and it also offers different ways to encompass monitoring into company security. Next part defines main functions of monitoring systems and provides guidelines for its implementation in organization. Practical part consists of defining key conditions for selection of monitoring solution and it also applies them when comparing several products available on the market. Then it presents author's view on future trends and development in this area based on facts from previous chapters. Whole work provides complete approach to security monitoring and offers definition of all key concepts and competencies for monitoring systems.
|
|
|
Internet attacks in term of end-user
Šírek, Martin ; Gála, Libor (advisor) ; Hlaváč, Jindřich (referee)
Personal computer connected to the Internet is a phenomenon of our time. Hand in hand with the positive development of the possibilities offered by the Internet is an effort to abuse them. Computer attacks are the crudest way of such abuse. This work explains the nature of cyber attacks and structure of the attacks. The aim is to explain how cyber attackers threat end-users of the computer and what defence exists against it. It's an introduction to the problem. The work is based around the assumption that the reader is a beginner in the field of information technology and the depth and scope of interpretation are adapted to it. For deeper study it refers to the sources in the rich list of used literature. The introductory section describes the structure of attacks and the interrelations between threats, assets (endangered goods) and vulnerability. Considerable space is devoted to the usage of social engineering for cyber attacks. Thereinafter methods,software and objectives of the attackers are explained. Measures against attacks are not missing too. The final section explains connections between the attacker's tools.
|
|
|
Risk Analysis for establishing of new application into the information system in banking
Štefek, Ivan ; Doucek, Petr (advisor) ; Klas, Jan (referee)
Bachelor thesis Risk Analysis for the establishing of new application into the information system in banking deals with the management of information security and Risk Analysis. Thematically is thesis divided into two parts, theoretical part and practical part. In the theoretical part I inform the reader with the concept of information security and three basic components. I am going to tell about the basic methodology for IT management. In the end I am going to tell something about threats and their impacts. The practical part is based on a summary of theoretical knowledge and there is a practical example. In my example of application My Bank I try to show the information risk analysis. Risk analysis consists of three main parts. In the first part is information classified in the application. There are three points of view, first is confidentiality, second is integrity and third is availability. In second part I try to look at threats and evaluate according to their likelihood. The final section compares the building secure of application with security, which should application have according to degree of risk classification.
|
|
|
Comparsion of classic and modern authentication methods
Koudela, Radek ; Doucek, Petr (advisor) ; Cidlina, Jaroslav (referee)
Owing to the growing significance of data protection and informatics in general, the importance of information system security counts among the most actual topics at this time. The main goal of this work is to give a comprehensive overview of the issue of users' authentication, including current trends on this field. There are also described the principles and working methods of classic and modern authentication methods, and listed their pros and cons. The main benefit lies in the comparison of these methods as well as in the evaluation of their deployment. As a result of this are suggestions, which can managers take into account when deciding about the method of authentication, and a description of weak points that need an attention. One part of this work also includes a reliability and performance test of modern biometric device.
|
|
|
Risk analysis of information systems
Král, Miroslav ; Luc, Ladislav (advisor) ; Mikulecký, Jan (referee)
Target of this study is to provide complete general view on security information management, which is classified into theoretical and practical part. There are defined processes of information security risk management and methodologies used for analysis of information systems, focus on risk management (CRAMM, OCTAVE, and MEHARI). There is reason for methodology choice at the end of practical part. Methodology CRAMM is used for risk analysis of information system in hospital environment. Last chapter of this study is dedicated to summary of results and there is approved project. Target of this project is applying of recommendations which result from analysis made. Contribution of this project is practical methodology usage and conceptual validation of theoretical frames in practice.
|
guest ::
