|
|
Analysis and Design of Information System
Řezáč, Vojtěch ; Koch, Miloš (referee) ; Dydowicz, Petr (advisor)
The content of the thesis is analysis of information system in Poclain Hydraulics and proposal of changes for increasing the efficiency and security to in-house processes. The result will give well arranged access to data on the intranet, reduced internet usage and staff monitoring system that can increase security and productivity.
|
|
|
Security games "Capture The Flag"
Karabina, Lukáš ; Pospíšil, Ondřej (referee) ; Martinásek, Zdeněk (advisor)
Bachelor’s thesis is focused on providing general information about "capture the flag" security games. It deals with the basic categorization of this type of games, it also describes various categories for tasks that can be included within these games. The thesis analyzes selected available platforms for organizing "capture the flag" security games. At first the thesis deals with security games in general, then deals with basic categorization of tasks, that are often included in these games, then continues with the issue of selecting a suitable platform for the practical part of the thesis to support the courses dealing with cryptography and cyber sercurity. Finally, thesis discribes the individual tasks that were implemented in its practical part.
|
|
|
Security risks according to ISO 27001
Doubková, Veronika ; Oujezský, Václav (referee) ; Horváth, Tomáš (advisor)
This diploma thesis deals with the management of security information, according to ISO/IEC 27005 and it is implementation in the Verinice software environment. The risk information management process is applied to a critical infrastructure, that is connected to a optical fiber network. The work focuses on incidents aimed at threatening data from optical threats and active network elements in transmission systems. The result of the work is defined as a risk file in the .VNA format containing identified risks, for which appropriate measures are implemented in connection with the requirements of ISO/IEC 27001, for the protection of critical infrastructures and transmitted data in the transmission system.
|
|
| |
|
|
Web Application Penetration Testing Automation
Dušek, Daniel ; Polčák, Libor (referee) ; Pluskal, Jan (advisor)
Tato práce má dva cíle - navrhnout obecně aplikovatelný přístup k penetračnímu testování webových aplikací, který bude využívat pouze nedestruktivních interakcí, a dále pak implementovat nástroj, který se tímto postupem bude řídit. Navrhovaný přístup má tři fáze - v první fázi tester posbírá požadavky pro testovací sezení (včetně požadavků na nedestruktivnost) a připraví si nástroje a postupy, kterých při testování využije, následně začne s průzkumem. V druhé fázi využije dodatečných nástrojů pro zpracování informací z předchozí fáze a pro ověření a odhalení zranitelností. Ve třetí fázi jsou všechny informace překovány ve zprávu o penetračním testování. Implementovaný nástroj je postavený na modulech, které jsou schopny odhalení reflektovaného XSS, serverových miskonfigurací, skrytých adresních parametrů a skrytých zajímavých souborů. V porovnání s komerčním nástrojem Acunetix je implementovaný nástroj srovnatelný v detekci reflektovaného XSS a lepší v detekci skrytých zajímavých souborů. Práce také originálně představuje nástroj pro sledování postranního kanálu Pastebin.com s cílem detekce utíkajících informací.
|
|
|
Implementation of ISMS security countermeasures proposal for a company
Vyhňák, Petr ; Ondrák, Viktor (referee) ; Sedlák, Petr (advisor)
The master thesis deals with the proposal of introduction security countermeasures in accordance with the information security management system for the company. The theoretical part is defined in the first part of the thesis. The next part introduces the company, describes the current state of security and analysis security countermeasures with the help of supporting material. The last part includes the proposal to introduce new security countermeasures. The thesis includes risk analysis, design of selected security countermeasures including the implementation procedure with a time schedule and economic evaluation.
|
|
|
Statistical output of security audits
Hrubešová, Gabriela ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The subject of this diploma thesis is a statistical analysis of security audits. The theoretical part describes key terms in the field of cyber and information security, basic background for this area and important regulations. The next part focuses on the description of security audit, its course, necessary conditions and content. The last part is devoted to statistical analysis of obtained samples. We analyse samples from several points of view, compare and look for features and information that could be helpful to the auditor’s assessment.
|
|
|
Methodology of a security audit
Kroupová, Hana ; Hana,, Sobotková (referee) ; Sedlák, Petr (advisor)
The master‘s thesis is focused on security audit. The aim of this thesis is to create methodology, which might help with creating security audits and research current condition of cybernetic and information security in a business establishment. Theoretical part explains basic terms and concepts about cyber and information security. Own interpretation consist description of methodological areas of security audit.
|
|
|
Design of smart home control systém and security management
Valentová, Kateřina ; Kubek, Ján (referee) ; Sedlák, Petr (advisor)
This master's thesis is focused on design of smart home control system with focus onsecurity of system in terms of information, network and physical security. Design is based on the requirements of the house owner and his needs. In thesis is assembled risk analysis with security measures to the individual threats. Complete design of cable system is not a part of this work, thesis is particularly focused on questions about security of the entire intelligent system.
|
|
|
Design of a smart meter testing methodology focusing on invasive testing
Biolek, Martin ; Sikora, Marek (referee) ; Lieskovan, Tomáš (advisor)
Bachelor thesis is focused on investigating the security deficits of smart meters through penetration testing. The theoretical part describes the standards that should be followed by smart meter manufacturers. This is followed by the practical part where the testing of two smart meter systems was conducted in order to discover their vulnerabilities. The result of the work is the exposure of one of the two systems of interest that requires significant security improvements before deployment of another version. A description of the vulnerabilities is included in the practical part of the thesis.
|
guest ::
