Návrh metodiky pro příručku ISMS a opatření aplikované na vybrané oblasti / Proposal of Methodics for ISMS Guide and Measures Applied to Selected Areas

Nemec, Tomáš

January 2013

Content of this thesis is a methodology for creating ISMS Security Manual. Implementation of the proposal is supported by theoretical knowledge in the introductory part of this work. Practical process design methodology is conditional on the structure of the international standard ISO/IEC 27001:2005.

Informační bezpečnost v malém podniku / Information Security in Small Business

Priesnitz, Pavel

January 2014

The aim of this master‘s thesis is the description of the information security implementation into a specific small business. The theoretical part of the paper summarizes the information of related standards and methods. The analytical part describes the process, information and ICT enviroment of a particular organization. The third part of this thesis focuses on a risk analysis and choosing and deployment the relevant controls and their objectives for ISMS implementation.

Zavedení ISMS v podniku / Implementation of ISMS in a Company

Pospíchal, Jindřich

January 2016

The master’s thesis is aimed at proposing an implementation of information security management system in a company. It covers basic theoretical background and concepts of information system security and describes standards of ČSN ISO/IEC 27000. Specific provisioning of ISMS is then proposed based on the theoretical background and analysis of current state.

Zavádění bezpečnostních opatření dle ISMS do malé společnosti / Small Company Security Measures Implementation According to ISMS

Kohoutek, Josef

January 2016

In my master´s thesis I focus on the design of information security management system for the company INNC s.r.o., which specializes in the design and implementation of computer networks. The thesis is divided into two parts. The first part provides theoretical knowledge of the issue. Second part is the analysis and proposal of security measures.

A simplified ISMS : Investigating how an ISMS for a smaller organization can be implemented

Asp Sandin, Agnes

January 2021

Over the past year, cyber threats have been growing tremendously, which has led to an essential need to strengthen the organization's security. One way of strengthening security is to implement an information security management system (ISMS). Although an ISMS will help improve the information security work within the business, organizations struggle with its implementation, and significantly smaller organizations. That results in smaller organization's information being potentially less protected.This thesis investigates how an ISMS based on MSB can be simplified to make it suitable for a small organization to implement. This thesis aims to open for further research about how it can be simplified and if it has a value of doing it.The study is based on a qualitative approach where semi-structured interviews with experts were conducted. This thesis concludes that it is possible to simplify an ISMS based on MSB for a small organization by removing external analysis, information classification, information classification model, continuity management for information assets, and incident management. In addition, the study provides tips on what a small organization should think about before and during implementation.

Information security management system

ISMS

Information security

ISO/IEC 27001

Simplify

ISO/IEC 27000

MSB

Computer Sciences

Datavetenskap (datalogi)

Rozšířený model pro hodnocení opatření bezpečnosti informací / Extended model for the evaluation of information security controls

Fischer, Radek

January 2017

Subject of the thesis is to create extended model for the evaluation of information security controls. Evaluation of security controls is one from many processes of risk management which is part of information security management system ISMS. Thesis contains the outline of issue of information security and introduce various publications of information security management. Two of these publications were chosen and are used in this thesis. It is ČSN ISO/IEC 27001:2014 and NIST 800_53. These two standards are used for creation of introduced model. Model itself is introduced in second part of the thesis. Model is connecting security controls from these two standards. If organization implements security controls from NIST 800_53, meet requirements defined in ČSN ISO/IEC 27001:2014; Apendix A. This model is also customized for evaluation of security controls and giving feedback to evaluator about state of implementation of security controls. This evaluation process is setup as evaluation of NIST 800_53 security controls and after that these data are recalculated into percentage value of implementation of security controls from Apendix A. Results of this process are most valuable for risk management, for planning an implementation of security controls and for improvement of already implemented.

Informační bezpečnost jako jeden z ukazatelů hodnocení výkonnosti v energetické společnosti / Information security as one of the performance indicators in energy company

Kubík, Lukáš

January 2017

Master thesis is concerned with assessing the state of information security and its use as an indicator of corporate performance in energy company. Chapter analysis of the problem and current situation presents findings on the state of information security and implementation stage of ISMS. The practical part is focused on risk analysis and assessment the maturity level of processes, which are submitted as the basis for the proposed security measures and recommendations. There are also designed metrics to measure level of information security.

Systém pro podporu auditu managementu informační bezpečnosti / System for Audit Support of Information Security Management

Soukop, Tomáš

January 2012

This master thesis describes creation of system for audit support of information security management. In the next chapters I will explain what is the information security, system of information security, audit system and what standards we have for this. Last but not least is described how to create a system for audit support. The whole design is created with usage of standards for quality management and information security management. System is oriented for web environment.

Systémové řešení bezpečnosti informací v organizaci / Systematic Solution for Information Security in Organisation

Palička, Jan

January 2017

This diploma thesis deals with ISMS implementation in Netcope Technologies, a. s., which is involved in the production of network cards for high speed acceleration. This thesis is divided into two logical parts. In the first part the theoretical basis information is presented, including selected methods for implementing information security. In the second part, the analysis of the company and the proposed measures are presented.

Stanovení zásad systému managementu informatiky kompatibilního s ISO 9001:2008 pro malé IS/IT neintenzivní podniky / ISO 9001:2008 compatible IT Management System Specification for IS/IT Non-intensive Small Businesses

Lozan, Petr

January 2012

Information systems and technologies (IT) are ubiquitous and play a significant role in everyday life of people and enterprises. Even the smallest organisations need to be sure, that their information systems are working properly, appropriately support their operations, are cost-effective and comply with regulations and other requirements. The service-based management approach to management of enterprise IT is the most promoted and widely used. But what if this approach is not equally suitable for enterprises of all sizes? This thesis presents an alternative approach to IT management, directly built on requirements of well-known International Standard ISO 9001:2008. For many people who know and understand ISO 9001 and its requirements, it should be easier to use their knowledge about management of quality for managing of IT than learn and implement IT service management and -- probably -- try to find out how to scale service management down to the environment of limited resources which is typical for small businesses. Author describes ISO 9001 as universal management system model and investigates requirements of ISO 9001:2008 related to information technology. Then attention is aimed to existing International Standards for various aspects of IT governance and management. Text describes main content of ISO/IEC 38500 for IT Governance, ISO/IEC 20000 for service management, selected standards from ISO/IEC 27000 series for information security management and ISO/IEC 19770-1 for software asset management. Next chapter shows mainly approach of COBIT5 and COBIT solutions suitable for small businesses -- COBIT Quickstart and COBIT Security Baseline. Last part of text explains, how ISO 9001:2008 was used and adapted to create the main subject of this thesis -- ISO 9001:2008 compatible IT Management System Specification for IS/IT Non-intensive Small Businesses.