|
| |
|
|
Application of the act and subsequent regulation on cyber security at state administration´s offices
Pech, Jan ; Čermák, Igor (advisor) ; Jícha, Karel (referee)
The thesis is focused on the Czech act no. 181/2014 Sb., on cyber security and subsequent regulations, introduces origin and importance of act, defines the state administration´s office which identifies important information systems according to regulations, and subsequently thesis detailed analyses act and regulation on cyber security in relation to the defined state administration´s office. Keynote of this thesis is show the real application of identified obligations of the act and regulation to the defined state administration´s office, especially a design, implementation and management of organizational and technical security measures, including the evaluation of real impact on information security. To achieve the set goals author of this thesis uses the analysis of legislation, and draws own conclusions from author´s position of a security technologist who actively participated in the design security policy, and implementation and management of security tools. The benefit of this thesis is complex overview of the security employees work at defined state administration´s office, overview of the real fulfilment obligations of the act and regulation of cybernetic security, and ultimately this thesis brings ideas for further development of technical security tools. This thesis can brings benefit to other important information systems administrators as a set of processes, proposals and recommendation for their own information security management system. This thesis is structurally divided into four main parts. The first theoretical part introduces origin, importance and impact of the act on state and private organizations. The second analytical part analyses act and subsequent regulations in relation to the defined state administration´s office. The third practical part shows the real application of organizational and technical security measures. The fourth last part evaluates the real impact of measures on information security.
|
|
|
Options to ensure information security by defining a standard behavior of employees
Dvořák, Martin ; Říhová, Zora (advisor) ; Čapek, Jan (referee) ; Novák, Luděk (referee) ; Němec, Petr (referee)
Continually the number of transactions carried out electronically via the internet has grown, as well as the number of users of IT (information technology). In the same way are accruing transactions that may be at risk in terms of information security as well as an increasing number of security incidents threatening financial gain or thefts of sensitive information. Attackers carried out attacks in order to make financial gains using more sophisticated methods, sophisticated not only using information technology but also using social engineering techniques. This growing trend is known about by governments and measures are being taken to help increase the information security of the state. This is evidenced by the fact that the European Parliament recently approved the following Directive Directive of the European parliament and of the council concerning measures to ensure a high common level of network and information security across the Union and the ensuing law on cyber security (Act No. 181/2014 Coll.) adopted by the Parliament of the Czech Republic in the summer of 2014. This act orders organizations which are maintaining critical infrastructure to implement a system to evaluate cybersecurity events (user behavior). So far no unified approach to implement such systems has been defined. Author defines standardized methodology for implementation of systems which evaluate user behavior with focus on optimization of data which these systems have to process to ensure their efficient functionality.
|
|
|
CERT / CSIRT teams and cyber security
Rezníčková, Dominika ; Klíma, Tomáš (advisor) ; Veber, Jaromír (referee)
The main goal of this bachelor thesis is to provide brief description of contemporary situation in the field of cyber security and the role of national CERT team in it according to the newly adopted Law no. 181/2014 Coll., on Cyber Security and to make comparison of theoretical principles with their applying in praxis. Thesis is divided into two main parts. First one, a theoretical part, comprehends basic information on cyber security, cybercrime and security incidents and consequently focuses on roles of CERT / CSIRT teams in a perspective of security incidents and cyber security in general, reasons for a formation of the first CERT team and following development, its functions and responsibilities nowadays and finally the thesis presents possible opportunities of collaboration between CERT teams within international organisations and platforms. The second part of the thesis is practical and consists of content analysis of The Law on Cyber Security and its consequences and impacts. The main focus of the thesis is set up on explaining a role of a national team and its sphere of authority in the Czech Republic after the law has entered into force. To provide information about practical operation directly from the source, I will interview two cyber security specialists working in The National CSIRT Team of the Czech Republic called CSIRT.CZ, which is currently operated by the association CZ.NIC. Among other information, I will include a specific example of coordinating activity happened under the auspices of the team during the security incident. As a conclusion of this work is a summary of the achievements and benefits of work depending on the previous foreground and the comparison.
|
|
|
Adequate information security
Drtil, Jan ; Molnár, Zdeněk (advisor) ; Čapek, Jan (referee) ; Lukáš, Luděk (referee)
Abstract 1) Goal of the thesis There is an assumption that companies are nowadays spending money on IT Security not according to the importance of the information for the company. In order to prove it or not, this thesis is about to check it. In case that this is true, the aim of this thesis will be to find out the methodology that can be used to verify, whether money are spent effective and efficiently or not. 2) Aiming of the thesis From the content point of view the focus of this work is information security methodics. From the research point of view the research was conducted on medium and small organisations in automotive, mainly due to the fact that automotive industry is an important part of our national economy (approx. 8% of GDP). 3) Outcomes of the thesis From the theory point of view the definition of "adequacy" of the information security was set. Adequacy consists of two parts -- the value of information, and the importance of information. The way how to determine both value and importance was found as well. From the reality point of view there was a finding that researched organisations do not undergo any systematic approach in the information security, what can negatively impact the frequency and importance of security incidents in the organisations. One of the main results of the research is the fact that in case there is a need to make effective and efficient information security based on the support of the management of the company. Finally, the next result is creating and verification of the "Adequate information security methodology", which can be used by managers in order to increase effectiveness and efficiency of the sources spent on information security. There is an extension of this Methodology covering the individuality of the decision maker and circumstances that influence him.
|
guest ::
