|
| |
|
|
Proposal for the ISMS Implementation in the Company
Trunkát, Jan ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
The master´s thesis is aimed at Proposal for the information security management system implementation in the company. It introduces with basic concepts of information security and provides general procedures for information security management system. As part of the work was carried out a risk analysis company and proposed measures to reduce risk. Work is mainly drawn from the series of standards ISO/IEC 27000.
|
|
|
Assessment and a Proposal for Information Security in the Organization
Rybáková, Alena ; Šarbort, Jakub (referee) ; Ondrák, Viktor (advisor)
This diploma thesis deals with the issue of information security in the organization. Author's effort is to gain a broad overview of connections, which will then be evaluated in the final section, providing concrete recommendations. In this thesis it is discussed information security management system, service management system and cyber security, both in theory and in terms of real application in a particular organization. The aim is to provide own recommendations for improvement.
|
|
|
Information Security in Small Business
Priesnitz, Pavel ; Sedlák, Petr (referee) ; Ondrák, Viktor (advisor)
The aim of this master‘s thesis is the description of the information security implementation into a specific small business. The theoretical part of the paper summarizes the information of related standards and methods. The analytical part describes the process, information and ICT enviroment of a particular organization. The third part of this thesis focuses on a risk analysis and choosing and deployment the relevant controls and their objectives for ISMS implementation.
|
|
|
Security risks according to ISO 27001
Doubková, Veronika ; Oujezský, Václav (referee) ; Horváth, Tomáš (advisor)
This diploma thesis deals with the management of security information, according to ISO/IEC 27005 and it is implementation in the Verinice software environment. The risk information management process is applied to a critical infrastructure, that is connected to a optical fiber network. The work focuses on incidents aimed at threatening data from optical threats and active network elements in transmission systems. The result of the work is defined as a risk file in the .VNA format containing identified risks, for which appropriate measures are implemented in connection with the requirements of ISO/IEC 27001, for the protection of critical infrastructures and transmitted data in the transmission system.
|
|
|
Small Company Mobile Security
Válka, Radek ; Novotný, Vít (referee) ; Ondrák, Viktor (advisor)
In the course of the work, an analysis of security issues with the use of mobile devices in a small company is created. Based on this analysis, are identified risks that could have an impact on the security of the company's information due to malicious code on the mobile device or unauthorized access to the mobile device. To eliminate or reduce these risks, are proposed safety measures inspired by the measures in the ČSN ISO/IEC 27002 standard, on which the bachelor's thesis is focused.
|
|
|
Cybersecurity in the engineering industry
Jemelíková, Kristýna ; Blecha, Petr (referee) ; Maradová, Karla (advisor)
The master’s thesis deals with the management of cyber security in a manufacturing company. The theoretical part contains concepts and knowledge of cyber security and discusses the current requirements of legislation and standards of the ISO/IEC 27000 series. In practical part are proposed measures to increase cyber security and information security based on the theoretical background and analysis of current state in the selected company.
|
|
|
Application of Information Security Management in Public Administration
Trtílek, Ivo ; Krčál, Šimon (referee) ; Sedlák, Petr (advisor)
The diploma thesis deals with an application of information security management system in the organization of public administration and local government. It defines important terms and describes the best practices which are compliant with the ISO/IEC 27000. It contains draft of security manual that can be used as an organization tool for human resources security, IT and physical and environmental security of the organization.
|
|
|
Design of Chosen Parts of ICT Security
Zajíček, Juraj ; Papež, Václav (referee) ; Ondrák, Viktor (advisor)
This bachelor`s thesis is focused on the security of information and communication technologies in a particular company. This company is a branch office for the Slovak Republic and the Czech Republic. Specifically, it is about the proposition and management of the program for awareness and training in information security of the company. First part of the thesis contains theoretical informations about information security. In second part is the analysis of the current state of ICT technologies of the company. In last part is overall evaluation of the analysis and own suggestions for solutions. Last part also includes the concept of program management and specific suggestions for practical implementation.
|
|
|
Enterprise Information Security
Král, David ; Koch, Miloš (advisor)
Quality security of sensitive data and key assets becomes now a question of absolute necessity for a company of any size and orientation. History of evolution of information security began particularly in environment of large organizations, that processed a large amount of data. It is logical that it was larger and richer companies which often have sufficient resources to invest in the security of their assets. Moreover, relatively large percentage of small and medium-sized businesses have about the security of its information somehow faulty ideas. More and more attackers are focusing on mid-sized organizations, which are insufficiently protected and they find it much easier to get to their sensitive data. Small and medium-sized companies are often preventing the implementation of certified standards. The reason is the fear of heavy formal administration, which is often required for certification, but is mainly for small businesses unnecessary and burdensome. For medium-sized organizations (50-250 employees), the certain administration associated with information security is a necessity. Employees, as in small businesses, are familiar with each other, but already there is a certain degree of anonymity, which may trigger the fact that some employees will not respect security procedures, especially if they are not precisely defined, and compliance will not be regularly checked. It depends on several circumstances, whether the certification is appropriate for the organization or the establishment of their internal methodology for information security. Methodology of balanced information security, which is the subject of this article is primarily proposed for small and medium-sized businesses. Its aim is to define the most important and absolutely necessary criteria for information security so that the system meets the requirements of a comprehensive solution of the issue. On the other hand, it seeks how to minimize the administrative burden for these organizations, which is, as mentioned above, one of the main reasons, why companies hold a negative attitude to the most widespread certifications. The methodology identifies four main areas of information security management system in a company. It includes an audit which specifies the quality level of particular areas of information security in the organization. If any of the studied areas is found insufficiently protected, effecitve measures are offered to improve the situation. The ultimate solution is a condition of a system where all the key areas of information security management of the organization are at the appropriate level and the system can be considered balanced.
|
guest ::
