|
|
Information Security Management in Healthcare Organization
Hajný, Jiří ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
The diploma thesis focuses on implementation and deployment of information security management system (ISMS) into healthcare organizations. Specifies what is required to include in this process and what not to forget. It includes a risk analysis of a branch of the selected company, and for it is written a safety guide. Safety guide provides advice and recommendations regarding security in terms of human resources, physical security, ICT security and other aspects that should be included in the ISMS deployment in healthcare organizations. The work also reflects the newly emerging law on cyber security. It is expected that the law will also address cyber security in healthcare.
|
|
|
The Implementation of ISMS in Small Company Focused on ICT
Kosek, Jindřich ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
The diploma thesis is focused on the design implementation of information security management system in a small business and is applying theoretical knowledge to real-life situations in a manufacturing company. First of all is performed analysis of current status and the consequent threats which can affect the company's assets. Thereafter are proposed measures based on identified risks and requirements of the owner.
|
|
|
Implementation of ISMS in the Commercial Company
Dejmek, Martin ; Soška, Libor (referee) ; Sedlák, Petr (advisor)
This master thesis deals with the implementation of information security management system in the company. It summarizes the theoretical background in this field and uses it to analyze the current state of information security, as well as analysis and risk management and not least the actual implementation of ISMS in the particular company. This work also contains three groups of measures that reduce the impact of identified risks and which also implements an essential parts of ISMS.
|
|
|
Security Management of Information Systems for the Kaliště Municipality
Kutiš, Pavel ; Bláha, Lukáš (referee) ; Sedlák, Petr (advisor)
This Diploma Thesis is being focused on Information Security Management System implementation for a certain municipality. The work has been divided into two parts. The first part deals with theoretical basis which are based on the ISO/IEC 27000 standards. The second part contains the practical implementation following the theoretical background from the first part. The implementation itself has been divided into three stages and this thesis is mainly concentrated on the first stage.
|
|
| |
|
|
Application of the act and subsequent regulation on cyber security at state administration´s offices
Pech, Jan ; Čermák, Igor (advisor) ; Jícha, Karel (referee)
The thesis is focused on the Czech act no. 181/2014 Sb., on cyber security and subsequent regulations, introduces origin and importance of act, defines the state administration´s office which identifies important information systems according to regulations, and subsequently thesis detailed analyses act and regulation on cyber security in relation to the defined state administration´s office. Keynote of this thesis is show the real application of identified obligations of the act and regulation to the defined state administration´s office, especially a design, implementation and management of organizational and technical security measures, including the evaluation of real impact on information security. To achieve the set goals author of this thesis uses the analysis of legislation, and draws own conclusions from author´s position of a security technologist who actively participated in the design security policy, and implementation and management of security tools. The benefit of this thesis is complex overview of the security employees work at defined state administration´s office, overview of the real fulfilment obligations of the act and regulation of cybernetic security, and ultimately this thesis brings ideas for further development of technical security tools. This thesis can brings benefit to other important information systems administrators as a set of processes, proposals and recommendation for their own information security management system. This thesis is structurally divided into four main parts. The first theoretical part introduces origin, importance and impact of the act on state and private organizations. The second analytical part analyses act and subsequent regulations in relation to the defined state administration´s office. The third practical part shows the real application of organizational and technical security measures. The fourth last part evaluates the real impact of measures on information security.
|
|
|
Management informační bezpečnosti
Janíček, Kryštof ; Čermák, Igor (advisor) ; Čelikovská, Martina (referee)
Information Security Management System (ISMS) gets superior level of importance. This paper focuses on Information Security Management and International Information Security Standards ISO/IEC 27001 and ISO/IEC 27002 (IISS). First par of thesis reviews the historical context and introduces the field to gain better understanding of following elaborate analysis of the changes, benefits, threats and consequences of ISMS. This paper objective to analyse older and newer issues of IISS based on comparative approach to evaluate benefits and risks of these changes, that ultimately reflect possible future developments.
|
|
|
Information Security Risk Analysis in company operating in the distribution of healthcare and beauty products
Genský, Oliver ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
This thesis processes the risk analysis topic, which is included in the overall information security management system. Thesis is divided into two parts; theoretical and practical. Terms and processes used in the risk analysis are included in the theoretical part. This section also describes standards that offer best practices of information security management, based on historical experience in variety of businesses. The defined terms and the chosen standards and methods are thereafter applied in the practical section, where risks of a particular business are analyzed and afterwards supported by an evaluation of risks and proposed solutions. This work is concluded by an overall information security report, which is consulted with the lead management of the business.
|
|
|
Information security and risk management in a particular company.
Slávková, Daniela ; Hykš, Ondřej (advisor) ; Plášková, Alena (referee)
The aim of the thesis is to apply the methodology of qualitative risk analysis according to ISO/EC/27005:2011 and to increase awareness of existing threats and impacts on information assets and to create possible security precautions to minimize identified threats in a particular company. The thesis is divided into five chapters. Introductory chapter explains the basic concepts of information security and risk management in the organization that are necessary for understanding of the principles and the importance of information security. The second chapter deals with the international standards aimed at information security and briefly describes ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27005. The following two chapters form a smooth transition from the theoretical to the practical part. The third chapter characterizes selected company and describes the current state of information security in the company. The fourth chapter forms the methodological apparatus of qualitative risk analysis, compiled in accordance with ISO/IEC 27005:2011. It also contains a list of relevant threats, to which an asset of the company is exposed. The last chapter is conducted to qualitative risk analysis, together with the draft of the precautions to minimize the risks. The practical section shows that by the implementing the proposed action the company will reduce existing risks to acceptable levels and will significantly improve the protection of information assets.
|
|
|
Implementation of information security
Hübner, Michal ; Chlapek, Dušan (advisor) ; Bruckner, Tomáš (referee)
The work deals with the introduction of a system of information security management system in organizations. The work is divided into two parts. The first part is devoted to the theoretical foundations of information security, that the reader can understand what entails the implementation of information security. In the second part assessed the current status of security measures implemented in enterprises. The goal is to collect available information about security of information into one document. Another objective is to assess the current state of security measures implemented by firms and the subsequent dismantling of the results. The contribution of this work is to create a comprehensive theoretical paper on the introduction of measures to manage security information. Another benefit is the creation of a review of security measures implemented in selected companies.
|
guest ::
