|
|
A Tool for Development of OVAL Definitions within OpenSCAP Project
Černý, Jan ; Rogalewicz, Adam (referee) ; Smrčka, Aleš (advisor)
This thesis deals with the SCAP standard, used in area of computer security, and describes its open source implementation OpenSCAP. The analysis focuses on OVAL, a language for determining vulnerabilities and configuration issues on computer systems. Typical problems of OVAL are discussed. Based on obtained findings, an extension of the OpenSCAP project for reporting and diagnostics of OVAL interpretation has been designed. The thesis describes implementation, integration and testing of proposed extension.
|
|
|
Statistical output of security audits
Hrubešová, Gabriela ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The subject of this diploma thesis is a statistical analysis of security audits. The theoretical part describes key terms in the field of cyber and information security, basic background for this area and important regulations. The next part focuses on the description of security audit, its course, necessary conditions and content. The last part is devoted to statistical analysis of obtained samples. We analyse samples from several points of view, compare and look for features and information that could be helpful to the auditor’s assessment.
|
|
|
Methodology of a security audit
Kroupová, Hana ; Hana,, Sobotková (referee) ; Sedlák, Petr (advisor)
The master‘s thesis is focused on security audit. The aim of this thesis is to create methodology, which might help with creating security audits and research current condition of cybernetic and information security in a business establishment. Theoretical part explains basic terms and concepts about cyber and information security. Own interpretation consist description of methodological areas of security audit.
|
|
|
Implementation of a tool for cyber security management
Strachová, Zuzana ; Josef,, Horáček (referee) ; Sedlák, Petr (advisor)
The thesis is focused on the implementation of a software tool to increase the effectiveness of cyber security management. The tool is implemented in a company preparing to be classified as a part of critical information infrastructure. Based on the customer's requirements, a suitable cyber security management tool is selected. Subsequently, I propose a methodology for implementing the tool, which I immediately apply. The output of the work is an implemented tool, risk analysis and security documentation required by law.
|
|
|
Automated Security Compliance Scanning of MS Windows Operating System Using OpenSCAP Project
Černý, Jan ; Barabas, Maroš (referee) ; Smrčka, Aleš (advisor)
This work deals with security compliance of computer systems, namely operating systems, applications and system services. Concept of security policies, their evaluation and their enforcement is described. Security compliance automation and the SCAP standard are presented. OpenSCAP project, which is used as an SCAP scanner, is described together with its tools and its usage. An idea to add support of Microsoft Windows within OpenSCAP, which was previously unsupported, is presented. The core part of the thesis is to identify necessary changes of OpenSCAP and to design an extension of this project. All these modifications are implemented. The solution is demonstrated on security policies for Windows. The solution is evaluated and further improvements are discussed.
|
|
|
Network Scanner for PowerShell
Sabota, Dominik ; Šeda, Pavel (referee) ; Martinásek, Zdeněk (advisor)
This study focuses on the development and implementation of a network scanning tool for the scripting language Powershell version 5.1 and higher. This tool, named Oculus, was specifically designed for the use of sophisticated network scanning methods during penetration testing and other security audits, thereby becoming part of the broader context of cybersecurity. Within the set requirements and limitations, the Oculus tool was successfully implemented. This work thoroughly analyzes the process of development and implementation of this tool, its limitations, and their impact on overall effectiveness, which is subsequently tested and evaluated. Although the development process brought certain challenges, the testing results confirmed that the Oculus tool provides valuable outputs, thereby confirming its usability in the matter of improving cybersecurity.
|
|
|
Mapping Cyber Security Measures: From Legislation to Technical Implementation
Hopp, Jiří ; MSc, Mezera Michal, (referee) ; Sedlák, Petr (advisor)
In my thesis, I focused on creating a systematic tool for mapping technical measures and mitigations to national legislative cybersecurity requirements. I conducted an analysis of the addressed issue, which revealed opportunities for developing the tool and revealed forthcoming changes in legislative requirements based on the EU directive NIS2. In the following part of the thesis, I described the design and development of the mentioned tool in the form of a table. The tool met the client's requirements and mapped relevant technical measures to individual points of the current and NIS2-derived legislative requirements. Based on consultations with the client, I determined that the objectives outlined in the thesis were successfully met and that the developed tool will be utilized in a real-world environment.
|
|
|
Applications for displaying risk analysis
Voskárová, Anna ; Jurek, Michael (referee) ; Martinásek, Zdeněk (advisor)
The diploma thesis deals with the information security risk assessment. The theoretical part of the thesis is devoted to the description of information security basics, existing standards in the area of information security, and also the current cybersecurity legislation applicable in Czech Republic. In the practical part, an own information security risk analysis methodology is first presented, which was then practically applied for the purpose of assessing information security risks in a company operating in the field of information and communication technologies, whose main activities are the development, production, installation and service of industrial controllers and information systems. Furthermore, for presentation of the results of the performed analysis, the design and implementation of web application takes place, which can be used as a useful tool that allows displaying and presenting the outputs of the risk analysis in a clear and illustrative way. The last part of this thesis includes the creation of a checklist for performing a cybersecurity audit and its subsequent implementation as a custom module into the existing Penterep platform, which creates an ideal tool for the needs of assessing the degree of fulfillment of individual security measures within the area of cybersecurity.
|
|
|
Implementation of a tool for cyber security management
Strachová, Zuzana ; Josef,, Horáček (referee) ; Sedlák, Petr (advisor)
The thesis is focused on the implementation of a software tool to increase the effectiveness of cyber security management. The tool is implemented in a company preparing to be classified as a part of critical information infrastructure. Based on the customer's requirements, a suitable cyber security management tool is selected. Subsequently, I propose a methodology for implementing the tool, which I immediately apply. The output of the work is an implemented tool, risk analysis and security documentation required by law.
|
|
|
Statistical output of security audits
Hrubešová, Gabriela ; Vlastimil,, Svoboda (referee) ; Sedlák, Petr (advisor)
The subject of this diploma thesis is a statistical analysis of security audits. The theoretical part describes key terms in the field of cyber and information security, basic background for this area and important regulations. The next part focuses on the description of security audit, its course, necessary conditions and content. The last part is devoted to statistical analysis of obtained samples. We analyse samples from several points of view, compare and look for features and information that could be helpful to the auditor’s assessment.
|
guest ::
