- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 41 to 50 of 54 (0.008 seconds)| 41 |
Informační bezpečnost v malém podniku / Information Security in Small BusinessPriesnitz, Pavel January 2014 (has links)
The aim of this master‘s thesis is the description of the information security implementation into a specific small business. The theoretical part of the paper summarizes the information of related standards and methods. The analytical part describes the process, information and ICT enviroment of a particular organization. The third part of this thesis focuses on a risk analysis and choosing and deployment the relevant controls and their objectives for ISMS implementation.
|
| 42 |
Zavedení ISMS v podniku / Implementation of ISMS in a CompanyPospíchal, Jindřich January 2016 (has links)
The master’s thesis is aimed at proposing an implementation of information security management system in a company. It covers basic theoretical background and concepts of information system security and describes standards of ČSN ISO/IEC 27000. Specific provisioning of ISMS is then proposed based on the theoretical background and analysis of current state.
|
| 43 |
Zavádění bezpečnostních opatření dle ISMS do malé společnosti / Small Company Security Measures Implementation According to ISMSKohoutek, Josef January 2016 (has links)
In my master´s thesis I focus on the design of information security management system for the company INNC s.r.o., which specializes in the design and implementation of computer networks. The thesis is divided into two parts. The first part provides theoretical knowledge of the issue. Second part is the analysis and proposal of security measures.
|
| 44 |
Modelo de referencia para la protección de datos personales en el sector microfinanciero peruano / Reference model for personal data protection in the Peruvian microfinance sectorAlejo Alarcón, Claudio Alfredo Aarón, Navarro Ruíz, Alan Jesús 30 November 2020 (has links)
La protección de datos personales consiste en resguardar la información de las personas en todo su ciclo de vida dentro de una entidad y emplearla únicamente para los fines por los cuales fueron proporcionados. Todas las empresas se convierten en titulares de bancos de datos personales al poseer información de sus clientes, colaboradores y/o proveedores, ya sea empleando tecnologías de información para su tratamiento, o documentos y almacenes físicos. La aplicación de las medidas de seguridad adecuadas para la protección de datos personales es de gran importancia en las organizaciones, en especial, en uno de los sectores de mayor crecimiento como es el microfinanciero. De lo contrario, pone en riesgo los derechos y libertades de las personas, además de recibir costosas sanciones económicas.
En la presente tesis, se propone un modelo de referencia que brinda un conjunto de medidas legales, organizativas y técnicas para proteger los datos personales custodiados por una entidad microfinanciera, garantizando su adecuado tratamiento a lo largo de su ciclo de vida. Estas medidas están basadas en la Ley 29733 y su reglamento, ISO 27001, COBIT 5, NIST 800-53 y CIS CSC.
El modelo de referencia fue implementado en una Cooperativa peruana de ahorro y créditos donde se recopiló información relacionada al tratamiento de datos personales, se evaluó el nivel de protección de datos personales y se implementó un plan de mejora. El resultado de la implementación fue un incremento del 57% en el nivel de protección de datos personales, alcanzando así un 74%. / The protection of personal data consists of safeguarding the information of people throughout its life cycle within an entity and using it only for the purposes for which it was provided. All companies become owners of personal data banks by having information on their clients, collaborators and / or suppliers, either by using information technologies for their treatment, or documents and physical warehouses. The application of adequate security measures for the protection of personal data is of great importance in organizations, especially in one of the fastest growing sectors such as microfinance. Otherwise, it puts the rights and freedoms of people at risk, in addition to receiving costly financial penalties.
In this thesis, a reference model is proposed that provides a set of legal, organizational and technical measures to protect the personal data kept by a microfinance entity, guaranteeing its adequate treatment throughout its life cycle. These measures are based on Law 29733 and its regulations, ISO 27001, COBIT 5, NIST 800-53 and CIS CSC.
The reference model was implemented in a Peruvian savings and loan cooperative where information related to the processing of personal data was collected, the level of protection of personal data was evaluated and an improvement plan was implemented. The result of the implementation was a 57% increase in the level of protection of personal data, thus reaching 74%. / Tesis
|
| 45 |
A simplified ISMS : Investigating how an ISMS for a smaller organization can be implementedAsp Sandin, Agnes January 2021 (has links)
Over the past year, cyber threats have been growing tremendously, which has led to an essential need to strengthen the organization's security. One way of strengthening security is to implement an information security management system (ISMS). Although an ISMS will help improve the information security work within the business, organizations struggle with its implementation, and significantly smaller organizations. That results in smaller organization's information being potentially less protected.This thesis investigates how an ISMS based on MSB can be simplified to make it suitable for a small organization to implement. This thesis aims to open for further research about how it can be simplified and if it has a value of doing it.The study is based on a qualitative approach where semi-structured interviews with experts were conducted. This thesis concludes that it is possible to simplify an ISMS based on MSB for a small organization by removing external analysis, information classification, information classification model, continuity management for information assets, and incident management. In addition, the study provides tips on what a small organization should think about before and during implementation.
|
| 46 |
Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectivenessFrangopoulos, Evangelos D. 31 March 2007 (has links)
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)
|
| 47 |
Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectivenessFrangopoulos, Evangelos D. 31 March 2007 (has links)
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)
|
| 48 |
Rozšířený model pro hodnocení opatření bezpečnosti informací / Extended model for the evaluation of information security controlsFischer, Radek January 2017 (has links)
Subject of the thesis is to create extended model for the evaluation of information security controls. Evaluation of security controls is one from many processes of risk management which is part of information security management system ISMS. Thesis contains the outline of issue of information security and introduce various publications of information security management. Two of these publications were chosen and are used in this thesis. It is ČSN ISO/IEC 27001:2014 and NIST 800_53. These two standards are used for creation of introduced model. Model itself is introduced in second part of the thesis. Model is connecting security controls from these two standards. If organization implements security controls from NIST 800_53, meet requirements defined in ČSN ISO/IEC 27001:2014; Apendix A. This model is also customized for evaluation of security controls and giving feedback to evaluator about state of implementation of security controls. This evaluation process is setup as evaluation of NIST 800_53 security controls and after that these data are recalculated into percentage value of implementation of security controls from Apendix A. Results of this process are most valuable for risk management, for planning an implementation of security controls and for improvement of already implemented.
|
| 49 |
Informační bezpečnost jako jeden z ukazatelů hodnocení výkonnosti v energetické společnosti / Information security as one of the performance indicators in energy companyKubík, Lukáš January 2017 (has links)
Master thesis is concerned with assessing the state of information security and its use as an indicator of corporate performance in energy company. Chapter analysis of the problem and current situation presents findings on the state of information security and implementation stage of ISMS. The practical part is focused on risk analysis and assessment the maturity level of processes, which are submitted as the basis for the proposed security measures and recommendations. There are also designed metrics to measure level of information security.
|
| 50 |
Systém pro podporu auditu managementu informační bezpečnosti / System for Audit Support of Information Security ManagementSoukop, Tomáš January 2012 (has links)
This master thesis describes creation of system for audit support of information security management. In the next chapters I will explain what is the information security, system of information security, audit system and what standards we have for this. Last but not least is described how to create a system for audit support. The whole design is created with usage of standards for quality management and information security management. System is oriented for web environment.
|
Page generated in 0.0771 seconds