|
|
Information security management of small business
Nguyen, Hoai Nam ; Tran,, Manh Hung (referee) ; Ondrák, Viktor (advisor)
The aim of this bachelor's thesis is to analyse the company's ISMS and to propose certain measures based on the found shortcomings. The introductory part of the thesis focuses on a summary of the theoretical foundations in the field of information security, with the key element being the set of standards ISO/IEC 27000. The analytical part describes the current state of ISMS in a specific company. In the practical part, appropriate measures are selected according to the result of the analysis.
|
|
| |
|
|
Web Application for Evaluation of Security Testing Tools
Moravec, Vojtěch ; Lieskovan, Tomáš (referee) ; Ilgner, Petr (advisor)
The bachelor thesis focuses on the design, development, and implementation of an intentionally vulnerable environment in the form of a web application. The resulting web application encompasses vulnerabilities across categories outlined in the OWASP Top 10 project, specifically following its 2021 version. Through this application, it is possible to assess and compare automated tools for penetration testing, as well as tools for static code security analysis. The thesis is divided into five chapters. In the introduction, the OWASP Foundation, which oversees the OWASP project, is described. The analysis of selected intentionally vulnerable web applications is then presented. Subsequent chapters delve into the design of the custom intentionally vulnerable web application, detailing the technologies used in its development and outlining all vulnerabilities present in the application. In the conclusion of the thesis, testing of the resulting vulnerable application is conducted using the aforementioned tools, and a summary of the achieved results is provided. Apart from the aforementioned testing and comparison of automated tools in the fields of penetration testing and static analysis, the application can also be utilized for educational purposes. This is primarily facilitated by the attached fixes and explanations, which accompany each vulnerability within the application.
|
|
|
Information System Assessment and Proposal of ICT Modification
Linner, Marek ; Novák, Lukáš (referee) ; Koch, Miloš (advisor)
The thesis focuses on assessing the information system of a selected company and proposes ways to improve its capabilities. The introductory theoretical part of the thesis presents issues related to information systems, user interfaces, and information security. In the following chapter, analyses of the current state of the information system are elaborated. The third chapter identifies issues and suggests solutions. The final chapter evaluates the proposals from an economic perspective.
|
|
|
Security testing of IPv6 family protocols and related vulnerabilities
Vopálka, Matěj ; Phan, Viet Anh (referee) ; Jeřábek, Jan (advisor)
This thesis discusses the Internet Protocol version 6 (IPv6), especially the secure deployment of the protocol. The thesis deals with the shortcomings of IPv4 protocol and reason of development of IPv6 protocol. It covers topics like IPv6 addressing, structure of frames, the initial types of IPv6 extension headers. Additionally, the thesis explores related protocols to IPv6, such as NDP, SLAAC, adn DHCPv6. The thesis provides an introduction to penetration testing, describes the basic types of hackers and gives a general overview of information security attacks. The practical part is devoted to the development of an application for automatic vulnerability testing of IPv6 networks Penvuhu6. The tool is developed in Python programming language using Scapy library. Penvuhu6 has been tested in an emulated network environment with the GNS3 program. Three test scenarios were developed for the tool focusing on testing the passage of repetitive and misaligned headers, overlapping fragments, and Router advertisement and DHCPv6 advertisement messages. Penvuhu6 was tested on an emulated RouterOS device with basic and restrictive configurations.
|
|
|
The Impacts of a Ransomware Attack: Risk Management and Implementation of the Minimal Security Standard
Syrovátková, Lucie ; Alena,, Rybáková (referee) ; Sedlák, Petr (advisor)
The aim of the thesis is to implement cyber security in a small company as a result of a suffered ransomware attack based on the requirements of the Minimal Security Standard, which is a support material for entities that are not regulated by the Cyber Security Act in the Czech Republic. The main goal is achieved through the three main parts into which the thesis is divided. The introductory part is a theoretical support for the remainder of the thesis and contains the main concepts and areas that are used in the thesis. The analytical part focuses on the description of a possible vector of a ransomware attack and its consequences. In the second part of the analytical chapter, the current situation of the company is assessed in comparison to the requirements of the Minimal Security Standard. The last part proposes specific security measures, creation of security policies adapted to the company's capabilities and an economic evaluation.
|
|
|
Mapping Cyber Security Measures: From Legislation to Technical Implementation
Hopp, Jiří ; MSc, Mezera Michal, (referee) ; Sedlák, Petr (advisor)
In my thesis, I focused on creating a systematic tool for mapping technical measures and mitigations to national legislative cybersecurity requirements. I conducted an analysis of the addressed issue, which revealed opportunities for developing the tool and revealed forthcoming changes in legislative requirements based on the EU directive NIS2. In the following part of the thesis, I described the design and development of the mentioned tool in the form of a table. The tool met the client's requirements and mapped relevant technical measures to individual points of the current and NIS2-derived legislative requirements. Based on consultations with the client, I determined that the objectives outlined in the thesis were successfully met and that the developed tool will be utilized in a real-world environment.
|
|
|
Building security awareness at the Faculty of Business and Management
Volfová, Jana ; Ondrák, Viktor (referee) ; Sedlák, Petr (advisor)
This diploma thesis is focused on Security Awareness Education at the Faculty of Business and Management. It consists of three main parts: theoretical, analytical and practical considerations. The theoretical part is the introduction to basic terms, processes and analysis to help understand the thesis. The analytical part includes an introduction to the chosen organization and the implementation of analysis, which were presented in the theoretical part. The practical part contains, among other things, the actual proposals for Security Awareness Education at the faculty and its benefits.
|
|
|
Information System Assessment and Proposal of ICT Modification
Závodný, Jiří ; Novák, Lukáš (referee) ; Koch, Miloš (advisor)
The bachelor thesis is focused on the analysis of the information system in XCR Svorada s.r.o. and a subsequent proposal for amendments. The first part is devoted to the theoretical background needed to understand the issue. Furthermore, the analysis of the company, its internal and external environment, the analysis of the information system used and in the last part of the proposal changes for improving, streamlining and simplifying the work with the information system.
|
|
| |
guest ::
